From 40224641cfa60415b4da45227c295de825d18cfb Mon Sep 17 00:00:00 2001 From: Ryan Wold Date: Mon, 1 Jul 2024 12:55:12 -0700 Subject: [PATCH 01/16] update snyk --- package-lock.json | 14 +++++++------- package.json | 6 ++---- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6c18c87..2feafdb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,7 +7,7 @@ "name": "uswds-sandbox", "license": "CC0-1.0", "dependencies": { - "snyk": "^1.1291.0", + "snyk": "^1.1292.1", "uswds": "^2.14.0" }, "devDependencies": { @@ -5449,9 +5449,9 @@ } }, "node_modules/snyk": { - "version": "1.1291.0", - "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.1291.0.tgz", - "integrity": "sha512-CNm2VGBLMACNfmPcM1ByF9tpGlJUL7AlPFpwqqVKlLNnFIQk6o7EjmYJtQZzV6xbBy3+h2jWVh/OwfhFV/BeFg==", + "version": "1.1292.1", + "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.1292.1.tgz", + "integrity": "sha512-wRJ6twqbr2KGf0Y8EmnuOKDawNbzNSGebEvmXVRIz0MZgvZhiK9FZQHiwfWr/XTXSx7mAp3zrsKcLsOGFkg6fQ==", "hasInstallScript": true, "dependencies": { "@sentry/node": "^7.36.0", @@ -10610,9 +10610,9 @@ } }, "snyk": { - "version": "1.1291.0", - "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.1291.0.tgz", - "integrity": "sha512-CNm2VGBLMACNfmPcM1ByF9tpGlJUL7AlPFpwqqVKlLNnFIQk6o7EjmYJtQZzV6xbBy3+h2jWVh/OwfhFV/BeFg==", + "version": "1.1292.1", + "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.1292.1.tgz", + "integrity": "sha512-wRJ6twqbr2KGf0Y8EmnuOKDawNbzNSGebEvmXVRIz0MZgvZhiK9FZQHiwfWr/XTXSx7mAp3zrsKcLsOGFkg6fQ==", "requires": { "@sentry/node": "^7.36.0", "global-agent": "^3.0.0" diff --git a/package.json b/package.json index 33f7bab..fd19eaf 100644 --- a/package.json +++ b/package.json @@ -15,12 +15,10 @@ "uswds-copy-js": "gulp copyJS", "uswds-copy-theme": "gulp copyTheme", "uswds-update": "npm update uswds", - "watch": "gulp watch", - "snyk-protect": "snyk protect", - "prepare": "npm run snyk-protect" + "watch": "gulp watch" }, "dependencies": { - "snyk": "^1.1291.0", + "snyk": "^1.1292.1", "uswds": "^2.14.0" }, "snyk": true, From 507176119519002c08ebc3fa8b55e68462bf596e Mon Sep 17 00:00:00 2001 From: MaroyaF <161525037+MaroyaF@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:28:14 -0600 Subject: [PATCH 02/16] Update terms.md Signed-off-by: MaroyaF <161525037+MaroyaF@users.noreply.github.com> --- terms.md | 180 ++++++++++--------------------------------------------- 1 file changed, 33 insertions(+), 147 deletions(-) diff --git a/terms.md b/terms.md index c11041c..188739b 100644 --- a/terms.md +++ b/terms.md @@ -65,28 +65,19 @@ permalink: /terms/ ADMINISTERED BY THE U.S. GENERAL SERVICES ADMINISTRATION

- Version 1.0, updated: 03/11/2022 + Version 1.1, updated: 08/12/2024

- 1.0 SERVICE SUMMARY + 1.1 SERVICE SUMMARY

- “Touchpoints” is an open-source software application created and maintained by the U.S. - General Services Administration (GSA) provided to agencies at no-cost for the terms of service - outlined in this document. Touchpoints enables government agencies to solicit and process - user feedback to support the continuous improvement of public systems, services, processes, - and policies. + “Touchpoints” is an open-source software application created and maintained by the U.S. General Services Administration (GSA) provided to agencies at no-cost for the terms of service outlined in this document. Touchpoints enables government agencies to solicit and process user feedback to support the continuous improvement of public systems, services, processes, and policies.

- The following terms of service (“Terms”) governing GSA’s Touchpoints website and services, - including the content, documentation, code, and related materials are offered subject to your - acceptance of the Terms, as well as any relevant sections of the Touchpoints Site Policies - (collectively, the “Agreement”). Access to or use of Touchpoints services or its content - constitutes acceptance to this Agreement. + The following terms of service (“Terms”) governing GSA’s Touchpoints website and services, including the content, documentation, code, and related materials are offered subject to your acceptance of the Terms, as well as any relevant sections of the Touchpoints Site Policies (collectively, the “Agreement”). Access to or use of Touchpoints services or its content constitutes acceptance to this Agreement.

- Initially, Touchpoints is for use by High Impact Service Providers and other agencies beginning - to collect customer feedback in line with OMB Circular A-11 Section 280. + Initially, Touchpoints is for use by High Impact Service Providers and other agencies beginning to collect customer feedback in line with OMB A-11 Circular, Section 280

2.0 DATA COLLECTION, USE, AND SECURITY @@ -94,71 +85,21 @@ permalink: /terms/

2.1 REPORTING AND DATA MANAGEMENT

- + * Touchpoint Submissions are stored in a database table. + * Submissions data is available in real-time and can be viewed in Touchpoints, exported to .CSV, or accessed via a .json [API](https://github.com/GSA/touchpoints/wiki/API), for review and analysis. + * Instructions on [submitting a quarterly OMB CX Data collection](https://github.com/GSA/touchpoints/wiki/Data-Collections) and information on the [data collection rating](https://github.com/GSA/touchpoints/wiki/Data-Collection-Rating) can be found on Touchpoints Wiki.

2.2 SECURITY

- + * Touchpoints is covered by a Federal Information Processing Standards (FIPS) 199 Moderate ATO. Details can be found in the Touchpoints System Security Plan (SSP) document. Agencies may request a copy of the SSP by contacting the Touchpoints team at feedback-analytics@gsa.gov. + * Data is encrypted via HTTPS while in transit. + * Data is encrypted in cloud.gov’s database at rest through the Amazon Relational Database Service (RDS). + * Users are logged out of the Touchpoints application after 30 minutes of inactivity + * Touchpoints uses multiple security methods to protect this U.S. government service and agency data to ensure the service remains available to all users. These methods include monitoring and recording network traffic (any data going in and out of Touchpoints) to identify unauthorized attempts to change information or otherwise cause damage. + * Unauthorized access or use of Touchpoints (e.g. use for criminal purposes or to cause damage) is against the law, and may subject individuals to criminal prosecution and penalties. +

2.3 DATA PRIVACY AND MANAGEMENT @@ -192,11 +133,8 @@ permalink: /terms/
  • Touchpoints provides the ability for agency Service Managers to “flag” survey - submissions in the event they contain spam, irrelevant, or abusive content. Flagged - responses will be omitted from the online Submissions table viewable in Touchpoints, - and excluded from downloadable CSV reports. Records of these submissions may be - retained by GSA in audit logs for security compliance and applicable data retention - policies. + submissions in the event they contain spam, irrelevant, or abusive content. Records of these submissions may be retained by GSA in audit logs for security compliance and applicable data retention policies. +
  • GSA will retain survey instrument and submission data as advised in the following record @@ -304,68 +242,19 @@ permalink: /terms/ Set-up

    -
      -
    • - Each HISP is entitled to up to 3 A-11 form survey collections through Touchpoints in - FY19 and FY20, with an unlimited amount of responses. -
      • -
    • - At this time, Touchpoints generates a survey URL for distribution to customers (e.g, via - an agency’s email servers or social media accounts), on a kiosk (via agency-owned - hardware such as tablets, phones, or computers available at service centers) or - embedded in a website online. In the future, Touchpoints will explore methods for - receiving submission via other feedback channels or accepting feedback from manually - administered surveys. -
      • -
    • - A-11 surveys administered in Touchpoints are limited to: -
        -
      • - No more than 12 survey questions in total per survey: seven (7) A-11 questions + - two (2) free response + approximately (3) custom questions -
          -
        • - "Custom Questions" must be limited to questions that would be - considered a non-substantive, non-sensitive question related to - operational information that helps to put the customer feedback into a - useable context for the agency. This could include asking which service - center location was visited, or which service or inquiry type the - interaction was related to. The Feedback Analytics team reserves the - right to deem whether a question is appropriate under the PRA clearance - that GSA operates for this tool. -
          • -
        -
        • -
      • - Seven (7) question language can be altered for relevancy to point of - interaction/channel (e.g., questions on employee interaction can be removed for - interactions that are self-service / web-based touchpoints) -
        • -
      -
      • -
    • - Agency customers will be required to provide the Feedback Analytics team with - information needed in order to develop PRA supporting statements. The Feedback - Analytics team will provide this form, review agency completed information, and submit - for PRA clearance via the GSA A-11 generic government-wide clearance. -
      • -
    • - Agencies will be provided with the final PRA supporting statements for their records, but - are not required to submit these documents. GSA will assume the burden hours and - manage all ICR approvals, updates, and renewals for the A-11 form in Touchpoints. The - Feedback Analytics team will insert the OMB control number into the survey - instrument. -
      • -
    • - Agencies will need to notify the Feedback Analytics team if they wish to make any - changes to the information collection. This would include any change to the instrument - itself (e.g., question wording), or the delivery mechanism (e.g., potential sample) that - would result in changes to the clearance of the information collection. -
      • -
    • - The GSA RegSec team will review internal GSA PRA within five (5) business days. -
      • -
    + * Touchpoints generates a public survey URL that customers can access (e.g, via an agency’s email servers or social media accounts), on a kiosk (via agency-owned hardware such as tablets, phones, or computers available at service centers) or embedded in a website online. + * In 2023, the A-11 survey was updated as a simplified, more user-friendly revision to the original A-11 survey. The second version of the A-11 survey presents 3 questions to the user; + 1. A thumps up/down button with the statement that states "Based on my experience [interacting with HISP Service], I trust [HISP] to deliver on their mission for the American public + 2. A multiple choice question that asks “ What about this interaction made the difference”. + 3. Open-ended question with the statement below that states “Anything else you want us to know about your experience?” + * A-11 surveys administered in Touchpoints are limited to + - No more than 20 survey questions in total per survey. + - "Custom Questions" must be limited to questions that would be considered a non-substantive, non-sensitive question related to operational information that helps to put the customer feedback into a useable context for the agency. This could include asking which service center location was visited, or which service or inquiry type the interaction was related to. The Feedback Analytics team reserves the right to deem whether a question is appropriate under the PRA clearance that GSA operates for this tool. + - Agencies should use the statement provided for the required three (3) questions and make only minor edits. Any requested modifications to the wording of these statements must first be discussed with OMB prior to implementation in order to maintain reporting comparability government-wide. Agency customers will be required to provide the Feedback Analytics team with information needed in order to develop PRA supporting statements. The Feedback Analytics team will provide this form, review agency completed information, and submit for PRA clearance via the GSA A-11 generic government-wide clearance. + * Agencies will be provided with the final PRA supporting statements for their records, but are not required to submit these documents. GSA will assume the burden hours and manage all ICR approvals, updates, and renewals for the A-11 form in Touchpoints. The Feedback Analytics team will insert the OMB control number into the survey instrument. + * Agencies will need to notify the Feedback Analytics team if they wish to make any changes to the information collection. This would include any change to the instrument itself (e.g., question wording), or the delivery mechanism (e.g., potential sample) that would result in changes to the clearance of the information collection. + * The GSA RegSec team will review internal GSA PRA within five (5) business days. +

    4.0 SERVICE PURPOSE AND POTENTIAL USERS @@ -381,16 +270,13 @@ permalink: /terms/
    • - Overall: (1) Satisfaction, (2) Confidence/Trust -
      • -
    • - Service: (3) Quality + Service Quality (1) Service Effectiveness/Perception of Value
    • - Process: (4) Ease/Simplicity, (5) Efficiency/Speed, (6) Equity/Transparency + Process: (2) Ease/Simplicity, (3) Efficiency/Speed, (4) Equity/Transparency
    • - People: (7) Employee Helpfulness + People: (5) Employee Interaction/ Warmth/ Helpfulness/ Competence
    From e76d0d52f8919df8f717e2a8836dfeac138c5fb9 Mon Sep 17 00:00:00 2001 From: MaroyaF <161525037+MaroyaF@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:44:50 -0600 Subject: [PATCH 03/16] fix links Signed-off-by: MaroyaF <161525037+MaroyaF@users.noreply.github.com> --- terms.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/terms.md b/terms.md index 188739b..110681d 100644 --- a/terms.md +++ b/terms.md @@ -85,9 +85,10 @@ permalink: /terms/

    2.1 REPORTING AND DATA MANAGEMENT

    - * Touchpoint Submissions are stored in a database table. - * Submissions data is available in real-time and can be viewed in Touchpoints, exported to .CSV, or accessed via a .json [API](https://github.com/GSA/touchpoints/wiki/API), for review and analysis. - * Instructions on [submitting a quarterly OMB CX Data collection](https://github.com/GSA/touchpoints/wiki/Data-Collections) and information on the [data collection rating](https://github.com/GSA/touchpoints/wiki/Data-Collection-Rating) can be found on Touchpoints Wiki. + + * Touchpoint Submissions are stored in a database table. + * Submissions data is available in real-time and can be viewed in Touchpoints, exported to .CSV, or accessed via a .json API, for review and analysis. + * Instructions on submitting a quarterly OMB CX Data collection and information on the data collection rating can be found on Touchpoints Wiki.

    2.2 SECURITY From 707a6c5dadbf799cacbe6d27fafc1818611b8096 Mon Sep 17 00:00:00 2001 From: MaroyaF <161525037+MaroyaF@users.noreply.github.com> Date: Tue, 13 Aug 2024 07:14:06 -0600 Subject: [PATCH 04/16] Update terms.md Signed-off-by: MaroyaF <161525037+MaroyaF@users.noreply.github.com> --- terms.md | 162 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 91 insertions(+), 71 deletions(-) diff --git a/terms.md b/terms.md index 110681d..061cfd0 100644 --- a/terms.md +++ b/terms.md @@ -85,23 +85,40 @@ permalink: /terms/

    2.1 REPORTING AND DATA MANAGEMENT

    - - * Touchpoint Submissions are stored in a database table. - * Submissions data is available in real-time and can be viewed in Touchpoints, exported to .CSV, or accessed via a .json API, for review and analysis. - * Instructions on submitting a quarterly OMB CX Data collection and information on the data collection rating can be found on Touchpoints Wiki. - +
      +
    • + Touchpoint Submissions are stored in a database table. +
      • +
    • + Submissions data is available in real-time and can be viewed in Touchpoints, exported to .CSV, or accessed via a .json API, for review and analysis. +
      • +
    • + Instructions on submitting a quarterly OMB CX Data collection and information on the data collection rating can be found on Touchpoint's Wiki. +
      • +

    2.2 SECURITY

    - - * Touchpoints is covered by a Federal Information Processing Standards (FIPS) 199 Moderate ATO. Details can be found in the Touchpoints System Security Plan (SSP) document. Agencies may request a copy of the SSP by contacting the Touchpoints team at feedback-analytics@gsa.gov. - * Data is encrypted via HTTPS while in transit. - * Data is encrypted in cloud.gov’s database at rest through the Amazon Relational Database Service (RDS). - * Users are logged out of the Touchpoints application after 30 minutes of inactivity - * Touchpoints uses multiple security methods to protect this U.S. government service and agency data to ensure the service remains available to all users. These methods include monitoring and recording network traffic (any data going in and out of Touchpoints) to identify unauthorized attempts to change information or otherwise cause damage. - * Unauthorized access or use of Touchpoints (e.g. use for criminal purposes or to cause damage) is against the law, and may subject individuals to criminal prosecution and penalties. - - +
      +
    • + Touchpoints is covered by a Federal Information Processing Standards (FIPS) 199 Moderate ATO. Details can be found in the Touchpoints System Security Plan (SSP) document. Agencies may request a copy of the SSP by contacting the Touchpoints team at feedback-analytics@gsa.gov. +
      • +
    • + Data is encrypted via HTTPS while in transit. +
      • +
    • + Data is encrypted in cloud.gov’s database at rest through the Amazon Relational Database Service (RDS). +
      • +
    • + Users are logged out of the Touchpoints application after 30 minutes of inactivity +
      • +
    • + Touchpoints uses multiple security methods to protect this U.S. government service and agency data to ensure the service remains available to all users. These methods include monitoring and recording network traffic (any data going in and out of Touchpoints) to identify unauthorized attempts to change information or otherwise cause damage. +
      • +
    • + Unauthorized access or use of Touchpoints (e.g. use for criminal purposes or to cause damage) is against the law, and may subject individuals to criminal prosecution and penalties. +
      • +

    2.3 DATA PRIVACY AND MANAGEMENT

    @@ -133,15 +150,13 @@ permalink: /terms/ to the minimum number of individuals required to manage the Touchpoints service.
  • - Touchpoints provides the ability for agency Service Managers to “flag” survey - submissions in the event they contain spam, irrelevant, or abusive content. Records of these submissions may be retained by GSA in audit logs for security compliance and applicable data retention policies. - + Touchpoints provides the ability for agency Form Managers to “flag” survey + submissions in the event they contain spam, irrelevant, or abusive content. Records of these submissions may be retained by GSA in audit logs for security compliance and applicable data retention policies.
  • GSA will retain survey instrument and submission data as advised in the following record schedules:
    • -
    • 352.2 – Information Hosting Records @@ -209,11 +224,9 @@ permalink: /terms/ other sensitive information was inadvertently included in the dataset collected by GSA.
    -

    3.0 USE OF TOUCHPOINTS

    -

    Onboarding

    @@ -238,25 +251,53 @@ permalink: /terms/ point, and will coordinate PRA approval of A-11 survey questions on behalf of agency.
    • -

    Set-up

    - - * Touchpoints generates a public survey URL that customers can access (e.g, via an agency’s email servers or social media accounts), on a kiosk (via agency-owned hardware such as tablets, phones, or computers available at service centers) or embedded in a website online. - * In 2023, the A-11 survey was updated as a simplified, more user-friendly revision to the original A-11 survey. The second version of the A-11 survey presents 3 questions to the user; +

    4.0 SERVICE PURPOSE AND POTENTIAL USERS

    @@ -267,8 +308,7 @@ permalink: /terms/

    Section 280.7 establishes seven domains for measuring customer experience. -

    - +

    - +

    - High Impact Service Providers listed at https://www.performance.gov/cx/HISPList.pdf are - required to ask questions in these domains of their customers. However, all agencies are - encouraged to conduct their customer experience measurement in line with these standard - measures. + High Impact Service Providers listed at https://www.performance.gov/cx/hisps/ are + required to ask questions to assess customer experience in regards to their respective services. All agencies are + encouraged to meausre their customer experience in line with these standards.

    In order to increase adoption of these measures and establish efficiency and cost savings in @@ -346,8 +384,7 @@ permalink: /terms/ released as part of A-11, Section 280 requirements only on performance.gov. Additional release of data must be done coordinated with OMB. - - +

    These collections will allow for ongoing, collaborative and actionable communications between the Agency, its customers and stakeholders, and OMB as it monitors agency compliance on @@ -355,8 +392,7 @@ permalink: /terms/ management. These responses will inform efforts to improve or maintain the quality of service offered to the public. If this information is not collected, vital feedback from customers and stakeholders on services will be unavailable. -

    - +

    5.0 SERVICE BENEFIT

    @@ -391,11 +427,9 @@ permalink: /terms/ to adapt/modify A-11 survey for compliance and in a manner that is actionable
  • - Reduction in reporting burden for HISP agency staff: Feedback Analytics team will clean - and provide data to both agency and OMB as outlined by A-11 Section 280 + Reduction in reporting burden for HISP agency staff: Feedback Analytics team supports OMB staff with quartlery CX data reporting outlined by A-11 Section 280.
    • - - +

    6.0 SERVICE DETAIL

    @@ -405,11 +439,6 @@ permalink: /terms/

    -
  • +
  • GSA may maintain data sets developed from the data and store them under the security parameters described above so long as GSA removes any personally identifiable information, confidential or sensitive information from such data sets (as defined by the @@ -437,7 +437,7 @@ permalink: /terms/ Administration -

    +

    -
  • 352.2/021 – Information Service Program Management Records (DAA-0352-2016-0001-0005) @@ -215,7 +214,6 @@ permalink: /terms/
    • -
  • GSA may maintain data sets developed from the data and store them under the security parameters described above so long as GSA removes any personally identifiable @@ -543,5 +541,5 @@ permalink: /terms/ waiver of such right or provision.


    - + From 309b320c98a8f634679d6764cc7715d49f814915 Mon Sep 17 00:00:00 2001 From: MaroyaF <161525037+MaroyaF@users.noreply.github.com> Date: Tue, 13 Aug 2024 11:01:27 -0600 Subject: [PATCH 07/16] Update terms.md Signed-off-by: MaroyaF <161525037+MaroyaF@users.noreply.github.com> --- terms.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terms.md b/terms.md index 9dfc9cc..f68a255 100644 --- a/terms.md +++ b/terms.md @@ -90,10 +90,10 @@ permalink: /terms/ Touchpoint Submissions are stored in a database table.
  • - Submissions data is available in real-time and can be viewed in Touchpoints, exported to .CSV, or accessed via a .json API, for review and analysis. + Submissions data is available in real-time and can be viewed in Touchpoints, exported to .CSV, or accessed via a .json API, for review and analysis.
  • - Instructions on submitting a quarterly OMB CX Data collection and information on the data collection rating can be found on Touchpoint's Wiki. + Instructions on submitting a quarterly OMB CX Data collection and information on the data collection rating can be found on Touchpoint's Wiki.

    • From a110fe1bb989f3571c56d47aa4d90a8d4c88efc9 Mon Sep 17 00:00:00 2001 From: MaroyaF <161525037+MaroyaF@users.noreply.github.com> Date: Tue, 13 Aug 2024 15:55:27 -0600 Subject: [PATCH 08/16] Update terms.md Signed-off-by: MaroyaF <161525037+MaroyaF@users.noreply.github.com> --- terms.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terms.md b/terms.md index f68a255..307981f 100644 --- a/terms.md +++ b/terms.md @@ -212,8 +212,7 @@ permalink: /terms/ GAO requirements, or similar authorities. - - +
  • GSA may maintain data sets developed from the data and store them under the security parameters described above so long as GSA removes any personally identifiable @@ -295,7 +294,8 @@ permalink: /terms/
  • The GSA RegSec team will review internal GSA PRA within five (5) business days. - +
    • +

    4.0 SERVICE PURPOSE AND POTENTIAL USERS

    From 51010e2469f9c98073e93aa4adc25a74cf045ff7 Mon Sep 17 00:00:00 2001 From: Ryan Wold <64987852+ryanwoldatwork@users.noreply.github.com> Date: Tue, 27 Aug 2024 17:38:12 -0700 Subject: [PATCH 09/16] add was this page helpful? form * add basic dap events * enable Touchpoints events with setTouchpointsListeners() --- _includes/component-footer.html | 57 ++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/_includes/component-footer.html b/_includes/component-footer.html index 5d06335..2c4f381 100755 --- a/_includes/component-footer.html +++ b/_includes/component-footer.html @@ -1,5 +1,60 @@ -