MozillaWiki

Websites/Kick-Off Form/Requirements: Difference between revisions

Page Discussion

Websites/Kick-Off Form/Requirements (view source)

Revision as of 02:31, 15 August 2012

69 bytes added ,  15 August 2012
no edit summary
No edit summary
No edit summary
Line 1: Line 1:
{{draft}}
{{draft}}  


== Step 1: Basic Info  ==
== Step 1: Basic Info  ==
Line 184: Line 184:
Other requirements to consider:  
Other requirements to consider:  


If a legal bug is required should we ensure that all filed bugs are restricted access bugs? Or, should we ensure that the vendor information is not copied into any of the non-secured bugs (e.g. only the legal bug has that data)?
If a legal bug is required should we ensure that all filed bugs are restricted access bugs? Or, should we ensure that the vendor information is not copied into any of the non-secured bugs (e.g. only the legal bug has that data)?  


== Step 2: Generating Bugs ==
=== Questions ===


Additional bugs will need to be generated based on the following criteria. Addtional information will need to be collected for each additional bug that is required.
* how should we handle file attachements?
*


{| class="wikitable" style="text-align: center"
== Step 2: Generating Bugs  ==
!
 
! Data Safety
Additional bugs will need to be generated based on the following criteria. Addtional information will need to be collected for each additional bug that is required.
! Legal
 
! Privacy Policy
{| style="text-align: center" class="wikitable"
! Privacy Tech
|-
! Security
!  
! Data Safety  
! Legal  
! Privacy Policy  
! Privacy Tech  
! Security  
! Finance
! Finance
|-
|-
| Interacts with Mozilla data
| Interacts with Mozilla data  
| X
| X  
| X
| X  
| X
| X  
| X
| X  
| X
| X  
|  
|  
|-
|-
| Hosted not by Mozilla or in the cloud
| Hosted not by Mozilla or in the cloud  
| X
| X  
|  
|  
|  
|  
| X
| X  
|  
|  
|  
|  
|-
|-
| New product (see #11)
| New product (see #11)  
|  
|  
| X
| X  
| X
| X  
|  
|  
|  
|  
|  
|  
|-
|-
| Relationship with 3rd Party? (see #12)
| Relationship with 3rd Party? (see #12)  
|  
|  
| X
| X  
|  
|  
|  
|  
Line 231: Line 237:
|  
|  
|-
|-
| 3rd party has access to data? (see #12)
| 3rd party has access to data? (see #12)  
|  
|  
|  
|  
| X
| X  
|  
|  
| X
| X  
|  
|  
|-
|-
| 3rd party costs > $25k?
| 3rd party costs > $25k?  
|  
|  
|  
|  
Line 247: Line 253:
| X
| X
|}
|}
=== Security - Michael ===
* File Bug as: whoever filed out the intake form
* Title:  Security Review for {project name}
* Product: mozilla.org
* Component: Security Assurance: Review Request
* Security Flags: Confidential Mozilla Corporation Bug
* Whiteboard Tags (if any)
* Keywords (if any): sec-review-needed
* Data to add within comment 0:
* All intake questions and answers
* Data to add within comment 1: (please add all of the following)
**  Additional questions to be completed by the requester:
**  Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
**  Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
**  If you feel something is missing here or you would like to  provide other kind of feedback, feel free to do so here (no limits on  size):


=== Privacy (Technical) - Michael ===
=== Security - Michael  ===
* Title: Complete Privacy-Technical Review for {project name}
 
* Product: mozilla.org
*File Bug as: whoever filed out the intake form
* Component: Security Assurance: Review Request
*Title: Security Review for {project name}
* Security Flags: Confidential Mozilla Corporation Bug
*Product: mozilla.org
* Whiteboard Tags (if any):  
*Component: Security Assurance: Review Request
* Keywords (if any): privacy-review-needed
*Security Flags: Confidential Mozilla Corporation Bug
* Data to add within comment 0:
*Whiteboard Tags (if any)
* All intake questions and answers  
*Keywords (if any): sec-review-needed
*Data to add within comment 0:
*All intake questions and answers
*Data to add within comment 1: (please add all of the following)
**Additional questions to be completed by the requester:
**Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
**Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
**If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
 
=== Privacy (Technical) - Michael ===
 
*Title: Complete Privacy-Technical Review for {project name}  
*Product: mozilla.org  
*Component: Security Assurance: Review Request  
*Security Flags: Confidential Mozilla Corporation Bug  
*Whiteboard Tags (if any):  
*Keywords (if any): privacy-review-needed  
*Data to add within comment 0:  
*All intake questions and answers
 
=== Privacy (Policy) - Alina  ===
 
[** Need to check with my team about whether the Privacy Policy review bugs should be default "Public"]
 
*Title: Complete Privacy-Policy Review for {project name}
*Product: Privacy
*Component: Privacy Review
*Security Flags: Privacy Bug
*Whiteboard Tags (if any):
*Keywords (if any):
*Data to add within comment 0:
*All intake questions and answers
*Data to add within comment 0 or 1: (please add all of the following)
*Additional questions to be completed by the requester:
**Do you currently have a privacy policy for your project / site / product?
***If YES --> Provide link to policy
***If NO --> (Privacy Policy review / discusssion needed)
**Does / Will your product/service/project collect, use or maintain any user data?
*** If YES --> Provide link to Data Safety bug:
***If NO --> (Data Safety review not needed)
*For reference, please provide link to related Legal bug:
 
=== Privacy (Policy) - Stacy  ===
 
[I added the new Privacy Component below - this will need Stacy's input]
 
*Title: Complete Privacy / Vendor Review for {project name}
*Product: Privacy
*Component: Vendor Review
*Security Flags: Privacy Bug
*Whiteboard Tags (if any):
*Keywords (if any):
*Data to add within comment 0:
*All intake questions and answers
*Data to add within comment 0 or 1: (please add all of the following)
*Additional questions to be completed by the requester:
*Will the vendor have access to Mozilla (customer, contributor, user, employee) data?
**If Yes, please provide link to vendor's privacy policy.
**If Yes, has vendor completed Mozilla Vendor Privacy Questionnaire?
 
=== Legal - Liz  ===
 
*Title: Complete Legal Review for {project name}
*Product: Legal
*Component: Boot to Gecko or Marketplace or Persona or Other Product or NDA or Distribution/Bundling or Search or Vendor/Services
*Security Flags: none - whatever is normally assigned to legal bugs
*Whiteboard Tags (if any): none
*Keywords (if any): none
*Data to add within comment 0:
*All intake questions and answers
*Data to add within comment 0 or 1:
**Goal (company goal request maps to) - free form [This won't be needed if it will be requested during the initial intake]
**Priority to your team - drop down with the choices Low, Medium, High
**Timeframe for completion - drop down with the choices 2 days, a week, 2-4 weeks, this will take a while but please get started soon, no rush
**CCs - free form
**Name of other party - free form [This won't be needed if it will be requested during the initial intake]
**Business objective - free form
*URL - free form [This won't be needed if it will be requested during the initial intake]
**Description (Describe your project in more detail and/or provide any relevant deal terms. Also provide context and background.)
**SOW details [Only if the component is Vendor/Services]
 
=== Finance - Winnie  ===


=== Privacy (Policy) - Alina ===
*Title: Complete Finance Review for {project name}  
[** Need to check with my team about whether the Privacy Policy review bugs should be default "Public"]
*Product: Finance
* Title: Complete Privacy-Policy Review for {project name}
*Component: Purchase Request Form
* Product: Privacy
*Security Flags: Finance Group
* Component: Privacy Review
*Whiteboard Tags (if any):  
* Security Flags: Privacy Bug
*Keywords (if any):  
* Whiteboard Tags (if any):  
*Data to add within comment 0:  
* Keywords (if any):  
*All intake questions and answers  
* Data to add within comment 0:
*Data to add within comment 1: (please add all of the following)  
* All intake questions and answers  
*Additional questions to be completed by the requester:  
* Data to add within comment 0 or 1: (please add all of the following)
**What is this purchase for?:
* Additional questions to be completed by the requester:
**Why is this purchase needed?:
** Do you currently have a privacy policy for your project / site / product?  
**What is the risk if this is not purchased?:
***  If YES --> Provide link to policy
**What is the alternative?:  
***  If NO --> (Privacy Policy review / discusssion needed)
**Total Cost:
** Does / Will your product/service/project collect, use or maintain any user data?  
** * If YES --> Provide link to Data Safety bug:  
***  If NO --> (Data Safety review not needed)
* For reference, please provide link to related Legal bug:


=== Privacy (Policy) - Stacy ===
=== Data Safety - Alina  ===
[I added the new Privacy Component below - this will need Stacy's input]
* Title: Complete Privacy / Vendor Review for {project name}
* Product: Privacy
* Component: Vendor Review
* Security Flags: Privacy Bug
* Whiteboard Tags (if any):
* Keywords (if any):
* Data to add within comment 0:
* All intake questions and answers
* Data to add within comment 0 or 1:  (please add all of the following)
*  Additional questions to be completed by the requester:
* Will the vendor have access to Mozilla (customer, contributor, user, employee) data?
** If Yes, please provide link to vendor's privacy policy.
** If Yes, has vendor completed Mozilla Vendor Privacy Questionnaire?


=== Legal - Liz ===
*Title: Complete Data Safety Review for {project name}  
* Title: Complete Legal Review for {project name}
*Product: Data Safety
* Product: Legal
*Component: General
* Component: Boot to Gecko or Marketplace or Persona or Other Product or NDA or Distribution/Bundling or Search or Vendor/Services
*Security Flags:  
* Security Flags: none - whatever is normally assigned to legal bugs
*Whiteboard Tags (if any):  
* Whiteboard Tags (if any): none
*Keywords (if any):  
* Keywords (if any): none
*Data to add within comment 0:  
* Data to add within comment 0:
*All intake questions and answers  
* All intake questions and answers  
*Data to add within comment 0 or 1: (please add all of the following)
* Data to add within comment 0 or 1:
*Additional questions to be completed by the requester:
**  Goal (company goal request maps to) - free form [This won't be needed if it will be requested during the initial intake]
**  Priority to your team -  drop down with the choices Low, Medium, High
**  Timeframe for completion - drop down with the choices 2 days, a week, 2-4 weeks, this will take a while but please get started soon, no rush
**  CCs - free form
**  Name  of other party - free form [This won't be needed if it will be requested during the initial intake]
**  Business objective - free form
* URL - free  form [This won't be needed if it will be requested during the initial intake]
**  Description (Describe your project in more detail and/or provide any relevant deal terms. Also provide context and background.)
**  SOW details [Only if the component is Vendor/Services]


=== Finance - Winnie ===
About your data
* Title: Complete Finance Review for {project name}
* Product: Finance
* Component: Purchase Request Form
* Security Flags: Finance Group     
* Whiteboard Tags (if any):
* Keywords (if any):
* Data to add within comment 0:
* All intake questions and answers
* Data to add within comment 1: (please add all of the following)
* Additional questions to be completed by the requester:
**  What is this purchase for?:
**  Why is this purchase needed?:
**  What is the risk if this is not purchased?:
**  What is the alternative?:
**  Total Cost:


=== Data Safety - Alina ===
**Does your project collect data from users? [Yes / No]  
* Title: Complete Data Safety Review for {project name}
***If YES --> How many users are currently involved? How many users do you anticipate to be involved?  
* Product: Data Safety
***If NO --> Stop. No Data Safety bug should be filed.  
* Component: General
**Please provide examples of the types of user data you collect:  
* Security Flags:
**Why do you need to collect user data?:  
* Whiteboard Tags (if any):
**What community benefits are derived from the collection of user data for your project?:  
* Keywords (if any):
**How is the data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) (Consider that you may be collecting data unintentionally such as automatic logging by web servers)  
* Data to add within comment 0:
**Will your project / team members need to retain user data? [Yes / No]  
* All intake questions and answers
***If YES --> For how long?:  
* Data to add within comment 0 or 1:  (please add all of the following)
**Will any user data be shared or accessed by third party partners, customers or providers? [Yes / No]  
* Additional questions to be completed by the requester:
***If YES --> Please provide answers to the following:  
About your data
** Does your project collect data from users? [Yes / No]
*** If YES --How many users are currently involved? How many users do you anticipate to be involved?
*** If NO --> Stop. No Data Safety bug should be filed.  
** Please provide examples of the types of user data you collect:  
** Why do you need to collect user data?:
** What community benefits are derived from the collection of user data for your project?:  
** How is the data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) (Consider that you may be collecting data unintentionally such as automatic logging by web servers)  
** Will your project / team members need to retain user data? [Yes / No]
*** If YES --> For how long?:
** Will any user data be shared or accessed by third party partners, customers or providers?   [Yes / No]
*** If YES --> Please provide answers to the following:  
**What is the data being shared or accessed?  
**What is the data being shared or accessed?  
**How would the data be communicated / transferred to the third parties?  
**How would the data be communicated / transferred to the third parties?  
**Who are the third party vendors and in what countries are they based?  
**Who are the third party vendors and in what countries are they based?  
**Community Visibility and Input
**Community Visibility and Input  
**Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data? [Yes / No]
**Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data? [Yes / No]  
***If YES --> What communication channels are you using and what kind of input have you received thus far?:  
***If YES --> What communication channels are you using and what kind of input have you received thus far?:  
*** If NO --> Data Safety discussion needed. Provide your plan for publicly sharing your proposal.
***If NO --> Data Safety discussion needed. Provide your plan for publicly sharing your proposal.
Ckoehler
canmove, Confirmed users, Bureaucrats and Sysops emeriti
3,698

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/461124"