Skip to main content

Incident Response Plan

This page explains how EventLinx handles security incidents affecting systems, services, or personal information across the platform, including the documentation site and production environments.

A security incident includes anything that impacts the confidentiality, integrity, or availability of systems or data.

Under PIPEDA, if personal information is involved, we may be required to notify affected individuals and relevant authorities when there is a real risk of significant harm.

What counts as an incident

  • Unauthorized access or hacking
  • Accidental data exposure
  • Malware or ransomware
  • Lost or stolen devices
  • Service disruption affecting security or data integrity

Severity levels

LevelMeaning
LowMinor issue, no sensitive data affected
MediumLimited system impact or restricted data exposure
HighConfirmed breach or major security/privacy risk

How we notice problems

We detect incidents through:

  • System and security logs
  • Automated alerts and monitoring tools
  • Reports from staff or users
  • Infrastructure and hosting provider notifications
  • Regular security oversight and reviews

Response steps

Steps include:

  1. Identify – Confirm what happened and what is affected
  2. Contain – Limit access or isolate systems to prevent further impact
  3. Fix – Remove threats, patch issues, reset credentials if needed
  4. Recover – Restore systems and services safely
  5. Review – Document lessons learned and improve controls

Roles during an incident

  • IT / Administrators – Investigate, contain, and fix technical issues
  • Management – Approve major decisions and coordinate response
  • Privacy / Legal Contact – Ensure compliance with PIPEDA and breach rules
  • Communications – Manage internal and external messaging if required

A single lead coordinates the response, even if roles overlap in smaller teams.

If personal information is involved

If an incident involves personal data:

  • We assess whether there is a real risk of significant harm
  • Affected individuals may be notified
  • The Office of the Privacy Commissioner of Canada may be informed
  • Records of the incident and response are maintained

Logging and documentation

All incidents are recorded with:

  • What happened
  • Systems or data affected
  • Actions taken
  • Outcome and lessons learned

Access to incident details is restricted to those who need it.

Security during incidents

During an active incident:

  • Access may be restricted or revoked
  • Systems may be isolated for protection
  • Monitoring is increased
  • Backups may be used for recovery

Documentation website scope

If the incident only affects the documentation platform, the same process applies but scaled to the lower risk level compared to production systems.

Summary

Identify quickly. Contain the impact. Fix the cause. Recover safely. Learn and improve.