Work Instruction for World Wide Web Resource Review and Approval



Similar documents
Document Control. DOWNLOADED AND/OR HARD COPY UNCONTROLLED Verify that this is the correct version before use.

Software and Hardware Configuration Management

Project Management. DOWNLOADED AND/OR HARD COPY UNCONTROLLED Verify that this is the correct version before use.

Configuration Management Plan (CMP) Template

Procedure for Document Control and Management

Change Management Plan (CMP)

1. FROM (Agency or establishment) DATE RECEIVED/ / U.S. Nuclear Regulatory Commission

IT Security Handbook. Incident Response and Management: Targeted Collection of Electronic Data

Centerwide System Level Procedure

Department of the Interior Privacy Impact Assessment Template

Federal Trade Commission Privacy Impact Assessment. Conference Room Scheduling PIA

Crew Member Self Defense Training (CMSDT) Program

Canine Website System (CWS System) DHS/TSA/PIA-036 January 13, 2012

North American Electric Reliability Corporation. Compliance Monitoring and Enforcement Program. December 19, 2008

Privacy Impact Assessment (PIA) for the. Certification & Accreditation (C&A) Web (SBU)

Federal Bureau of Prisons. Privacy Impact Assessment for the HR Automation System. Issued by: Sonya D. Thompson Deputy Assistant Director/CIO

Privacy Impact Assessment

SAMPLE RETURN POLICY

Privacy Policy. Effective Date: November 20, 2014

Frequently Asked Questions Regarding Registration with the Board. February 4, 2015

University Project & Capital Planning Change Management Process

ITRM Guideline CPM Date: January 23, 2006 SECTION 4 - PROJECT EXECUTION AND CONTROL PHASE

NASA Information Technology Requirement

Clearances, Logistics, Employees, Applicants, and Recruitment (CLEAR)

BALTIMORE COUNTY PUBLIC SCHOOLS Quality Management System

Online Detainee Locator System

Privacy Impact Assessment for TRUFONE Inmate Telephone System

Privacy Impact Assessment. Date: April 18, Point of Contact: Jim Hibberd KratosLearning.com

GENERAL RECORDS SCHEDULE 3.1: General Technology Management Records

Department of the Interior Privacy Impact Assessment

GovDelivery Subscription Management System

Synapse Privacy Policy

Department of State SharePoint Server PIA

Privacy Impact Assessment. For Personnel Development Program Data Collection System (DCS) Date: June 1, 2014

Privacy Impact Assessment

Transglobal Secure Collaboration Program Secure v.1 Gateway Design Principles

Emdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account

Federal Trade Commission Privacy Impact Assessment

U.S. DEPARTMENT OF LABOR Office of Federal Contract Compliance Programs

HSIN R3 User Accounts: Manual Identity Proofing Process

Privacy Impact Assessment for the Volunteer/Contractor Information System

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment

BUSINESS ASSOCIATE AGREEMENT

Appendix O Project Performance Management Plan Template

1. Describe the information (data elements and fields) available in the system in the following categories:

When printed the document is for reference only and is considered uncontrolled - refer to the Document Control System for the most current version

REQUEST FOR RE=iCORDS ITION AUTHORITY

<name of project> Software Project Management Plan

Federal Trade Commission Privacy Impact Assessment. for the: Analytics Consulting LLC Claims Management System and Online Claim Submission Website

PRIVACY IMPACT ASSESSMENT

CMS Policy for Configuration Management

BBVA Wallet Application Privacy Policy

Emdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET Data Administration and Management (Public)

NASA Conference Tracking System Customer Guide

1. CHILDREN S PRIVACY

Denver Public Schools - East High School

Privacy Policy. February, 2015 Page: 1

Name of System/Application: Customer Relationship Management (CRM) Program Office: Office of the Chief Information Officer (CIO)

ONLINE CREDIT REPORTING S SUITE SOLUTIONS MEMBERSHIP GUIDELINES

Homeland Security Virtual Assistance Center

REMEDY Enterprise Services Management System

The Practice Standards for Medical Imaging and Radiation Therapy. Quality Management Practice Standards

Dryden Centerwide Procedure (DCP) Code SQ. Government Industry Data Exchange Program (GIDEP) Alert / NASA Advisory Process

NYC Department of Education Social Media Guidelines

Rail Network Configuration Management

Internet Banking Agreement & Disclosure

Standard Operating Procedure: EMS Document Control and Record Keeping

The Bureau of the Fiscal Service. Privacy Impact Assessment

Guidance for Industry Computerized Systems Used in Clinical Investigations

Web Time and Attendance

EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: Review Date: 04/04/2017

VES Privacy Policy Effective Date: June 25, 2015

Department of Administration Portfolio Management System 1.3 June 30, 2010

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS

Privacy Impact Assessment (PIA)

SUITE SOLUTIONS MEMBERSHIP GUIDELINES Clients using EZ-Filing Inc. Software

Service Level Policy. San Diego Geographic Information Source. City and County of San Diego. by and between. and. Version 1.1 Revised January 12, 2011

MWA Project. Configuration Management Plan

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Stakeholder Engagement Initiative: Customer Relationship Management

Content Management Policy: Legal Aid NSW website and intranet

HIPAA Compliance and HIE

The Bureau of the Fiscal Service. Privacy Impact Assessment

Dundalk Institute of Technology Change Control Procedure

CMS IT - Requirements For Electronic Storage

--j except for Items that may be marked "disposition not 3 MINOR SUBDIVISION approved" or "withdrawn" In column 10

ALABAMA DEPARTMENT OF EDUCATION JULY 2009 JOSEPH B. MORTON, STATE SUPERINTENDENT OF EDUCATION No person shall be denied employment, be excluded from

Transition Guidelines: Managing legacy data and information. November 2013 v.1.0

(Provider s Name) Business Continuity Plan. CY 2010 Forward

Privacy Policy Last Modified: April 3,

Rise Broadband Networks, Inc. Privacy Policy and Customer California Privacy Rights. Effective date: January, 2016

Cisco Change Management: Best Practices White Paper

Holbrook Public Schools. Criminal Background Checks

The Bureau of the Fiscal Service. Privacy Impact Assessment

This procedure applies to the following categories of documents:

Castle Branch Guide to the Fair Credit Reporting Act

New system Significant modification to an existing system To update existing PIA for a triennial security reauthorization

Item: Renew Cooperative Agreement with the Division of Vocational Rehabilitation Services.

Covered California. Terms and Conditions of Use

Transcription:

DOWNLOADED AND/OR HARD COPY UNCONTROLLED Verify that this is the correct version before use. AUTHORITY DATE Jeffrey Northey (original signature on file) IMS Manager 09/02/2015 Jeffrey Northey (original signature on file) Process owner 09/02/2015 REFERENCES Document ID/Link Title Code of Federal Regulations (CFR) Children s Online Privacy Protection Act Title 16, Part 312 (COPPA) Form 1020 Website Review IVV QM NASA IV&V Quality Manual IVV 10 Software and Hardware Configuration Management IVV 16 Control of Records NPR 1441.1 NASA Records Management Program Requirements Section508.gov Resources for understanding and implementing Section 508 www.access-board.gov/guidelines-andstandards/communications-and-it Standards, Communications & United States Access Board, Guidelines and IT If any process in this document conflicts with any document in the NASA Online Directives Information System (NODIS), this document shall be superseded by the NODIS document. Any external reference shall be monitored by the Process Owner for current versioning. 1 of 10

1.0 Purpose The purpose of this work instruction (WI) is to provide a consistent method for requesting the creation, hosting, change, or deletion of websites in support of the NASA IV&V Program. 2.0 Scope This WI applies to all new websites and current websites. This includes any public facing website, internal website, or NASA IV&V Program-wide toolbased (e.g. Confluence) webpage 1,2. For specific technologies supported by the Software Assurance Tools (SWAT) Group, the request may be redirected to the SWAT Lead. 3.0 Definitions and Acronyms Official NASA IV&V roles and terms are defined in the Quality Manual. Specialized definitions identified in this WI are defined below. 3.1 Children s Online Privacy Protection Act (COPPA) COPPA is implemented by the Children s Online Privacy Protection Rule that is defined in the Code of Federal Regulations, Title 16, Part 312. COPPA applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under the age of 13. It spells out what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent, and what responsibilities an operator has to protect children's privacy and safety online. 3.2 Requester The Requester is an individual or group submitting a request for creating, hosting, change, or deletion of a website. A Requester can be anyone 1 Rationale for this scope: (1) Allows us to understand potential support needs, (2) Allows us to promote best practices (e.g. basic configuration management planning), (3) Gives us awareness of what s being developed. 2 Web-based tools (e.g. RiskManager, RESOLVE) are not in scope, because they re covered by other decisionmaking processes within the Program. Personal or project-specific Confluence pages are not in scope, because they re not likely to require support. 2 of 10

who supports the NASA IV&V Program. 3.3 Section 508 Section 508 refers to Section 508 of the Rehabilitation Act (29 U.S.C. 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998. Section 508 requires that federal agencies' electronic and information technology is accessible to people with disabilities. Additional details about Section 508 can be found at http://www.access-board.gov/guidelines-and-standards/communications-and-it and at http://section508.gov/. 3.4 Website Configuration Control Board (CCB) The Website CCB is the group that reviews the change requests and analysis specified therein. The Website CCB consists of the Strategic Communications Office (SCO) Lead, Software Assurance Tools (SWAT) Lead, Information Technology (IT) Lead, Website Support Lead, Website Support Contractor, and/or others specified by any of the aforementioned entities. 3.5 Website Support Contractor The Website Support Contractor is the contractor assigned to perform website support for the NASA IV&V Program. 3.6 Website Support Lead The Website Support Lead (or designee) is a NASA IV&V civil service employee assigned to manage the processes of the Website CCB. 3 of 10

3.7 Acronyms CCB CFR CM CMP COPPA ECM IMS NODIS NPR SCO STRAW SWAT WI WCR Configuration Control Board Code of Federal Regulations Configuration Management Configuration Management Plan Children s Online Privacy Protection Act Enterprise Content Management NASA IV&V Management System NASA Online Directives Information System NASA Procedural Requirements Strategic Communications Office System for Tracking and Registering Applications and Websites Software Assurance Tools Work Instruction Website Change Request 4 of 10

4.0 Process Flow Diagrams The following diagrams depict processes described in this document, and the responsibilities and actions that shall be performed by process participants or their designees. Any information supplemental to the depicted process will appear after the diagram. 4.1 Website Creation/Hosting Request Requester Website Support Lead Website CCB Website Support Contractor Submits request Evaluates request Revises request No Approves request? Yes Coordinates CCB Meeting Evaluates request No Approves request? Yes Initiates website development process and Form 1020 To request the development and/or hosting of a website to support the NASA IV&V Program, the Requester shall email the Website Support Lead at ivv-websupport@lists.nasa.gov and identify the following: Name of the Requester Description of the website to be developed and/or hosted Location of the website (if applicable) or data files necessary to describe requirements for hosting and/or developing the website Dates pertinent to target delivery/completion times 5 of 10

The Website Support Lead shall evaluate the request and if approved, schedule a Website CCB meeting. If the Website Support Lead rejects the requests, the Website Support Lead shall communicate this decision and the rationale for the decision to the Requester. The Website CCB shall evaluate the request, including the purpose, requirements, and other details of the proposed website. If the request is approved by the CCB, the Requester shall provide the requirements for hosting and/or development to the Website Support Contractor for coordination of development and/or hosting activities. The Website Support Contractor shall initiate Form 1020, Website Review. The CCB may determine that the requirements for hosting and/or development need to be gathered before the CCB makes an approval decision. In that case, the requestor shall revise the request per the direction of the CCB. 4.2 Website Development The Website Support Contractor shall coordinate website hosting requirements with the Requester and work with the Network Operations staff to ensure that those requirements are provided for the website. The Website Support Contractor shall coordinate the development schedule with the Requester regardless of who is to develop the website. If the Requester or parties are to perform website development, the Requester must currently have a Configuration Management Plan (CMP), or shall develop a CMP according to IVV 10, Software and Hardware Configuration Management. During the website development, the Website Support Contractor shall also evaluate the website according to required website policies and standards (e.g., Section 508, COPPA, NASA privacy policies). Depending on the requirements, audience, and availability of the site, adherence to federal government, NASA, or NASA IV&V Program-required policies and standards may or may not be required. The Website Support Contractor shall review such policies and standards with the Requester prior to development initiation. 6 of 10

4.3 Website Release and Registration Requester Website Support Contractor Website Support Lead Website CCB Notifies Lead that website is ready for final evaluation Coordinates final CCB meeting to review website Evaluates website Performs CM per IVV 10 Coordinates release of website, registers website in STRAW (if applicable) Yes Approves? No After the website is developed and hosted, the Website Support Contractor shall notify the Website Support Lead. The Website Support Lead shall schedule a Website CCB meeting for final review of the website. Upon Website CCB approval of the completed website, the Website Support Contractor shall coordinate the release of the website with the Requester and any other associated parties. If applicable, the Website Support Contractor shall also register the website in NASA s System for Tracking and Registering Applications and Websites (STRAW). The Website Support Contractor shall complete Form 1020, Website Review. The Requester performs Configuration Management (CM) per IVV 10, Software and Hardware Configuration Management. 4.4 Website Change Request To request a change to a website, follow the Configuration Management Plan for that website. The reference list for CMPs is currently stored on ECM. Most websites use the Website Change Tool on the IV&V Services Website. This tool can be used by any NASA IV&V Program employee to 7 of 10

request changes to any website that is governed by the process. If, when filling out the origination form, there is no listing for the website for which you wish to make a request, then that website is not contained in the Website Change Tool process and, therefore, does not fall within its scope. You must then either check the CMP or contact the maintenance personnel listed on that website for assistance. 4.5 Website Deletion Request 5.0 Metrics To request the deletion of a website, follow the Configuration Management Plan for that website. If a website will be deleted then the Responsible Owner will examine it for data, code, and/or schema that may need to be archived. Note: most websites contain data that are records that shall be handled per IVV 16, Control of Records. Any metrics associated with this WI are established and tracked within the NASA IV&V Metrics Program. 6.0 Records The following records will be generated or updated and filed in accordance with this WI and IVV 16, Control of Records, and in reference to NASA Procedural Requirement (NPR) 1441.1, NASA Records Management Program Requirements. Record Name Original Vital Responsible Person Retention Requirement Location Submitted Form 1020 Y N Website Support Lead Destroy/delete 5 years after cutoff. (1/78F2) ECM System Website Change Requests (WCR) Y N Website Support Lead Destroy/delete 5 years after cutoff. (1/78F2) JIRA System 8 of 10

VERSION HISTORY Version Description of Change Rationale for Change Author Effective Date Basic Initial Release. Brian 07/26/2005 Kesecker A Updated document to reflect IVV 05-3 reflect IVV 05-3 changes and Brian 01/27/2006 changes and incorporated ADR comments Annual Document Review Kesecker B Removed Communications Materials Review from the process and made a few minor context edits. Also, addition of GPR 2800.1 references. Brian Kesecker 02/17/2006 C Clarified purpose and scope. Changed title from Resource Request Review to. PAR # 2007-P-238 Jeff Northey D Quality Manual hyperlink updated. Stephanie Ferguson E Update to align with Facility Management Align with Facility Management Stephanie paradigm paradigm Ferguson F Changed IV&V Facility to IV&V Program Stephanie Ferguson G Updated Section 4.0 to break single Stephanie process flow diagram into two diagrams Ferguson 06/06/2007 03/10/2008 07/09/2008 01/06/2009 03/17/2010 9 of 10

VERSION HISTORY Version Description of Change Rationale for Change Author Effective Date H Changed AWRS to STRAW ; added reference document precedence statement. Updated COPPA and Section 508 links. Links allow users to easily find official guidance sources Richard Grigg 12/08/2010 I J K L M Expanded scope to reflect changes and deletions, and the Web Site Change Process. Replace "Institutional Services Lead" with "SCO Lead" and "Tools Lab Lead" with "SWAT Lead". Update: Title, Scope, Requester definition, processes, process titles, and section 4.3 flowchart Links updated. Changed web site to website to match the accepted AP Stylebook spelling of the word. Updated Scope to include any external, internal websites or Program-wide toolbased webpages Align with new IV&V Program reorganization ADR. Increased clarity and accuracy to ensure internal consistency ADR. PAR 2015-P-429 Richard Grigg Michael Asbury Jeffrey Northey Jeffrey Northey Michael Asbury 05/27/2011 02/09/2012 04/03/2013 05/16/2014 09/03/2015 10 of 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information