R = Responsible · A = Accountable · R/A = Responsible & Accountable · C = Consulted · I = Informed
| Leadership & Accountability | Execution | |||||||
|---|---|---|---|---|---|---|---|---|
| Activity | Director of Technology | Head of Product | Director of Data | Platform Engineer | Product Managers | Robosoft DevOps | Robosoft Engineering | Notes |
| CI/CD & Pipeline | ||||||||
| Pipeline architecture & standards | A | — | — | R/A | — | R | I | Platform Engineer defines standards; Robosoft DevOps implements |
| Pipeline build & maintenance | I | — | — | A | — | R/A | I | Robosoft DevOps owns day-to-day; Platform Engineer governs |
| Build failure response | — | — | — | C | — | R | R/A | Engineering fixes code failures; DevOps fixes pipeline failures |
| Branch protection & merge standards | A | — | — | R/A | — | R | C | Platform Engineer enforces in GitHub; no self-merging permitted |
| Deployment automation | I | — | — | A | — | R/A | I | All deployments automated — no manual deployment scripts |
| Pipeline security scanning (SonarQube, Snyk) | A | — | C | R/A | — | R | R | Platform Engineer accountable; Engineering remediates findings |
| Infrastructure as Code (Terraform) | ||||||||
| Foundational modules (VPC, IAM, networking) | A | — | — | R/A | — | C | — | Platform Engineer owns; high blast radius — not contractor-led |
| Application-layer Terraform | I | — | — | A | — | R/A | C | Robosoft DevOps implements; Platform Engineer approves all PRs |
| Terraform state management & backend | A | — | — | R/A | — | C | — | CAS owns Terraform state — must not be contractor-controlled |
| IaC security scanning (Checkov) | A | — | — | R/A | — | R | — | Runs in CI on all Terraform PRs; critical findings block merge |
| Module versioning & deprecation | A | — | — | R/A | — | C | — | Platform Engineer controls versioning; DevOps consulted on impact |
| IaC code review for new services | I | — | — | A | — | R/A | — | Platform Engineer reviews all foundational changes |
| AWS & Cloud | ||||||||
| AWS account ownership & structure | R/A | — | C | R | — | I | — | CAS owns all accounts — Robosoft has access, not ownership |
| Environment strategy (dev/test/stage/prod) | A | C | — | R/A | — | R | I | Platform Engineer defines; Robosoft DevOps implements |
| Network architecture (VPCs, subnets, peering) | A | — | — | R/A | — | C | — | Platform Engineer owns; high blast radius |
| Cost monitoring & billing oversight | A | I | — | R/A | — | R | — | Unexplained cost changes escalated immediately to Director of Technology |
| Reserved instances & savings plans | A | — | — | R | — | C | — | Director of Technology approves all spend commitments |
| DNS management | I | — | — | R/A | — | R | — | Platform Engineer approves all DNS changes |
| Patching policy & SLA definition | A | — | C | R/A | — | R | — | Critical: 24hr · High: 7 days · Medium: 30 days · Low: scheduled |
| Disaster recovery planning & RTO/RPO | A | C | C | R/A | — | R | — | Director of Technology sets RTO/RPO; Head of Product defines business tolerance |
| Capacity planning | A | C | — | R/A | — | R | — | Head of Product informs on growth expectations; Director of Technology approves budget |
| Observability & Monitoring | ||||||||
| Monitoring standards & alerting thresholds | A | C | — | R/A | — | R | — | Platform Engineer defines; Head of Product informs on business metrics |
| Datadog account & configuration | A | — | — | R/A | — | R | — | CAS owns Datadog account; Robosoft DevOps instruments applications |
| CloudWatch configuration | I | — | — | R/A | — | R | — | Platform Engineer owns; Robosoft DevOps implements |
| Product & business metric dashboards | I | A | — | R | R | R | — | Product Managers define what they need; Platform Engineer and DevOps build it |
| Log management & retention | A | — | R | R/A | — | R | — | Director of Data defines retention policy; Platform Engineer implements |
| Incidents & On-Call | ||||||||
| PagerDuty account & escalation policy | A | — | — | R/A | — | R | — | Currently broken — escalation policies need to be defined urgently |
| On-call rotation management | A | — | — | C | — | R/A | I | Robosoft DevOps runs rotation; Director of Technology accountable for coverage |
| Incident response — infrastructure | A | I | I | R/A | — | R | — | Platform Engineer escalation for infrastructure-level incidents |
| Incident response — application | I | I | — | C | — | R/A | R | Robosoft DevOps and Engineering co-respond on application issues |
| Incident response — data breach | A | I | R/A | R | — | R | I | Director of Data owns regulatory notification; Director of Technology accountable |
| Post-incident reviews (post-mortems) | A | I | C | R | — | R/A | R | Blameless; output is Jira tickets back into planning; documented in Confluence |
| SLO / SLA definition | A | R | — | R | R | C | C | Product defines business requirements; Director of Technology approves; Platform Engineer implements |
| Access & Identity | ||||||||
| IAM Identity Center administration | A | — | — | R/A | — | I | — | Migration from IAM users in progress — 1/3 complete |
| Access provisioning for Robosoft | A | C | — | R/A | — | I | I | Robosoft Engineering has no Production access; DevOps has scoped time-limited access |
| Contractor offboarding & access revocation | A | C | C | R/A | — | I | I | Active gap — offboarding process being defined; covers all systems |
| Quarterly access reviews | A | — | R | R/A | — | I | I | All systems audited quarterly; inactive accounts deprovisioned within 24 hours |
| Tool account ownership | A | — | — | R/A | — | I | — | All tool accounts owned by CAS — Robosoft has user access only |
| Jira & Confluence administration | A | C | — | R/A | — | I | I | ~80 active Robosoft users; permissions scoped by project |
| GitHub organization administration | A | — | — | R/A | — | R | C | CAS owns GitHub org — Robosoft has contributor access only |
| Password policy & key rotation | A | — | — | R/A | — | I | I | New policy established; key rotation requested — ongoing enforcement |
| Delivery & Release | ||||||||
| Feature roadmap & prioritization | I | R/A | — | — | R | I | I | Product owns entirely — IT informed |
| Platform roadmap | R/A | C | C | R | — | C | I | Separate from feature roadmap — Director of Technology accountable |
| Sprint planning & backlog grooming | I | A | — | — | R/A | R | R | Product Managers lead; Robosoft estimates and commits |
| QA sign-off before staging promotion | I | A | C | I | R/A | I | R | Product Managers sign off; Director of Data for sensitive features |
| Production deployment approval | A | R | C | R | R | R | — | Requires IT + Product go/no-go; Compliance for sensitive features; no manual prod changes |
| Deployment window scheduling | A | R | — | R | R | R | I | Pre-agreed windows — not ad hoc; no Friday afternoon deployments |
| Rollback planning | A | I | — | R | I | R/A | C | Rollback plan required before every production deployment |
| Release communication to stakeholders | I | A | — | — | R/A | I | — | Product owns all external and stakeholder communication |
| Technical debt identification & flagging | I | A | — | C | R | R | R/A | Engineering identifies; Product prioritizes; Platform Engineer consulted on infra debt |
| App Stores & Developer Portals | ||||||||
| App Store & Play Store account ownership | R/A | I | — | R | — | — | — | CAS owns all accounts — Apple ID and Google account must be CAS-controlled |
| Developer program membership & renewal | A | I | — | R/A | — | — | — | Platform Engineer tracks renewal dates; lapses block ability to ship |
| App signing certificates & provisioning profiles | A | — | — | R/A | — | R | C | Platform Engineer manages certificates; expiry blocks releases |
| App submission & release management | I | A | — | C | R/A | R | R | Product Managers submit; Robosoft Engineering builds the release |
| App Store review coordination & rejections | I | A | — | C | R/A | — | R | Product Managers handle App Store communication; Engineering resolves technical rejections |
| App Store admin access & credentials | A | I | — | R/A | R | — | — | IT holds admin; Product Managers have manager-level access for submissions |
| Data & Compliance | ||||||||
| Data privacy policy (GDPR, CCPA) | A | I | R/A | I | I | I | I | Director of Data owns; Director of Technology accountable |
| PII inventory & data mapping | I | C | R/A | C | C | C | C | Director of Data leads; all teams consulted to identify data flows |
| Vendor data processing agreements (DPAs) | A | C | R/A | C | — | — | — | All vendors touching user data require a DPA — status currently unknown |
| AI tool data policy (ChatGPT, OpenAI) | A | I | R/A | R | I | I | I | Active risk — policy must be defined before sensitive data reaches AI tools |
| Pre-launch compliance review | I | R | R/A | C | R | I | I | Required at planning stage — not post-build; Head of Product coordinates |
| Data retention & deletion policy | A | I | R/A | R | — | C | — | Director of Data defines; Platform Engineer implements technically |
| Breach notification & regulatory reporting | A | I | R/A | R | — | I | — | Director of Data owns regulatory process; Director of Technology accountable |
| Survey & research data governance | I | C | R/A | — | R | — | — | SurveySparrow replacing Alchemer — historical data export required before closure |
| Donation page & payment compliance | A | R | R/A | R | R | C | C | Active risk — PCI implications; all three directors involved |
| Vendors & Tools | ||||||||
| New vendor evaluation & approval | A | R | R | R | C | I | I | Product leads capability decision; IT approves infra fit; Compliance approves data handling |
| Vendor contract & billing ownership | R/A | I | — | R | — | — | — | All contracts owned by CAS — not contractor-managed |
| Tool licensing & user management | A | — | — | R/A | — | I | I | Platform Engineer administers all tool accounts |
| Robosoft engagement — Engineering | I | R/A | — | — | R | — | — | Head of Product manages the Robosoft Engineering relationship |
| Robosoft engagement — DevOps | R/A | I | — | R | — | — | — | Director of Technology manages the Robosoft DevOps relationship |
| Change Management | ||||||||
| Production change approval process | A | R | C | R/A | R | R | I | All production changes require IT + Product approval; no exceptions |
| Production change freeze periods | R/A | C | — | R | — | I | I | Director of Technology decides; all teams consulted |
| No manual production changes policy | R/A | I | — | R | I | I | I | Non-negotiable — all changes travel the pipeline; hotfixes use accelerated pipeline |
| Architecture decision records (ADRs) | A | C | C | R/A | — | R | R | Significant architecture decisions documented in Confluence |
| Documentation & runbooks | A | R | R | R | R | R | R | All teams document their own domain in Confluence — if it isn't documented it doesn't exist |