Websites/Kick-Off Form/Requirements

From MozillaWiki
Jump to navigation Jump to search
Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.

Step 1: Basic Info

The first part of the intake form will ask for common data as well ask questions to determine which additional bugs should be filed.

# Question Type Required? Default Data Notes
1 Short name for project Text
 Yes
 n/a
 Should have a character limit since it'll be used in the Bugzilla bug summaries.
2 Who are the points of contact for this review? Text Yes n/a
3 Please provide a short description of the feature / application / project / business relationship (e.g. problem solved, use cases, etc.): Textarea Yes n/a
4 Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description. Textarea
 Yes

5 Please attach relevant documents (contract, RFP, creative brief, SOW/work order, proposal, mocks, flows, etc) TBD
 No
 n/a
 Need to figure out the best way to do this. Can we accept file uploads in a temporary location and then post to created bug?
6 What is the urgency of this project? TBD

How do we want to define this? P1, P2, etc.?
7 Does it support a current goal (if so, which one)? TBD

Drop-down of goals? Or text area?
8 What are your key release / launch dates? Text
 No
 n/a
9 What is the current state of your project?


Need example of input, or a list of values.
10 Does this product/service/project access or interact with Mozilla (customer, contributor, user, employee) data?

  • Yes
  • No
 If YES: trigger Data Safety, Legal, Privacy Policy, Privacy Technical, Security
11 What architecture does / will your product/service/project utilize? Check boxes?
 Yes
  • Client-side
  • End-to-End Encryption
  • Hosted/Cloud (Mozilla and/or contracted hosting provider)
 If HOSTED / CLOUD: Trigger Data Safety, Privacy Technical
12 Is this a new Mozilla product/service/project or an update or new feature of a Mozilla product/serviceproject? Radio
 Yes
  • Yes
  • No

If YES:

  • Trigger Legal Review, Privacy Policy
  • Prompt for additional questions (12a-c)

Question: What's an example of when the answer to this question would be 'no'?

12a Is this a new product/service/project? Radio
 Yes
  • Yes
  • No
 If YES: Open Legal::Other Product bug
12b If this is a new feature or update, what is the affected product/service/project? Text
 No
 n/a, unless we can get a list of products from Bugzilla
 If YES: Open Legal bug in the relevant component (Boot to Gecko, Marketplace, Persona or Other Product for anything else).
12c What Mozilla products/services/projects does this product/service/project integrate with or relate to? Text
 No
 n/a
13 Does this project involve a relationship with another party (such as a third party vendor, hosted service provider, consultant or strategic partner (business deals)). This includes NDAs, click to accept, API agreements, open source licenses, renewals, additional services or goods, and any other agreements. ? [yes / no] Radio
 Yes
  • Yes
  • No

If YES:

  • trigger Legal Review
  • prompt with additional questions (13a-c)
13a Will the other party have access to Mozilla (customer, contributor, user, employee) data? (If this is for an NDA, choose no) [yes / no]


If YES: Trigger Privacy Policy/Vendor, Security.
13b What is the url for their privacy policy?
 Text
 No
 n/a
13c What is the anticipated cost of the vendor relationship? [Would it be better to have 3 options here, N/A, $25,000 or less and Over $25,000, and if Over $25,000 selected, a Finance bug is triggered?] Radio
 Yes
  • n/a
  • <= $25,000
  • > $25,000
 If > $25,000: Trigger Finance bug.


Legal Note: For negotiated deals (NDAs, vendors, consultants, and partners for example), we typically start with a Mozilla form when available - talk to legal to see if we have a form agreement.

Other requirements to consider:

If a legal bug is required should we ensure that all filed bugs are restricted access bugs? Or, should we ensure that the vendor information is not copied into any of the non-secured bugs (e.g. only the legal bug has that data)?

Questions

  • how should we handle file attachements?
  • right now it's possible for no additional bugs to be triggered

Step 2: Generating Bugs

Additional bugs will need to be generated based on the following criteria. Addtional information will need to be collected for each additional bug that is required.


Data Safety Legal Privacy Policy Privacy Tech Security Finance
Interacts with Mozilla data X X X X X
Hosted not by Mozilla or in the cloud X

X

New Mozilla product and/or feature (see #12)
X X


Relationship with 3rd Party? (see #13)
X



3rd party has access to data? (see #13a)

X
X
3rd party costs > $25k? (see #13c)




X

Security Review

Owner: Michael Coates

  • File Bug as: whoever filed out the intake form
  • Summary: Security Review for {project name}
  • Product: mozilla.org
  • Component: Security Assurance: Review Request
  • Security Flags: Confidential Mozilla Corporation Bug
  • Whiteboard Tags (if any)
  • Keywords (if any): sec-review-needed
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 1: (please add all of the following)
    • Additional questions to be completed by the requester:
    • Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
    • Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
    • If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):

Privacy (Technical)

Owner: MIchael Coates

  • Summary: Complete Privacy-Technical Review for {project name}
  • Product: mozilla.org
  • Component: Security Assurance: Review Request
  • Security Flags: Confidential Mozilla Corporation Bug
  • Whiteboard Tags (if any):
  • Keywords (if any): privacy-review-needed
  • Data to add within comment 0:
    • All intake questions and answers

Privacy (Policy)

Owner: Alina Hua

[** Need to check with my team about whether the Privacy Policy review bugs should be default "Public"]

  • Summary: Complete Privacy-Policy Review for {project name}
  • Product: Privacy
  • Component: Privacy Review
  • Security Flags: Privacy Bug
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 0 or 1: (please add all of the following)
  • Additional questions to be completed by the requester:
    • Do you currently have a privacy policy for your project / site / product?
      • If YES --> Provide link to policy
      • If NO --> (Privacy Policy review / discusssion needed)
    • Does / Will your product/service/project collect, use or maintain any user data?
      • If YES --> Provide link to Data Safety bug:
      • If NO --> (Data Safety review not needed)
  • For reference, please provide link to related Legal bug:

Privacy (Policy) - Stacy

[I added the new Privacy Component below - this will need Stacy's input]

  • Title: Complete Privacy / Vendor Review for {project name}
  • Product: Privacy
  • Component: Vendor Review
  • Security Flags: Privacy Bug
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
  • All intake questions and answers
  • Data to add within comment 0 or 1: (please add all of the following)
  • Additional questions to be completed by the requester:
  • Will the vendor have access to Mozilla (customer, contributor, user, employee) data?
    • If Yes, please provide link to vendor's privacy policy.
    • If Yes, has vendor completed Mozilla Vendor Privacy Questionnaire?

Legal - Liz

  • Title: Complete Legal Review for {project name}
  • Product: Legal
  • Component: Boot to Gecko or Marketplace or Persona or Other Product or NDA or Distribution/Bundling or Search or Vendor/Services
  • Security Flags: none - whatever is normally assigned to legal bugs
  • Whiteboard Tags (if any): none
  • Keywords (if any): none
  • Data to add within comment 0:
  • All intake questions and answers
  • Data to add within comment 0 or 1:
    • Goal (company goal request maps to) - free form [This won't be needed if it will be requested during the initial intake]
    • Priority to your team - drop down with the choices Low, Medium, High
    • Timeframe for completion - drop down with the choices 2 days, a week, 2-4 weeks, this will take a while but please get started soon, no rush
    • CCs - free form
    • Name of other party - free form [This won't be needed if it will be requested during the initial intake]
    • Business objective - free form
  • URL - free form [This won't be needed if it will be requested during the initial intake]
    • Description (Describe your project in more detail and/or provide any relevant deal terms. Also provide context and background.)
    • SOW details [Only if the component is Vendor/Services]

Finance - Winnie

  • Title: Complete Finance Review for {project name}
  • Product: Finance
  • Component: Purchase Request Form
  • Security Flags: Finance Group
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
  • All intake questions and answers
  • Data to add within comment 1: (please add all of the following)
  • Additional questions to be completed by the requester:
    • What is this purchase for?:
    • Why is this purchase needed?:
    • What is the risk if this is not purchased?:
    • What is the alternative?:
    • Total Cost:

Data Safety - Alina

  • Title: Complete Data Safety Review for {project name}
  • Product: Data Safety
  • Component: General
  • Security Flags:
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
  • All intake questions and answers
  • Data to add within comment 0 or 1: (please add all of the following)
  • Additional questions to be completed by the requester:

About your data

    • Does your project collect data from users? [Yes / No]
      • If YES --> How many users are currently involved? How many users do you anticipate to be involved?
      • If NO --> Stop. No Data Safety bug should be filed.
    • Please provide examples of the types of user data you collect:
    • Why do you need to collect user data?:
    • What community benefits are derived from the collection of user data for your project?:
    • How is the data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) (Consider that you may be collecting data unintentionally such as automatic logging by web servers)
    • Will your project / team members need to retain user data? [Yes / No]
      • If YES --> For how long?:
    • Will any user data be shared or accessed by third party partners, customers or providers? [Yes / No]
      • If YES --> Please provide answers to the following:
    • What is the data being shared or accessed?
    • How would the data be communicated / transferred to the third parties?
    • Who are the third party vendors and in what countries are they based?
    • Community Visibility and Input
    • Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data? [Yes / No]
      • If YES --> What communication channels are you using and what kind of input have you received thus far?:
      • If NO --> Data Safety discussion needed. Provide your plan for publicly sharing your proposal.
Retrieved from "https://wiki.allizom.org/index.php?title=Websites/Kick-Off_Form/Requirements&oldid=461129"