Merge pull request #92709 from AedinC/OSDOCS-14468

[OSDOCS-14468]:Updated content for Incident Management in ROSA and OSD docs

Author: EricPonvelle

modules/policy-incident.adoc

@@ -5,28 +5,40 @@
 [id="policy-incident_{context}"]
 = Incident and operations management
 
-This documentation details the Red Hat responsibilities for the {product-title} managed service. 
+This documentation details the Red{nbsp}Hat responsibilities for the {product-title} managed service.
 The cloud provider is responsible for protecting the hardware infrastructure that runs the services offered by the cloud provider.
 The customer is responsible for incident and operations management of customer application data and any custom networking the customer has configured for the cluster network or virtual network.
 
 [id="platform-monitoring_{context}"]
 == Platform monitoring
-A Red Hat Site Reliability Engineer (SRE) maintains a centralized monitoring and alerting system for all {product-title} cluster components, SRE services, and underlying cloud provider accounts. Platform audit logs are securely forwarded to a centralized SIEM (Security Information and Event Monitoring) system, where they might trigger configured alerts to the SRE team and are also subject to manual review. Audit logs are retained in the SIEM for one year. Audit logs for a given cluster are not deleted at the time the cluster is deleted.
+A Red{nbsp}Hat Site Reliability Engineer (SRE) maintains a centralized monitoring and alerting system for all {product-title} cluster components, SRE services, and underlying cloud provider accounts. Platform audit logs are securely forwarded to a centralized SIEM (Security Information and Event Monitoring) system, where they might trigger configured alerts to the SRE team and are also subject to manual review. Audit logs are retained in the SIEM for one year. Audit logs for a given cluster are not deleted at the time the cluster is deleted.
 
 [id="incident-management_{context}"]
 == Incident management
-An incident is an event that results in a degradation or outage of one or more Red Hat services. An incident can be raised by a customer or Customer Experience and Engagement (CEE) member through a support case, directly by the centralized monitoring and alerting system, or directly by a member of the SRE team.
+An incident is an event that results in a degradation or outage of one or more Red{nbsp}Hat services.
+
+An incident can be raised by a customer or Customer Experience and Engagement (CEE) member through a support case, directly by the centralized monitoring and alerting system, or directly by a member of the SRE team.
 
 Depending on the impact on the service and customer, the incident is categorized in terms of link:https://access.redhat.com/support/offerings/production/sla[severity].
 
-The general workflow of how a new incident is managed by Red Hat:
+When managing a new incident, Red{nbsp}Hat uses the following general workflow:
 
 . An SRE first responder is alerted to a new incident, and begins an initial investigation.
 . After the initial investigation, the incident is assigned an incident lead, who coordinates the recovery efforts.
 . The incident lead manages all communication and coordination around recovery, including any relevant notifications or support case updates.
-. The incident is recovered.
-. The incident is documented and a root cause analysis is performed within 5 business days of the incident.
-. A root cause analysis (RCA) draft document is shared with the customer within 7 business days of the incident.
+. When the incident is resolved a brief summary of the incident and resolution are provided in the customer-initiated support ticket. This summary helps the customers understand the incident and its resolution in more detail.
+
+If customers require more information in addition to what is provided in the support ticket, they can request the following workflow:
+
+. The customer must make a request for the additional information within 5 business days of the incident resolution.
+. Depending on the severity of the incident, Red{nbsp}Hat may provide customers with a root cause summary, or a root cause analysis (RCA) in the support ticket. The additional information will be provided within 7 business days for root cause summary and 30 business days for root cause analysis from the incident resolution.
+
+Red{nbsp}Hat also assists with customer incidents raised through support cases.
+Red{nbsp}Hat can assist with activities including but not limited to:
+
+* Forensic gathering, including isolating virtual compute
+* Guiding compute image collection
+* Providing collected audit logs
 
 [id="backup-recovery_{context}"]
 == Backup and recovery

modules/rosa-policy-incident.adoc

@@ -102,22 +102,23 @@ Platform audit logs are securely forwarded to a centralized security information
 
 [id="rosa-policy-incident-management_{context}"]
 == Incident management
-An incident is an event that results in a degradation or outage of one or more Red{nbsp}Hat services, and can affect service-level agreements (SLAs).
+An incident is an event that results in a degradation or outage of one or more Red{nbsp}Hat services.
 
-Customers and Customer Experience and Engagement (CEE) members can raise an incident through a support case. The centralized monitoring and alerting system and members of the SRE team can also raise an incident directly.
+An incident can be raised by a customer or a Customer Experience and Engagement (CEE) member through a support case, directly by the centralized monitoring and alerting system, or directly by a member of the SRE team.
 
 Depending on the impact on the service and customer, the incident is categorized in terms of link:https://access.redhat.com/support/offerings/production/sla[severity].
 
-Red{nbsp}Hat either sends out cluster notifications to affected individual clusters or changes the status at link:https://status.redhat.com[status.redhat.com] to reflect a wider incident. Cluster notifications are not sent for low-impact events, low-risk security updates, routine operations and maintenance, or minor, transient issues that are quickly resolved by SRE.
-
 When managing a new incident, Red{nbsp}Hat uses the following general workflow:
 
 . An SRE first responder is alerted to a new incident and begins an initial investigation.
 . After the initial investigation, the incident is assigned an incident lead, who coordinates the recovery efforts.
-. An incident lead manages all communication and coordination around recovery, including any relevant notifications and support case updates. If the status of a service changes or if Red{nbsp}Hat has a significant update on the progress, then the incident lead sends out an updated cluster notification.
-. The incident is recovered.
-. The incident is documented and a root cause analysis (RCA) is performed within 5 business days of the incident.
-. An RCA draft document will be shared with the customer within 7 business days of the incident.
+. The incident lead manages all communication and coordination around recovery, including any relevant notifications and support case updates.
+. When the incident is resolved a brief summary of the incident and resolution are provided in the customer-initiated support ticket. This summary helps the customers understand the incident and its resolution in more detail.
+
+If customers require more information in addition to what is provided in the support ticket, they can request the following workflow:
+
+. The customer must make a request for the additional information within 5 business days of the incident resolution.
+. Depending on the severity of the incident, Red{nbsp}Hat may provide customers with a root cause summary, or a root cause analysis (RCA) in the support ticket. The additional information will be provided within 7 business days for root cause summary and 30 business days for root cause analysis from the incident resolution.
 
 Red{nbsp}Hat also assists with customer incidents raised through support cases.
 Red{nbsp}Hat can assist with activities including but not limited to: