Security/SOP/Requests For Service

From mediawiki.org
Jump to navigation Jump to search

SOP Name: WIKISEC-RFS-SOP

SOP Description: Processes through which to request resourcing, feedback and commitment from the Security Team

Authority: Director of Security

Review Required by: 1/10/21

Author(s): Wikimedia Security Team

Data Classification: Public

Purpose[edit]

In order to effectively resource the highest priority work and to enable predictability (as much as it is possible) in customer interactions we have defined standards for work intake and processing.

Please see our statements on consistency and commitment.

Please see our services to understand the implemented portion of our charter.

Making a Request for Service[edit]

  1. Users who wish to discuss new initiatives or require assistance determining which services are relevant should fill out our request for service form.
    IMPORTANT: By default will only be visible to members of the Security Team, subscribers, and the author.
  2. Privacy review requests should use our Privacy intake form in Asana
  3. Security Readiness Review requests need to follow our SOP for that service
  4. Security Preview requests need to follow our SOP for that service.
  5. Users reporting general issues with security should see Reporting Security Bugs.

If all else fails, an email to security-help@ is a valid initial step when there is uncertainty regarding process, scope, services needed. We want to assist you in navigating our workflows :)

Other Information[edit]

Details on workflows and expectations for shared platforms are defined in our team handbook.

Phabricator permissions and security may not be intuitive. It is strongly recommended users take advantage of the Protect as Security Issue and Report Security Issue mechanisms where appropriate.