darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-05 16:38:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

Don’t allow paragraphs without class attribute

Browse Source 
All paragraphs should have class="govuk-body", or be otherwise
custom-styled. This commit adds some extra checks to our test fixture
that looks for paragraphs that don’t have any styling. Our test coverage
is pretty good, so this should check almost all pages, and prevent
regressions.

I’ve done this in such a way that it can be extended for other elements
(e.g. links) in the future.
This commit is contained in:
Chris Hill-Scott
2020-05-29 17:11:01 +01:00
parent 82ec03e263
commit 4df99bd27f
134 changed files with 517 additions and 497 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
app/templates/views/security.html
View File

@@ -8,7 +8,7 @@
{% block content_column_content %}
<h1 class="heading-large">Security</h1>
<p>GOV.UK Notify is built for the needs of government services. It has processes in place to:</p>
<p class="govuk-body">GOV.UK Notify is built for the needs of government services. It has processes in place to:</p>
<ul class="list list-bullet">
<li>protect user data</li>
<li>keep systems secure</li>
@@ -16,15 +16,15 @@
</ul>
<h2 class="heading-medium">Data</h2>
<p>On Notify, data is encrypted:</p>
<p class="govuk-body">On Notify, data is encrypted:</p>
<ul class="list list-bullet">
<li>when it passes through the service</li>
<li>when its stored on the service</li>
</ul>
<p>Any user data you upload is only held for 7 days.</p>
<p>The Cabinet Office acts as data processor for Notify. Your organisation is the data controller.</p>
<p class="govuk-body">Any user data you upload is only held for 7 days.</p>
<p class="govuk-body">The Cabinet Office acts as data processor for Notify. Your organisation is the data controller.</p>
<h3 class="heading-small">Data Protection Act</h3>
<p>Notify complies with data protection law. To make sure it stays compliant, there are regular legal reviews of the services:</p>
<p class="govuk-body">Notify complies with data protection law. To make sure it stays compliant, there are regular legal reviews of the services:</p>
<ul class="list list-bullet">
<li>privacy policy</li>
<li>terms of use</li>
@@ -32,7 +32,7 @@
</ul>
<h2 class="heading-medium">Technical security</h2>
<p>Other technical security controls on Notify include:</p>
<p class="govuk-body">Other technical security controls on Notify include:</p>
<ul class="list list-bullet">
<li>compliance with National Cyber Security Centre (NCSC) Cloud Security Principles</li>
<li>protective monitoring to record activity, and raise alerts about any suspicious activity</li>
@@ -40,30 +40,30 @@
</ul>
<h3 class="heading-small">Protect sensitive information</h3>
<p>Some messages include sensitive information like security codes or password reset links.</p>
<p>If youre sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.</p>
<p class="govuk-body">Some messages include sensitive information like security codes or password reset links.</p>
<p class="govuk-body">If youre sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.</p>
<h2 class="heading-medium">User permissions and signing in</h2>
<p>You can set different user permissions in Notify. This lets you control who in your team has access to certain parts of the service.</p>
<p class="govuk-body">You can set different user permissions in Notify. This lets you control who in your team has access to certain parts of the service.</p>
<h3 class="heading-small">Two-factor authentication</h3>
<p>To sign in to Notify, youll need to enter:</p>
<p class="govuk-body">To sign in to Notify, youll need to enter:</p>
<ul class="list list-bullet">
<li>your email address and password</li>
<li>a text message code that Notify sends to your phone</li>
</ul>
<p>If signing in with a text message is a problem for your team, <a class="govuk-link govuk-link--no-visited-state" href="https://www.notifications.service.gov.uk/">contact us</a> to find out about using an email link instead.</p>
<p class="govuk-body">If signing in with a text message is a problem for your team, <a class="govuk-link govuk-link--no-visited-state" href="https://www.notifications.service.gov.uk/">contact us</a> to find out about using an email link instead.</p>
<h2 class="heading-medium">Information risk management</h2>
<p>Our approach to information risk management follows NCSC guidance. It assesses:</p>
<p class="govuk-body">Our approach to information risk management follows NCSC guidance. It assesses:</p>
<ul class="list list-bullet">
<li>how Notify is built</li>
<li>the infrastructure Notify is built upon</li>
<li>support for the Notify service</li>
</ul>
<p>This approach also applies to the service providers Notify uses to send messages.</p>
<p class="govuk-body">This approach also applies to the service providers Notify uses to send messages.</p>
<h2 class="heading-medium">How we manage risks on Notify</h2>
<p>Things we do to manage risks on Notify include:</p>
<p class="govuk-body">Things we do to manage risks on Notify include:</p>
<ul class="list list-bullet">
<li>formal risk assessments based on <a class="govuk-link govuk-link--no-visited-state" href="http://www.iso.org/iso/catalogue_detail?csnumber=56742">ISO 2700:2011</a> and National Cyber Security Centre guidance</li>
<li><a class="govuk-link govuk-link--no-visited-state" href="https://www.cesg.gov.uk/articles/check-fundamental-principles">CHECK</a>-based testing, both annually and when any major changes are made to Notify</li>
@@ -73,12 +73,12 @@
</ul>
<h2 class="heading-medium">Cabinet Office approval</h2>
<p>Notify has been assessed and approved by the Cabinet Office Senior Information Risk Officer (SIRO). The SIRO checks this approval once a year.</p>
<p>Notify also has approval from the Office of the Governments SIRO to host data within the EEA.</p>
<p class="govuk-body">Notify has been assessed and approved by the Cabinet Office Senior Information Risk Officer (SIRO). The SIRO checks this approval once a year.</p>
<p class="govuk-body">Notify also has approval from the Office of the Governments SIRO to host data within the EEA.</p>
<h2 class="heading-medium">Classifications and security vetting</h2>
<p>You can use Notify to send messages classified as OFFICIAL or OFFICIAL-SENSITIVE under the <a class="govuk-link govuk-link--no-visited-state" href="https://www.gov.uk/government/publications/government-security-classifications">Government Security Classifications</a> policy.</p>
<p>You must not use Notify to send <a class="govuk-link govuk-link--no-visited-state" href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/">special category data</a>, as defined in the General Data Protection Regulation (GDPR).</p>
<p>The Notify team has Security Check (SC) level clearance from <a class="govuk-link govuk-link--no-visited-state" href="https://www.gov.uk/guidance/security-vetting-and-clearance">United Kingdom Security Vetting</a> (UKSV).</p>
<p class="govuk-body">You can use Notify to send messages classified as OFFICIAL or OFFICIAL-SENSITIVE under the <a class="govuk-link govuk-link--no-visited-state" href="https://www.gov.uk/government/publications/government-security-classifications">Government Security Classifications</a> policy.</p>
<p class="govuk-body">You must not use Notify to send <a class="govuk-link govuk-link--no-visited-state" href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/">special category data</a>, as defined in the General Data Protection Regulation (GDPR).</p>
<p class="govuk-body">The Notify team has Security Check (SC) level clearance from <a class="govuk-link govuk-link--no-visited-state" href="https://www.gov.uk/guidance/security-vetting-and-clearance">United Kingdom Security Vetting</a> (UKSV).</p>
{% endblock %}