Roles and Responsibilities
This page explains who is responsible for security, privacy, and operational work at EventLinx. It applies to the Documentation Site and the wider systems that support it. The main goal is simple: every important task must have an owner, so nothing is left unclear or unmanaged.
It also supports PIPEDA accountability, meaning we must be able to show who is responsible for protecting personal information and how decisions are made when something goes wrong.
How issues move up
When an issue is detected, it first gets handled by technical staff. If it becomes more serious or affects multiple systems, it is passed up to management. If there is any privacy or legal impact, it is then escalated further for executive and compliance review.
Purpose
The purpose of this structure is to make sure responsibilities are clear and not duplicated or missed. It helps the organization respond properly to incidents, keep systems running, and protect personal information in line with PIPEDA requirements. It also ensures that security and privacy work is treated as an ongoing responsibility rather than a one-time task.
Scope
These responsibilities apply across EventLinx, including technical teams, documentation and content maintainers, management, and any external providers who support our systems. Anyone who interacts with systems or data is expected to follow the same basic rules for safety, privacy, and reporting issues.
Privacy and accountability (PIPEDA)
Under PIPEDA, EventLinx must make sure personal information is handled responsibly. In practice, this means people only use data for approved purposes, collect only what is needed, and apply reasonable safeguards to protect it.
If a privacy issue happens, it must be reported quickly so it can be assessed and handled properly. Transparency is also important, meaning users should be informed when required and have access to their own information where applicable.
Key roles and responsibilities
| Role | Responsibility |
|---|---|
| Project Sponsor / Management | Sets direction, approves priorities, and ensures compliance expectations are met |
| IT Manager / Project Manager | Oversees day-to-day delivery of security, recovery, and documentation work |
| System Administrator | Maintains systems, access control, backups, and restores services when needed |
| Security Analyst | Watches for threats, investigates alerts, and supports incident response |
| Privacy / Compliance Officer | Ensures PIPEDA compliance and handles privacy-related reporting obligations |
| Documentation & Content Team | Keeps documentation accurate and avoids exposing sensitive information |
| Employees / Users | Follow policies and report anything unusual or suspicious |
| Third-Party Providers | Deliver services securely and report issues that may affect EventLinx |
Incident and breach handling
When a security or privacy issue occurs, it is first reported to the appropriate technical or privacy contact. The team then works to contain the issue, understand its impact, and restore normal operations.
If the issue is serious, it is escalated so that management and compliance teams can decide on next steps. All actions taken are recorded so there is a clear history of what happened and how it was resolved. When required, external notifications may also be made under PIPEDA.
Authority levels
Responsibility for handling issues is split into three general levels. Technical teams handle immediate detection and fixing. Management coordinates response and ensures resources are available. Executive and legal teams become involved when there are high-impact incidents or regulatory concerns.
Accountability areas
| Area | Responsibility |
|---|---|
| Platform & Infrastructure | Keeping systems stable, secure, and properly managed |
| Privacy | Protecting personal information and following PIPEDA |
| Operations | Ensuring services stay available and recover from failures |
| Security | Monitoring systems, responding to threats, and maintaining protections |
| Documentation | Keeping content accurate, controlled, and up to date |
| Third Parties | Providing secure services and reporting relevant incidents |
Personal information handling
All personal information is handled with care. It is only collected when needed, used only for approved reasons, and protected using appropriate safeguards. It is not kept longer than necessary, and it is securely removed when it is no longer required.
Review cycle
This document is reviewed at least once a year, and also when there are major changes to systems, responsibilities, or privacy and security requirements.