Websites/Kick-Off Form/Requirements

From MozillaWiki
Jump to: navigation, search

General Requirements

The user will visit this form when they have a project that has the potential to require Data Safety, Privacy, Legal or Finance reviews. The form will prompt the user for basic information about their project (Step 1) and then determine which additional bugs need to be filed. It will then ask additional questions in order to populate the additional bugs required (Step 2).

  • Form needs to be able to interact with Bugzilla sufficiently to create tickets.
  • A bonus is the ability to pull product/component names.
  • Form needs to be available publicly.
  • Form does not need to retain entered data; generation of the bugzilla bugs is sufficient.
  • Form should be able to link tickets via depends on and blocks fields.

User Story

  1. A user who wishes to initiate the required series of data safety, security, privacy and legal bugs visits the bugzilla form.
  2. They first answer a series of questions that gather the details of their project: name, short description, schedule, priority, link to documentation, etc.
  3. Based on those answers, the user is then prompted for additional information that will be used to create the required child bugs.

Code Repo

Jen Fong got started on re-writing intranet.mozilla.com/webtools, which may or may not be helpful: https://github.com/ednapiranha/webtools-workermgmt/tree/python

We're now looking at using a custom BMO form to accomplish this.

Form Step 1: Basic Info

The first part of the intake form will ask for common data as well ask questions to determine which additional bugs should be filed.

# Question Type Required? Default Data Notes
1 Short name for project Text
Yes
n/a
Should have a character limit since it'll be used in the Bugzilla bug summaries.
2 Project visibility Select Yes
  • Public
  • MoCo Confidential
3 Tracking Bug ID? Text
No
n/a
Should be numbers only

If entered, all child bugs should block this one. If not entered, create tracking bug with relevent info (see below).

4 Who are the points of contact for this review? Text Yes n/a
5 Please provide a short description of the feature / application / project / business relationship (e.g. problem solved, use cases, etc.): Textarea Yes n/a
6 (not present in current versions) Please attach relevant documents (contract, RFP, creative brief, SOW/work order, proposal, mocks, flows, etc) TBD
No
n/a
Need to figure out the best way to do this. Can we accept file uploads in a temporary location and then post to created bug?
7 (removed in v1.1) What is the urgency of this project? Text
No
n/a
8 Does it support a current goal (if so, which one)? Text
No
n/a
9 What are your key release / launch dates? Text
No
n/a

10 What is the current state of your project? Select n/a
  • Future project under discussion
  • Active planning
  • Development
  • Ready to launch/commit
  • Already launched/committed
11 Does this product/service/project access, interact with, or store Mozilla (customer, contributor, user, employee) data? Example of such data includes email addresses, first and last name, addresses, phone numbers, credit card data.

  • Yes
  • No
If YES: trigger Data Safety, Legal, Privacy Policy, Privacy Technical, Security
12 (removed in v1.1) Is this a NEW product, service, project, feature, or functionality, a change to an EXISTING one, or neither? Select
Yes
  • New
  • Existing
  • Neither

If NEW:

  • File legal bug in Legal::Other Product

If EXISTING:

  • Prompt with question 12a
12a (removed v1.1) What product/service/project does this pertain to? Select
None
  • FirefoxOS
  • Marketplace
  • Persona
  • Marketing Initiative

Open legal bugs accordingly:

  • FirefoxOS - Legal::FirefoxOS
  • Marketplace - Legal::Marketplace
  • Persona - Legal::Persona
  • Marketing Initiative - Legal::Marketing
13 What Mozilla products/services/projects does this product/service/project integrate with or relate to? Text
No
n/a

14 Does this project involve a relationship with another party (such as a third party vendor, hosted service provider, consultant or strategic partner (business deals))? This includes NDAs, click to accept, API agreements, open source licenses, renewals, additional services or goods, and any other agreements. Radio
Yes
  • Yes
  • No

If YES:

  • prompt with additional questions (14a-d)
14a What type of relationship? Select Yes
  • Vendor/Services
  • Distribution/Bundling
  • Search
  • NDA
  • Other

Open legal bugs accordingly:

  • Vendor/Services - Legal::Vendor/Services
  • Distribution/Bundling - Legal::Distribution/Bundling
  • Search - Legal::Search
  • NDA - Legal::NDA
  • Other - Legal::General
14b Will the other party have access to Mozilla (customer, contributor, user, employee) data? (If this is for an NDA, choose no) [yes / no] Radio Yes n/a If YES: Trigger Privacy/Vendor, Security.
14c What is the url for their privacy policy?
Text
No
n/a

14d What is the anticipated cost of the vendor relationship? [Would it be better to have 3 options here, N/A, $25,000 or less and Over $25,000, and if Over $25,000 selected, a Finance bug is triggered?] Radio
Yes
  • n/a
  • <= $25,000
  • > $25,000
If > $25,000: Trigger Finance bug.

If *<= $25,000: Show 14d1.

14d1 PO Needed?
Radio - [yes/no]
Yes
n/a
If Yes: Trigger Finance bug.


Legal Note: For negotiated deals (NDAs, vendors, consultants, and partners for example), we typically start with a Mozilla form when available - talk to legal to see if we have a form agreement.

Other requirements to consider:

If a legal bug is required should we ensure that all filed bugs are restricted access bugs? Or, should we ensure that the vendor information is not copied into any of the non-secured bugs (e.g. only the legal bug has that data)?

Questions

  • How should we handle file attachements?

Form Step 2: Generating Bugs

Additional bugs will need to be generated based on the following criteria. Addtional information will need to be collected for each additional bug that is required.


Data Safety Legal Privacy Policy Privacy Tech Security Finance
Interacts with Mozilla data X X X X X
Hosted not by Mozilla or in the cloud X

X

New Mozilla product and/or feature (see #12)
X X


Relationship with 3rd Party? (see #13)
X



3rd party has access to data? (see #13a)

X
X
3rd party costs > $25k? (see #13c)




X

Security Review

Owner: Michael Coates

  • File Bug as: whoever filed out the intake form
  • Summary: Security Review for {project name}
  • Product: mozilla.org
  • Component: Security Assurance: Review Request
  • Security Flags: Confidential Mozilla Corporation Bug
  • Whiteboard Tags (if any)
  • Keywords (if any): sec-review-needed
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 1: (please add all of the following)
    • Additional questions to be completed by the requester:
    • Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
    • Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
    • If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):

Privacy (Technical)

Owner: MIchael Coates

  • Summary: Complete Privacy-Technical Review for {project name}
  • Product: mozilla.org
  • Component: Security Assurance: Review Request
  • Security Flags: Confidential Mozilla Corporation Bug
  • Whiteboard Tags (if any):
  • Keywords (if any): privacy-review-needed
  • Data to add within comment 0:
    • All intake questions and answers

Privacy (Policy/Project)

Owner: Alina Hua

[** Need to check with my team about whether the Privacy Policy review bugs should be default "Public"]

  • Summary: Complete Privacy-Policy Review for {project name}
  • Product: Privacy
  • Component: Privacy Review
  • Security Flags: Privacy Bug
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 0 or 1: (please add all of the following)
  • Additional questions to be completed by the requester:
    • Do you currently have a privacy policy for your project / site / product?
      • If YES --> Provide link to policy
      • If NO --> (Privacy Policy review / discusssion needed)
    • Does / Will your product/service/project collect, use or maintain any user data?
      • If YES --> Provide link to Data Safety bug:
      • If NO --> (Data Safety review not needed)
  • For reference, please provide link to related Legal bug:

Privacy (Policy/Vendor)

Owner: Stacy Martin

[I added the new Privacy Component below - this will need Stacy's input]

  • Summary: Complete Privacy / Vendor Review for {project name}
  • Product: Privacy
  • Component: Vendor Review
  • Security Flags: Privacy Bug
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 0 or 1: (please add all of the following)
    • Will the vendor have access to Mozilla (customer, contributor, user, employee) data?
      • If Yes, please provide link to vendor's privacy policy.
      • If Yes, has vendor completed Mozilla Vendor Privacy Questionnaire?


Privacy (Policy/Business Partner)

Owner: Stacy Martin

  • Summary: Complete Privacy / Business Partner Review for {project name}
  • Product: Privacy
  • Component: Partner Review
  • Security Flags: Privacy Bug
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 0 or 1: (please add all of the following)
    • Will the vendor have access to Mozilla (customer, contributor, user, employee) data?
      • If Yes, please provide link to vendor's privacy policy.
      • If Yes, has vendor completed Mozilla Vendor Privacy Questionnaire?

Legal

Owner: Liz Compton

  • Summary: Complete Legal Review for {project name}
  • Product: Legal
  • Component: Boot to Gecko or Marketplace or Persona or Other Product or NDA or Distribution/Bundling or Search or Vendor/Services
  • Security Flags: none - whatever is normally assigned to legal bugs
  • Whiteboard Tags (if any): none
  • Keywords (if any): none
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 0 or 1:
    • Goal (company goal request maps to) - free form [This won't be needed if it will be requested during the initial intake]
    • Priority to your team - drop down with the choices Low, Medium, High
    • Timeframe for completion - drop down with the choices 2 days, a week, 2-4 weeks, this will take a while but please get started soon, no rush
    • CCs - free form
    • Name of other party - free form [This won't be needed if it will be requested during the initial intake]
    • Business objective - free form
    • URL - free form [This won't be needed if it will be requested during the initial intake]
    • Description (Describe your project in more detail and/or provide any relevant deal terms. Also provide context and background.)
    • SOW details [Only if the component is Vendor/Services]

Finance

Owner: Winnie Aoieong

  • Summary: Complete Finance Review for {project name}
  • Product: Finance
  • Component: Purchase Request Form
  • Security Flags: Finance Group
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
    • All intake questions and answers
  • Data to add within comment 1: (please add all of the following)
  • Additional questions to be completed by the requester:
    • What is this purchase for?:
    • Why is this purchase needed?:
    • What is the risk if this is not purchased?:
    • What is the alternative?:
    • When do th items need to be ordered by?:
    • Where will this item be shipped to (if applicable)?:
    • Total Cost:

Data Safety

Owner: Alina Hua

  • Summary: Complete Data Safety Review for {project name}
  • Product: Data Safety
  • Component: General
  • Security Flags:
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • Data to add within comment 0:
  • All intake questions and answers
  • Data to add within comment 0 or 1: (please add all of the following)
  • Additional questions to be completed by the requester:
    • Does your project collect data from users? [Yes / No]
      • If YES --> How many users are currently involved? How many users do you anticipate to be involved?
      • If NO --> Stop. No Data Safety bug should be filed.
    • Please provide examples of the types of user data you collect:
    • Why do you need to collect user data?:
    • What community benefits are derived from the collection of user data for your project?:
    • How is the data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) (Consider that you may be collecting data unintentionally such as automatic logging by web servers)
    • Will your project / team members need to retain user data? [Yes / No]
      • If YES --> For how long?:
    • Will any user data be shared or accessed by third party partners, customers or providers? [Yes / No]
      • If YES --> Please provide answers to the following:
    • What is the data being shared or accessed?
    • How would the data be communicated / transferred to the third parties?
    • Who are the third party vendors and in what countries are they based?
    • Community Visibility and Input
    • Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data? [Yes / No]
      • If YES --> What communication channels are you using and what kind of input have you received thus far?:
      • If NO --> Data Safety discussion needed. Provide your plan for publicly sharing your proposal.

Contractor

  • Summary: Contractor Request - <name from questions> (<start of contract>)
  • Product: Mozilla Corporation
  • Component: Consulting
  • Security Flags: Confidential MoCo Consulting Bug
  • Whiteboard Tags (if any):
  • Keywords (if any):
  • CC into bug by default: Depends on organization alignment question
    • Engineering (Brendan Eich) -> aking@mozilla.com
    • Innovation (Todd Simpson) -> aking@mozilla.com
    • Product (Jay Sullivan) -> agibely@mozilla.com
    • Engagement (Chris Beard) -> agibely@mozilla.com
    • Business Affairs / Legal (Harvey Anderson) -> agibely@mozilla.com
    • Operations (Jim Cook) -> agibely@mozilla.com
    • People (Debbie Cohen) -> agibely@mozilla.com


Questions for Display

  1. Organization Name:
    • Help Text:
    • Type: Text Field
    • Required: Yes
  2. Name:
    • Help Text:
    • Type: Text Field
    • Required: No
  3. Work Address:
    • Help Text:
    • Type: Text Area
    • Required: Yes
  4. Billing Address:
    • Help Text:
    • Type: Text Area
    • Required: Yes
  5. Phone:
    • Help Text:
    • Type: Text Field
    • Required: Yes
  6. E-mail:
    • Help Text:
    • Type: Text Field
    • Required: Yes
  7. Requested start of contract:
    • Help Text:
    • Type: Calendar Date Field
    • Required: Yes
  8. Expected end of contract:
    • Help Text:
    • Type: Calendar Date Field
    • Required: Yes
  9. Requested rate of pay:
    • Help Text:
    • Type: Text Field
    • Required: Yes
  10. Payment schedule (hourly, weekly, monthly, by project/product, etc.):
    • Help Text:
    • Type: Drop Down
      • Semi-monthly, monthly, hourly, flat
    • Required: Yes
  11. Hourly Total payment limitation:
    • Help Text:
    • Type: Text Field
    • Required: Yes
  12. Hours per week expected:
    • Help Text:
    • Type: Text Field
    • Required: Yes
  13. Manager:
    • Help Text:
    • Type: Text Field
    • Required: Yes
  14. Organizational Alignment:
    • Help Text: Which org would this contractor roll up to?
    • Type: Drop Down
      • Engineering (Brendan Eich), Innovation (Todd Simpson), Product (Jay Sullivan), Engagement (Chris Beard), Business Affairs / Legal (Harvey Anderson), Operations (Jim Cook), People (Debbie Cohen)
    • Required: Yes
    • Required: Yes
  15. Type:
    • Help Text:
    • Type:
    • Required:
  16. New Category:
    • Help Text:
    • Type: Text Field
    • Required:
  17. Statement of work:
    • Help Text:
    • Type: Text Area
    • Required: Yes
  18. How will the day-to-day work that this Independent Contractor is doing for Mozilla be managed/controlled, if at all?
    • Help Text:
    • Type: Text Area
    • Required: Yes
  19. What are your expectations/requirements for where and when the work will be done?
    • Help Text:
    • Type: Text Area
    • Required: Yes
  20. What training, if any, will Mozilla provide in order for the Independent Contractor to perform the necessary work?
    • Help Text:
    • Type: Text Area
    • Required: Yes
  21. Does the Independent Contractor have all equipment necessary to perform the work?
    • Help Text:
    • Type: Text Field
    • Required: Yes
  22. Special Requests
    • Help Text: (see text below)
    • Type: Text Area
    • Required: Yes
    • Help text for special requests:

Please note
Our standard practice for Independent Contractors is:
-LDAP access is not provided.
-Contractors must have all equipment (computers, software, etc.) to do the job they’re hired to do, rather than Mozilla providing the equipment.
-Guest badges are provided, rather than full access badges.
-Contractors are free to use open spaces and desks, rather than get space assigned to them.
If you require an exception to these standard practices please note the reason/need for the exception in this form.