Scientific method of incident investigation

• 31 March 2023
• IT support

I come from a science background (my degree was in environmental biology) and so I consider myself to have a fair understanding of the scientific method. I apply the techniques of the method to help resolve incidents.

First, I start by proposing a hypothesis. This is an educated explanation of the cause of the issue based on what I know of the application and it's infrastructure. The more I know about an application, the better my hypotheses. If I don't have enough knowledge to make my guess (for that's what it is), I'll start asking questions and doing research (i.e. looking through documentation).

The next step - and this is often the step that gets missed - is to test the hypothesis. It's really important to look for evidence to back up or rule out a hypothesis before acting upon it. Just like a scientific hypothesis the test needs to be repeatable. More often than not, the first hypotheses will be ruled out by testing them. You need to use your experience and judgment to decide whether to drop a hypothesis and try a completely new direction, or adjust the current hypothesis and test again.

If evidence is found in favour of the hypothesis then I now have a theory. The theory is the thing that I act on. This ensures the resulting fix is for the issue at hand rather than a wild stab in the dark that might even complicate matters.

• Previous: Reporting up
• Next: Leading at a time of change