DS-301h · Module 2

Alert Routing and Escalation

3 min read

The right alert to the wrong person is the same as no alert. Routing rules determine who receives each type of anomaly. Revenue anomalies route to the head of sales. Cost anomalies route to finance. Product usage anomalies route to the product team. The routing is based on the metric domain, not the severity. Severity determines the channel: critical anomalies go to pager/SMS, warning anomalies go to Slack, informational anomalies go to email digest. Escalation paths are defined for each severity tier: if a critical alert is not acknowledged within fifteen minutes, escalate to the next level. The routing and escalation framework ensures that every detection reaches a person who can act on it, through a channel appropriate to the urgency.

Do This

Route alerts by metric domain to the person who owns that domain
Use severity to determine the channel — pager for critical, Slack for warning, email for informational
Define escalation paths with specific timeframes — unacknowledged alerts escalate automatically

Avoid This

Send all alerts to a general channel — nobody owns a general alert
Use the same channel for all severities — critical alerts drown in informational noise
Rely on manual escalation — if the primary recipient is unavailable, automatic escalation fills the gap