Security/SOP/Requests For Service

SOP Name: WIKISEC-RFS-SOP

SOP Description: Processes through which to request resourcing, feedback and commitment from the Security Team

Authority: Director of Security

Review Required by: X/X/XX

Author(s): Wikimedia Security Team

Data Classification: Public

Purpose
To effectively resource the highest priority work and in order to enable predictability (as much as it is possible) in our interactions with customers we have defined standards for work intake and processing.

Requests that follow a recognized intake flow will be (at a minimum) discussed by the Security Team during our weekly clinic meeting. The Security Team is a limited component within Wikimedia Foundation and tasks that cannot be resourced or are not part of the team charter will be left with the general #security project attached if they are in the security arena.

Procedures

 * 1) Create a Phabricator account
 * 2) Sign a volunteer non-disclosure agreement or a WMF employee non-disclosure agreement. If you're already a working WMF employee, you have likely already signed an NDA as part of your Terms of Employment and can skip this.  Real names are required at this step for NDA/Legal purposes, but are only visible to required personnel.

Requests are reviewed on a weekly basis in the Security Team clinic meeting, which is usually on Wednesday of each week.

Definitions
Phabricator: Bug/Task tracking software used by Wikimedia Foundation and community