From b46a75cf994f8edce1aaa99ac178424be1fd78e7 Mon Sep 17 00:00:00 2001
From: karlchillmaid <karl.chillmaid@digital.cabinet-office.gov.uk>
Date: Fri, 14 Jan 2022 11:07:25 +0000
Subject: [PATCH] Add anchor IDs

---
 app/templates/views/security.html | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/templates/views/security.html b/app/templates/views/security.html
index 771fad40b..34c8fa28f 100644
--- a/app/templates/views/security.html
+++ b/app/templates/views/security.html
@@ -15,7 +15,7 @@
     <li>manage risks around information</li>
   </ul>
 
-  <h2 class="heading-medium">Data</h2>
+  <h2 class="heading-medium" id="data">Data</h2>
   <p class="govuk-body">On Notify, data is encrypted:</p>
   <ul class="list list-bullet">
     <li>when it passes through the service</li>
@@ -32,7 +32,7 @@
     <li>approach to data sharing</li>
   </ul>
 
-  <h2 class="heading-medium">Technical security</h2>
+  <h2 class="heading-medium" id="technical-security">Technical security</h2>
   <p class="govuk-body">Other technical security controls on Notify include:</p>
   <ul class="list list-bullet">
     <li>compliance with National Cyber Security Centre (NCSC) Cloud Security Principles</li>
@@ -44,7 +44,7 @@
   <p class="govuk-body">Some messages include sensitive information like security codes or password reset links.</p>
   <p class="govuk-body">If you’re sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.</p>
 
-  <h2 class="heading-medium">User permissions and signing in</h2>
+  <h2 class="heading-medium" id="user-permissions-signing-in">User permissions and signing in</h2>
   <p class="govuk-body">You can set different user permissions in Notify. This lets you control who in your team has access to certain parts of the service.</p>
   <h3 class="heading-small">Two-factor authentication</h3>
   <p class="govuk-body">To sign in to Notify, you’ll need to enter:</p>
@@ -54,7 +54,7 @@
   </ul>
   <p class="govuk-body">If signing in with a text message is a problem for your team, <a class="govuk-link govuk-link--no-visited-state" href="https://www.notifications.service.gov.uk/">contact us</a> to find out about using an email link instead.</p>
 
-  <h2 class="heading-medium">Information risk management</h2>
+  <h2 class="heading-medium" id="information-risk-management">Information risk management</h2>
   <p class="govuk-body">Our approach to information risk management follows NCSC guidance. It assesses:</p>
   <ul class="list list-bullet">
     <li>how Notify is built</li>
@@ -63,7 +63,7 @@
   </ul>
   <p class="govuk-body">This approach also applies to the service providers Notify uses to send messages.</p>
 
-  <h2 class="heading-medium">How we manage risks on Notify</h2>
+  <h2 class="heading-medium" id="how-we-manage-risk">How we manage risks on Notify</h2>
   <p class="govuk-body">Things we do to manage risks on Notify include:</p>
   <ul class="list list-bullet">
     <li>formal risk assessments based on <a class="govuk-link govuk-link--no-visited-state" href="http://www.iso.org/iso/catalogue_detail?csnumber=56742">ISO 27005:2011</a> and National Cyber Security Centre guidance</li>
@@ -73,11 +73,11 @@
     <li>security impact assessments</li>
   </ul>
 
-  <h2 class="heading-medium">Cabinet Office approval</h2>
+  <h2 class="heading-medium" id="cabinet-office-approval">Cabinet Office approval</h2>
   <p class="govuk-body">Notify has been assessed and approved by the Cabinet Office Senior Information Risk Officer (SIRO). The SIRO checks this approval once a year.</p>
   <p class="govuk-body">Notify also has approval from the Office of the Government’s SIRO to host data within the EEA.</p>
 
-  <h2 class="heading-medium">Classifications and security vetting</h2>
+  <h2 class="heading-medium" id="classifications-and-security-vetting">Classifications and security vetting</h2>
   <p class="govuk-body">You can use Notify to send messages classified as ‘OFFICIAL’ or ‘OFFICIAL-SENSITIVE’ under the <a class="govuk-link govuk-link--no-visited-state" href="https://www.gov.uk/government/publications/government-security-classifications">Government Security Classifications</a> policy.</p>
   <p class="govuk-body">Notify does not process data classified as ‘SECRET’ or ‘TOP SECRET’.</p>
   <p class="govuk-body">The Notify team has Security Check (SC) level clearance from <a class="govuk-link govuk-link--no-visited-state" href="https://www.gov.uk/government/organisations/united-kingdom-security-vetting">United Kingdom Security Vetting</a> (UKSV).</p>