Skip to main content

Escalation Policies

An escalation policy defines what happens when an incident is triggered and nobody responds — who gets paged, in what order, and after how long.

How Escalation Works

When an incident is created, On-Call starts the escalation clock:

  1. Step 1 fires immediately (if delay = 0) — notifications sent to all targets in Step 1
  2. If no acknowledgment within Step 1's delay window → Step 2 fires
  3. If no acknowledgment within Step 2's delay window → Step 3 fires
  4. If all steps complete without acknowledgment → policy repeats (if repeat count > 0)
  5. After all repeats exhaust → incident remains triggered, no further escalation

The escalation engine checks all triggered incidents every 60 seconds.

Escalation Policy Structure

Each policy has:

  • A name and optional description
  • One or more steps in ordered sequence
  • A repeat count — how many times to run through all steps if nobody acknowledges

Escalation Steps

FieldDescription
OrderStep sequence number (automatically managed)
Delay (minutes)Time to wait after the previous step before firing this step. Step 1 delay = time after incident creation.
TargetsWho to notify: one or more users, schedules, or teams
Notify MethodsChannels for this step: email, SMS, phone, push, Slack

Step Target Types

User — A specific named technician. Use for leads, managers, or specialists who should always be in the chain.

Schedule — The currently on-call user for a named schedule. Use this for Step 1 — it dynamically resolves to whoever is on duty at the time the incident fires.

Team — A team group. (Resolves to team members — use for broadcast notifications to a whole group.)

💡Best practice: Step 1 targets a schedule (current on-call), Step 2 targets a specific senior technician, Step 3 targets the manager. This ensures the right person is always first, with named fallbacks.

Creating an Escalation Policy

  1. Click Escalation Policies in the left sidebar.
  2. Click New Policy.
  3. Enter a name (e.g., Standard MSP Escalation).
  4. Add Step 1:
    • Target: your primary on-call schedule
    • Delay: 0 minutes
    • Methods: Email
  5. Add Step 2:
    • Target: your senior technician (user)
    • Delay: 15 minutes
    • Methods: Email
  6. Add Step 3:
    • Target: manager (user)
    • Delay: 30 minutes
    • Methods: Email
  7. Set Repeat Count: 2 (escalates through all steps twice before stopping)
  8. Click Save.

Sample Escalation Patterns

Small MSP (2–5 technicians)

StepTargetDelayMethods
1On-call schedule0 minEmail
2Backup technician (user)10 minEmail
3Owner (user)20 minEmail

Repeat: 1

Tiered MSP (10+ technicians)

StepTargetDelayMethods
1Tier 1 on-call schedule0 minEmail
2Tier 2 on-call schedule10 minEmail
3Service Desk Lead (user)20 minEmail
4VP of Service Delivery (user)30 minEmail

Repeat: 2

Critical Security Escalation (Defend integration)

StepTargetDelayMethods
1Security on-call schedule0 minEmail
2Security lead (user)5 minEmail
3CISO / Owner (user)10 minEmail

Repeat: 3

Editing an Escalation Policy

  1. Click the policy name in the Escalation Policies list.
  2. Click Edit.
  3. Add, remove, or reorder steps.
  4. Click Save.

Changes take effect for all new incidents. Active incidents continue with the policy version that was in effect when the incident was created.

Assigning a Policy to a Service

Escalation policies are assigned at the service level, not the schedule level. A single policy can serve multiple services.

  1. Go to Services.
  2. Open or create a service.
  3. Set the Escalation Policy field.
  4. Click Save.

All incidents triggered against that service will use the assigned policy.

Repeat Behavior

The repeat count controls how many times the full escalation chain reruns after exhausting all steps with no acknowledgment:

Repeat CountBehavior
0Policy runs once; no repeat after last step
1Policy runs a second time (total 2 cycles)
2Policy runs a third time (total 3 cycles)

After all repeat cycles complete, the incident remains in triggered state but no further notifications are sent. The on-call team must manually acknowledge or resolve it.

⚠️Setting repeat count too high on a large policy can result in technicians receiving dozens of notifications before an incident is seen. Start with repeat count 1–2 and adjust based on your team's response patterns.

Escalation Timeline

Every incident records a timeline of escalation events. To view:

  1. Open an incident from the Incidents list.
  2. Scroll to the Timeline section.

Each entry shows: timestamp, step number, targets notified, and notification methods used. This is useful for post-incident review and SLA auditing.