CRA Roles and Security Contacts

This document defines the roles and contacts responsible for CRA compliance and security vulnerability management for Lighthouse.

Manufacturer Information

Field	Value
Legal Entity	LetPeopleWork GmbH
Address	Switzerland (registered office)
Website	https://letpeople.work
Product	Lighthouse
Product Website	https://letpeople.work/lighthouse

Security Contacts

Vulnerability Reporting (Public)

Channel	Contact
Email	security@letpeople.work
Expected Response	Acknowledgement within 5 business days

PSIRT (Product Security Incident Response Team)

Role	Name	Email
PSIRT Contact (Main)	Benjamin Huser-Berta	benjamin@letpeople.work
PSIRT Contact (Backup)	Peter Zylka-Greger	peter@letpeople.work

CRA Compliance Roles

Role	Assignee	Responsibilities
CRA Compliance Owner	Benjamin Huser-Berta	Overall CRA conformance, Declaration of Conformity signatory, audit liaison
PSIRT Contact	Benjamin Huser-Berta	Vulnerability intake, triage, disclosure coordination
PSIRT Backup	Peter Zylka-Greger	Backup for all PSIRT functions when primary is unavailable
Engineering Representative	Benjamin Huser-Berta, Peter Zylka-Greger	Technical implementation of security controls, fixes, and SBOM generation

Escalation Path

Vulnerability reports → PSIRT Contact (Main) → PSIRT Contact (Backup)
Compliance questions → CRA Compliance Owner
Technical security issues → Engineering Representative

Contact Availability

LetPeopleWork GmbH is a small company (2 persons) with limited capacity. Response times are best-effort targets; see Security Update Policy for details.

Document Version: 1.0
Last Updated: 2025-12-30
Next Review: 2026-12-30