The data would be a key factor here. Stopping the clock does work by the way :-) If the incidents in question were about to breach anyway and someone just got in with a Stop Clock, then the breach message will happen pretty much as soon as they do a Start Clock.
I'd paint the escalation points on an admin version of the window and let's look at the data.
Is this what you were looking for? Honestly I could never quite understand what I am looking at when i open these.
By the way, as far as i can tell, the ticket was put on hold the same day it was opened. And also, I may have made the modifications to Response Levels as shown above 'after' this incident was submitted so not sure if this ticket would be affected.
You could create a query/filter for these and display them on the admin window all at once as a tab at the bottom, but that is just cosmetic. Anyway ... you will need to make the Expiry Date Time attribute wider so you can see when date and time it expired, but you have a number of escalation points which have expired. What you will need to do is look at those and the escalation name they refer too as well as the audit trail of the process itself to see when these expired. If they expired and sent a message before it went with customer or very close to that, then you have an explanation.