Collaboration Cycle - Privacy, Security, Infrastructure Readiness Review (PSIRR) improvements

[shiragoodman]

Problem Statement

The ownership of the Privacy, Security, Infrastructure Readiness Review (PSIRR) in the Collaboration Cycle has recently changed hands. @gary-fallon and @joeniquette of the Multi Factor Authentication/Surge team have been asked to support the touchpoint and complete all future reviews. The following problems about the current process have been identified:

1. The points of contact are incorrect.
2. The VFS-facing guidance may be outdated and in need of updates.
3. The PSIRR reviewers would benefit from being informed of the product/feature improvements earlier in the teams build process.

How might we help the PSIRR reviewers get involved earlier on in the Collaboration Cycle journey without burdening and/or inconveniencing the VFS team? How might we introduce a solution that doesn't increase the burden on Governance team and/or make Governance team commitments more difficult? How might we improve the PSIRR experience for VFS teams?

Hypothesis or Bet

If we involve the PSIRR reviewers earlier in the Collaboration Cycle process, then VFS teams will have less hurdles to tackle later on at the PSIRR touchpoint. If we involve the PSIRR reviewers earlier in the Collaboration Cycle process, then PSIRR reviewers will be able to more easily and efficiently complete the PSIRR touchpoint.

Solution

The solution was proposed in ticket #54910 and the implementation plan was created in ticket #55947. Implementation plan User flow

We will know we're done when... ("Definition of Done")

• [ ] The PSIRR reviewers are getting the information they need from the VFS team about the product/feature being brought through the Collaboration Cycle to easily and efficiently complete the PSIRR touchpoint.
• [ ] VFS team members are not burdened by any changes introduced to the PSIRR process

Known Blockers/Dependencies

List any blockers or dependencies for this work to be completed

Projected Launch Date

• When do you expect to be completed rolling out this initiative*

Launch Checklist

Guidance (delete before posting)

This checklist is intended to be used to help answer, "is my Platform initiative ready for launch?". All of the items in this checklist should be completed, with artifacts linked---or have a brief explanation of why they've been skipped---before launching a given Platform initiative. All links or explanations can be provided in Required Artifacts sections. The items that can be skipped are marked as such.

Keep in mind the distinction between Product and Initiative --- each Product needs specific supporting documentation, but Initiatives to improve existing Products should reuse existing documentation for that Product. VSP Product Terminology for details.

Is this service / tool / feature...

... tested?

• [ ] Usability test (TODO: link) has been performed, to validate that new changes enable users to do what was intended and that these changes don't worsen quality elsewhere. If usability test isn't relevant for this change, document the reason for skipping it.
  • [ ] ... and issues discovered in usability testing have been addressed.
  • Note on skipping: metrics that show the impact of before/after can be a substitute for usability testing.
• [ ] End-to-end manual QA or UAT is complete, to validate there are no high-severity issues before launching
• [ ] (if applicable) New functionality has thorough, automated tests running in CI/CD

... documented?

• [ ] New documentation is written pursuant to our documentation style guide
• [ ] Product is included in the List of VSP Products
  • List the existing product that this initiative fits within, or add a new product to this list.
• [ ] Internal-facing: there's a Product Outline
• [ ] External-facing: a User Guide on Platform Website exists for this product/feature tool
• [ ] (if applicable) Post to #vsp-service-design for external communication about this change (e.g. customer-facing meetings)

... measurable

• [ ] (if applicable) This change has clearly-defined success metrics, with instrumentation of those analytics where possible, or a reason documented for skipping it.
  • For help, see: Analytics team
• [ ] This change has an accompanying Platform Release Plan.

When you're ready to launch...

• [ ] Configure your communication to teams about your work using the Change Communication Guide
• [ ] Conduct a go/no-go when you're almost ready to launch.

Required Artifacts

Documentation

• PRODUCT_NAME: directory name used for your product documentation
• Product Outline: link to Product Outline
• User Guide: link to User Guide

Testing

• Usability test: link to GitHub issue, or provide reason for skipping
• Manual QA: link to GitHub issue or documented results
• Automated tests: link to tests, or "N/A"

Measurement

• Success metrics: link to where success metrics are measured, or where they're defined (Product Outline is OK), or provide reason for skipping
• Release plan: link to Release Plan ticket

TODOs

• [ ] Convert this issue to an epic
• [ ] Add your team's label to this epic
• [ ] Add this initiative to the Digital Experience Product Board using these instructions

[shiragoodman]

@humancompanion-usds are you okay with us closing this initiative? It has been open for over 18 months, and I believe bringing PSIRR into the Engineering & Security track will supersede the work outlined in this epic. Please lmk - thanks!