darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-04-23 10:40:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #993 from alphagov/add-information-security

Browse Source 
Add design patterns, content guidance and information security guidelines
This commit is contained in:
Chris Hill-Scott
2016-10-19 13:30:48 +01:00
committed by GitHub
parent f33964f6da 61328e21fc
commit b2d159d90c
3 changed files with 339 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/main/views/index.py
View File

@@ -35,16 +35,26 @@ def pricing():
return render_template('views/pricing.html')
@main.route('/terms')
def terms():
return render_template('views/terms-of-use.html')
@main.route('/delivery-and-failure')
def delivery_and_failure():
return render_template('views/delivery-and-failure.html')
@main.route('/design-patterns-content-guidance')
def design_content():
return render_template('views/design-patterns-content-guidance.html')
@main.route('/information-security')
def information_security():
return render_template('views/information-security.html')
@main.route('/terms')
def terms():
return render_template('views/terms-of-use.html')
@main.route('/_email')
def email_template():
return HTMLEmail(

145
app/templates/views/design-patterns-content-guidance.html Normal file
View File

@@ -0,0 +1,145 @@
{% from "components/banner.html" import banner_wrapper %}
{% extends "withoutnav_template.html" %}
{% block page_title %}
Design patterns and content guidance GOV.UK Notify
{% endblock %}
{% block maincolumn_content %}
<div class="grid-row">
<div class="column-two-thirds">
<h1 class="heading-large">
Design patterns and content guidance
</h1>
{% call banner_wrapper(type='warning') %}
<h2 class="heading-medium">This content is a work in progress</h2>
<p>It should not be relied upon</p>
{% endcall %}
<section id="contents">
<h2 class="heading-medium" id="contents">Contents</h2>
<ul class="list list-bullet">
<li><a href="#when-to-send-notifications">When to send notifications</a></li>
<li><a href="#design-patterns">Design patterns</a></li>
<li><a href="#content-guidance">Content guidance</a></li>
</ul>
</section>
<section id="contents">
<h2 class="heading-medium" id="when-to-send-notifications">When to send notifications</h2>
<h3 class="heading-small" id="send-notifications-to-reduce-anxiety">Send notifications to reduce anxiety</h3>
<p>Talk to your call centre staff to find out why people call this is probably why they are anxious. For example:</p>
<ul class="list list-bullet">
<li>I made a claim online did it go through?</li>
<li>I sent you an application did you receive it?</li>
<li>I sent you some supporting documents did you receive them?</li>
<li>Did you approve my application?</li>
<li>Have you sent my new passport yet?</li>
<li>Has my application got lost or stuck somewhere?</li>
</ul>
<h3 class="heading-small" id="tell-users-if-they-need-to-do-something">Tell users if they need to do something</h3>
<p>If someone needs to do something, tell them. For example:</p>
<p>Your MOT expires on 28 September get an MOT</p>
<p>The deadline for tax returns is 31 January complete your self assessment tax return</p>
<p>Your passport photo didn&#8217;t meet our standards take a new photo</p>
<h3 class="heading-small" id="security-checks">Security checks</h3>
<p>When someone does something important, send a security check to the people who might be affected. For example:</p>
<ul class="list list-bullet">
<li>We registered a Lasting Power of Attorney in your name</li>
<li>You no longer own the freehold for 1 Candle Street, Mile End, London</li>
<li>Sainsburys Ltd applied for planning permission for 3 Candle Street, Mile End, London</li>
</ul>
<h3 class="heading-small" id="2-factor-code">2-factor code</h3>
<p>When someone wants to sign in, send a 2-factor authentication code to the number you have on file. For example: Your GOV.UK verification code is 123 456</p>
</section>
<section id="design-patterns">
<h2 class="heading-medium">Design patterns</h2>
<h3 class="heading-small" id="collecting-contact-preferences">Collecting contact preferences</h3>
<p>Use radio buttons to ask the user how they&#8217;d like to be contacted:</p>
<ul class="list list-bullet">
<li>by post</li>
<li>be email</li>
<li>by text message</li>
<li>by phone call</li>
</ul>
<p>When the user selects a contact method, dynamically prompt them for contact details (if you don&#8217;t already have them)</p>
<p>Ask the user to pick <strong>one</strong> primary contact method. Users dont like duplicate notifications.</p>
<p>You can still contact them by other contact methods if appropriate.</p>
<p>Collect these using the patterns in the <a href="https://www.gov.uk/service-manual/user-centred-design/resources/patterns/index.html">Government Service Manual</a> and the <a href="https://designpatterns.hackpad.com">Hackpad</a>.</p>
<h3 class="heading-small" id="telltheusertheyregoingtoreceivenotifications">Tell the user they&#8217;re going to receive notifications</h3>
<p>Tell the user that you will send them notifications. For example: </p>
<blockquote>
<p>We will email you about this petition, and nothing else. You can unsubscribe at any time</p>
</blockquote>
</section>
<section id="content-guidance">
<h2 class="heading-medium">Content guidance</h2>
<h3 class="heading-small" id="include-one-important-message">Include one important message</h3>
<p>Don&#8217;t explain the whole process just tell the user what will happen next.</p>
<ul class="list list-bullet">
<li>If the user needs to do something, tell them what they have to do. Include a link if possible  see our <a href="">Information security guidelines</a></li>
<li>When will the next thing happen? If the next step is important, tell them when it will happen. For example, we&#8217;ll make a decision by 28th October.</li>
<li>How long until they are done? If the next step isn&#8217;t important, just tell them when they&#8217;ll be completely finished. For example, you&#8217;ll get your new passport by 2nd November.</li>
</ul>
<p>Dont send a message for steps that arent important to the user. For example, you dont need to tell the user about background checks unless they fail one of the checks.</p>
<h3 class="heading-small" id="writing-for-notifications">Writing for notifications</h3>
<ul class="list list-bullet">
<li><strong>Write tailored content. You&#8217;re writing to just one person so tell them exactly what they need to know</strong></li>
<li>Write as if youre speaking use personal language (you, we etc)</li>
<li>Tell the user when youll do something (by Tuesday, by 28th October) not how long youll take (within 3 working days, within 6 weeks)</li>
<li>Follow <a href="https://www.gov.uk/topic/government-digital-guidance/content-publishing">GOV.UK content guidance</a></li>
</ul>
<h3 class="heading-small" id="writing-for-sms">Writing for SMS</h3>
<ul class="list list-bullet">
<li>Get the most important message in the first sentence</li>
<li>Write one idea per sentence</li>
<li>Make it as short as possible but dont use jargon or acronyms without explanation</li>
<li>Don&#8217;t say Dear or Hi just launch straight in</li>
</ul>
<h3 class="heading-small" id="writing-for-emails-and-letters">Writing for emails and letters</h3>
<p>Say Dear, not Hi some people prefer Hi and some prefer Dear, but only the people who prefer Dear care enough to complain when we say Hi</p>
</div>
</div>
{% endblock %}

179
app/templates/views/information-security.html Normal file
View File

@@ -0,0 +1,179 @@
{% from "components/banner.html" import banner_wrapper %}
{% extends "withoutnav_template.html" %}
{% block page_title %}
Information security guidelines GOV.UK Notify
{% endblock %}
{% block maincolumn_content %}
<div class="grid-row">
<div class="column-two-thirds">
<h1 class="heading-large">
Information security for text messages, emails and letters
</h1>
{% call banner_wrapper(type='warning') %}
<h2 class="heading-medium">This content is a work in progress</h2>
<p>It should not be relied upon</p>
{% endcall %}
<p>A more pragmatic approach to information security</p>
<p class="lede">In the past, government has taken a risk-averse approach to information security. This resulted in services that were unhelpful and hard to use.</p>
<p class="lede">Were switching to a more pragmatic approach to information security one that balances a users needs to be kept informed and kept safe.</p>
<p>In the past, for example, our blanket no-links policy meant we were telling people to “search the UK government and click the first result” rather than just telling them to “visit <a href="https://www.gov.uk">www.gov.uk</a>”. Other services had a blanket policy of not sending any information at all, resulting in obtuse messages like “You have a message in your online account. Sign in to see the message.” (no sign-in link included).</p>
<section id="contents">
<h2 class="heading-medium">Contents</h2>
<ul class="list list-bullet">
<li><a href="#start-with-needs">Start with needs user needs, not government needs</a></li>
<li><a href="#understand-the-risks">Understand the risks</a></li>
<li><a href="#information-security-guidelines">Information security guidelines</a></li>
<li><a href="#you-can-do-more">You can do more if you want to</a></li>
</ul>
</section>
<section id="start-with-needs">
<h2 class="heading-medium">Start with needs user needs, not government needs</h2>
<p>Start by writing the message you want to send. Dont worry about the information security aspect just yet write the message you want to convey as clearly and directly as possible.</p>
<p>We have <a href="">design patterns</a> and <a href="">content guidance</a> to help you write clearly and convey the right information at the right time.</p>
<p>Once you have a message which meets user needs, look at it in relation to the risks below. Use this framework to decide if you need to change the message in order to keep the users safe.</p>
</section>
<section id="understand-the-risks">
<h2 class="heading-medium">Understand the risks</h2>
<p>There are 3 main risks involved in sending notifications by text message, email or letter:</p>
<ul class="list list-bullet">
<li>Someone accidentally sees the notification</li>
<li>An attacker intercepts a message, or gains access to someones email inbox, phone messages or paper files</li>
<li>An attacker tricks the user by sending a fake notification (phishing)</li>
</ul>
<h3 class="heading-small" id="risk-privacy">Someone accidentally sees the notification</h3>
<p>For some messages, the recipient would be unhappy if someone else accidentally saw the contents for example, the results of a recent medical test.</p>
<p>This is a privacy issue in this case the unintended recipient isnt trying to steal money or identity information.</p>
<p>To address this risk, dont reveal the important information in the subject line or opening sentence, or ask the user to sign in to see the information in full. More about this below.</p>
<h3 class="heading-small" id="risk-fraud">An attacker intercepts a message, or gains access to someones email inbox, phone messages or paper files</h3>
<p>Its possible for hackers to intercept messages. Text messages, emails and letters can all be intercepted.</p>
<p>Its also possible for a criminal to gain access to someones entire email inbox, phone messages or paper files. Email accounts can be hacked, phones and paper files can be stolen, left lying around or picked out of the rubbish.</p>
<p>In both cases, criminals are looking for information they can use to commit fraud. To address this risk, dont send payment details, ID numbers or any other information that can be used for fraud. More about this below.</p>
<h3 class="heading-small" id="risk-phishing">An attacker tricks the user by sending a fake notification (phishing)</h3>
<p>In this scenario, a hacker sends lots of messages pretending to be from an official government service, hoping to trick someone into revealing information of value.</p>
<p>This is known as a phishing attack.</p>
<p>To address this risk, dont send <strong>requests</strong> for personal information <strong>of any kind</strong>, unless the request is <strong>directly connected with a transaction</strong>. More about this below.</p>
</section>
<section id="information-security-guidelines">
<h2 class="heading-medium">Information security guidelines</h2>
<h3 class="heading-small" id="guideline-privacy">Protect the users privacy</h3>
<p>If you think the recipient might be upset if someone accidentally saw the message contents, either:</p>
<ul class="list list-bullet">
<li>use a fairly generic subject line and opening sentence, and only give the information in full within the body of the message, or</li>
<li>send a fairly generic message which asks the person to sign in to see the information in full</li>
</ul>
<p>Remember that even the sender ID also reveals information. For example, dont set your sender name as STI clinic.</p>
<h3 class="heading-small" id="guideline-fraud">Dont send information that can be used for fraud</h3>
<p>To reduce the risk if messages are intercepted, hacked or stolen, dont send information that can be used for fraud either now or in the future:</p>
<ul class="list list-bullet">
<li>payment details</li>
<li>passport, driving licence, or National Insurance numbers, or any other personal ID numbers</li>
<li>the persons date of birth, mothers maiden name or other information commonly used for identification</li>
<li>the persons full address or previous addresses</li>
<li>passwords (cmon team)</li>
<li>payment amounts if you use them as a form of identification</li>
</ul>
<p>Payment details can be used for fraud straight away. Other information requires a bit more work. For example, an attacker might use one piece of information to get hold of another, eventually gaining enough information to commit fraud. Or a criminal might use information from several old messages to steal someones identity.</p>
<h3 class="heading-small" id="guideline-phishing">Dont send requests for personal information of any kind, unless the request is directly connected with a transaction</h3>
<p>To reduce the risk from phishing attacks, dont send <strong>requests</strong> for personal information <strong>of any kind</strong>, unless the request is <strong>directly connected with a transaction</strong>.</p>
<p>Its OK to send a request for personal information if its directly connected with a transaction. Here are two examples of where it would be OK:</p>
<ul class="list list-bullet">
<li>Someone clicks a Forgot your password? link its OK to send them a link where they can reset their password</li>
<li>Someones MOT is about to expire y</li>
</ul>
<h3 class="heading-small" id="guideline-links">Its OK to include links but you need to follow these rules</h3>
<p>The same 2 rules above apply to links, too:</p>
<ul class="list list-bullet">
<li>Dont send links that reveal information that can be used for fraud</li>
<li>Dont send unsolicited messages that include a link requesting personal information of any kind (its OK to send a message with a link requesting information if the user has just requested it)</li>
</ul>
<p>There are additional rules that apply specifically to links:</p>
<ul class="list list-bullet">
<li>Links must point to a .gov.uk domain for example, <a href="https://www.gov.uk">https://www.gov.uk</a> or <a href="https://www.armslengthbody.gov.uk">https://www.armslengthbody.gov.uk</a></li>
<li>Links must show the URL in full for example <a href="https://www.gov.uk/vehicle-tax">https://www.gov.uk/vehicle-tax</a>, not <a href="https://www.gov.uk/vehicle-tax">Vehicle tax</a></li>
<li>Dont use redirects or tracking links disguising the URL makes phishing easier. Just show the URL in full</li>
<li>Dont link directly to a sign-in page this is a request for personal data. If the user needs to sign in to your service, link to your start page on GOV.UK</li>
<li>Its OK to deep-link into your service, as long as the user doesnt have to sign in to view the information or take action</li>
</ul>
<h3 class="heading-small" id="guideline-attachments">Dont send attachments</h3>
<p>If you want to communicate something, write it in the body of the email. This is more user-friendly. If the information is too sensitive to include in the email body, its too sensitive to include in an attachment.</p>
<p>If you need to send someone a file, make the file available within your service, then link to it. </p>
<p>Criminals often use attachments to conceal viruses, spyware and other kinds of malware. We want people to be cautious about opening attachments.</p>
<h3 class="heading-small" id="guideline-name">Include the users name it makes phishing more difficult</h3>
<p>Start your message by addressing the user. For example, Hi Alice Smith or Dear Bob Jones. Including this extra piece of information makes phishing more difficult.</p>
<h3 class="heading-small" id="guideline-technical">Use technical approaches to improve privacy and prevent phishing</h3>
<p>There are several technical approaches to preventing phishing <a href="https://www.gov.uk/guidance/common-technology-services-cts-secure-email-blueprint">SPF/DKIM, DMARC</a> and <a href="https://en.m.wikipedia.org/wiki/Transport_Layer_Security">TLS</a>. You must use them.</p>
<p>SPF/DKIM and DMARC make sure your emails get delivered, whilst phishing and spam email gets filtered into junk mail.</p>
<p>TLS makes sure that no-one can intercept your emails.</p>
</section>
<section id="you-can-do-more">
<h2 class="heading-medium">You can do more if you want to</h2>
<p>These guidelines are the minimum requirement. If you want to take more stringent measures for your service, thats fine.</p>
<p>Just make sure youre balancing your users needs to be kept informed and kept safe.</p>
</section>
</div>
</div>
{% endblock %}