# TDP Transition Plan --- ### Standing checklist (omit section before delivery) - [x] Weekly check-ins w/OFA (IP) - [x] Technical Overview initial draft inputs - [ ] Technical Overview final review - [x] UX initial draft inputs - [ ] UX final review - [x] Align on 2-week transition milestones cadences - [ ] Convert content to white paper --- ## Introduction and Overview ### Purpose of the Transition Document The purpose of this document is to facilitate the successful transition of TDP from Raft to the incumbent vendor for TDP 2.0. ### Overview of the project TDP is a new, secure, web-based data reporting system to improve the federal reporting experience for TANF grantees and federal staff. We have a robust [GitHub repo](https://github.com/raft-tech/TANF-app) that covers in-depth background, strategy, how-we-work, security, technical documentation, codebase, and our web tools. We entered a 60-day bridge contract 01/13/2024 that continues until 03/13/2024. During this period, our goals are to: * Complete parsing and validation enhancements * Implement error message plain language logic * Prioritize any critical findings from Security Control Assessment and Pen Testing * Deliver parity requirements of ElasticSearch/Kibana * Resolve CircleCI failures For more information on the project including background on ACF, TANF, the legacy system, and the expected impact of TDP, please refer to the [Background](https://github.com/raft-tech/TANF-app/tree/develop/docs/Background) folder of the GitHub repository. ### Key Stakeholders / Team Members #### Government Points of Contact | Position | Name | GitHub Username | Email | | ---------------------------- | --------------- | --------------- | -------------------------------- | | Product Owner | Lauren Frohlich | @lfrohlich | Lauren.Frohlich@acf.hhs.gov | | Government Technical Monitor | Alex Pennington | @adpenington | Alexandra.pennington@acf.hhs.gov | #### Product (Raft) Program Director - Steve Nino (Raft) Product Manager - TBD #### UX Research and Design (Raft) Sr. UX/R (Project) Design Lead - Miles Reiter #### Engineering (Raft) Technical Lead - Andrew Jameson (Raft) Sr. SDE - Mo Sohani (Raft) Sr. SDE - Jan Timpe (Raft) Sr. SDE - Eric Lipe #### Responsibility and Ownership Documentation * [How We Work](https://github.com/raft-tech/TANF-app/tree/develop/docs/How-We-Work) ### Resources * [GitHub repo landing](https://github.com/raft-tech/TANF-app) (Full Source Code) * [Sprint Board](https://app.zenhub.com/workspaces/sprint-board-5f18ab06dfd91c000f7e682e/board) * [Product Board](https://app.zenhub.com/workspaces/product-board-5f2c6cdc7c0bb1001bdc43a5/board) * [Dev Team Whiteboard / High touch roadmap](https://app.mural.co/t/raft2792/m/raft2792/1675268418098/d56ec0d5415d8cda9c6ae9cae61154bcc4e74bba?sender=ue018dddfca540564eae53907) * [Pen Testing Hack.md](https://hackmd.io/RF6RT80yQOqMPdwiCrT2VQ) * [Errors Audit Hack.md](https://hackmd.io/itv2dcDPRVulWm5mcaJtHQ) * [Accessibility Audit](https://hackmd.io/79rAOVzISbOvaTNv8nSpeA) * [Email Deliverability Audit](https://hackmd.io/z8uc6WHIQCCJriu9F0uoEg) * [Dev Office Hours Hack.md](https://hackmd.io/r5nHVawKSvaxW9MS8Cxq2Q) ### Technologies used TDP is a modern and [open-source application](https://github.com/HHS/TANF-app), leveraging the following technologies: - Backend: Django REST framework - DRF is an industry standard for fast prototyping and extensible codebases while utilizing the versatility of Python as a language via a web application and is also a strength within the teams’ skillset. - Frontend: ReactJS - As a modern JavaScript framework, ReactJS offered the feel and finish of a newer software stack with the expected extensibility for an open-source solution. - Selected due to its rapid and modern development structure as well as ease of compliance given 18F’s USWDS JavaScript library. This USWDS library ensures frontend 508 compliance and prevents some common JavaScript vulnerabilities. - Authentication: ACF AMS, Login.Gov - TDP requires strong multi-factor authentication (MFA) for all users, and Personal Identity Verification (PIV) authentication must be used as the 2nd factor for all internal ACF staff. The protocols behind our federation are OpenIDConnect (OIDC). - **ACF AMS** authentication service is being used for ACF users, and **Login.gov** authentication service is being used for external users. - Deployment: Cloud.gov / Pivotal CloudFoundry - Cloud.gov offered a rapid path to security compliance in production and offers many key cloud infrastructure features without needing an AWS practitioner. - Analytics: ELK (ElasticSearch, LogStash, and Kibana - Facilitate efficient and secure data storage, viewing, and analytics, while decoupling operational risk from the core application. - CI/CD - Continuous Integration and Delivery are automated through CircleCI workflows which include CI fundamentals in source code builds, linters, pytest/pa11y unit tests, CodeCov test coverage (minimum 90%), OWASP ZAP security scanner but also continuous delivery, when applicable, to Cloud.gov environments through Terraform, Cloud Foundry scripts, and BASH shell scripts. - Other Microservices: - ClamAV – a risk mitigation effort against end-user malware by placing the scanning service in-line before file storage. - [SendGrid](https://app.sendgrid.com/) - E-mail relay - Figma - Figma was selected as the UI mockup app of choice for its real-time collaborative functionality and ease of sharing designs/prototypes for both stakeholder feedback and user-interaction. We've utilized it to document task-flows, UI designs & style guides for every part of the app, hand off accessibility implementation notes, and to conduct user research for many of the core functionalities of TDP. - Mural - Mural was selected for its ease of use as a real-time collaborative whiteboarding platform and for continuity with OFA and 18F's own usage of it. It's proven to be a consistently reliable tool for facilitating user research, internal workshops & ideation sessions, and documenting a variety of living documents like the TDRS process map or TDP journey maps & personas. - HTML / GitHub Pages - As the project has progressed, we've increasingly utilized HTML for a variety of purposes including handing off working HTML email templates for implementation by development, testing more complex or content-heavy interactions in research sessions, and for fully owning the Knowledge Center as a design deliverable. To these ends GitHub pages has been a useful tool for hosting prototypes and our staging environment for the Knowledge Center. - Accessibility - Given that TDP's userbase includes both federal staff and members of the public, all elements are subject to Section 508 of the Rehabilitation Act, which mandates WCAG 2.0 AA as the minimum level of accessibility conformance. However, the ultimate level of accessibility we deliver frequently surpasses that standard due to: - Our UX practice includes a variety of universal design heuristics that consider newer versions and higher levels of WCAG guidelines (AAA) where appropriate, as well as factors beyond WCAG's scope. - Executive orders and HHS/ACF policies require that new web-based tools be built to modern standards which include mobile responsiveness. This suggests also testing WCAG 2.1 success criteria to ensure accessibility in responsive/mobile views as well as full desktop web views. ### Dependencies on external systems or services - Detail dependencies and access - Docker hub raft-tech organization hosts ClamAV image. Additionally we are hosting another image for ElasticSearch. In event of a transition, it will be re-hosted under an HHS organization. --- ## Technical Review ### System Architecture Overview of system, reference to key diagrams, security, and separation of technical duties * [Boundary Diagram](https://github.com/raft-tech/TANF-app/blob/develop/docs/Security-Compliance/boundary-diagram.md) * [Environment Diagram](https://github.com/raft-tech/TANF-app/blob/develop/docs/Technical-Documentation/diagrams/tdp-environments.png) ### Environment Setup * [Overview for environments](https://github.com/raft-tech/TANF-app/blob/develop/docs/Technical-Documentation/TDP-environments-README.md) * Terraform setup [here](https://github.com/raft-tech/TANF-app/blob/develop/docs/Technical-Documentation/TDP-environments-README.md). * Local development setup for frontend is [here](https://github.com/raft-tech/TANF-app/tree/develop/tdrs-frontend#prerequisites) and backend is [here](https://github.com/raft-tech/TANF-app/tree/develop/tdrs-backend#prerequisites) * Required software / dependenices can be found in above links. * Database setup instruction: * While almost fully automated, manual creation of uniquely named databases in the rds instance is required. * Codified db_name characteristics per environment are found [here](https://github.com/raft-tech/TANF-app/blob/develop/tdrs-backend/tdpservice/settings/cloudgov.py) ### Codebase Overview * Code structure / organization * CircleCI automation [link](https://github.com/raft-tech/TANF-app/tree/develop/.circleci#cicd-walkthrough) * Github configurations [link](https://github.com/raft-tech/TANF-app/tree/develop/.github) * Terraform Automation [link](https://github.com/raft-tech/TANF-app/tree/develop/terraform#terraform) * Environment configuration (Buildpack/Dockerfiles) * Frontend application is a reactJS app served through an nginx proxy and serves as a layer to the backend. * Backend is primarily a Django app primarily receiving interactions from the frontend which proxies its traffic via that same nginx place. Additionally, the backend interfaces with postgresql, elasticsearch, kibana, and AWS s3 through direct connections. ### Development Guidelines * Coding, document, testing standards etc. * Code styling is automatically enforced by pipeline linters * QASP testing standards can be found [here](https://github.com/raft-tech/TANF-app/blob/develop/.github/pull_request_template.md) ### Deployment Process * [Deployment processes and procedures](https://github.com/raft-tech/TANF-app/blob/develop/docs/Technical-Documentation/Architecture-Decision-Record/008-deployment-flow.md) * For rollback procedures in case of failures, please see [this](https://github.com/raft-tech/TANF-app/blob/develop/docs/Technical-Documentation/Failed-Deployment-Troubleshooting.md). * [Env specific configuration details and deep dive into CICD](https://github.com/raft-tech/TANF-app/blob/develop/docs/Technical-Documentation/circle-ci.md) ### Security Control Assessment Findings / Open items * [Security Controls Directory](https://github.com/raft-tech/TANF-app/tree/develop/docs/Security-Compliance/Security-Controls) * Nest any key findings from SCA review * Open security items * What we are/plan to address within the 60 days * What we are not planning to address ### Technical/UX Lessons Learned * Prior to the final system turnover, Raft will host a lessons leaned sync(s) with incumbent to review the following technical and UX topics: * Cloud.gov and Cloudfoundry operations * Cloud.gov memory quotas and app utilization * TDP system architecture and data flows * Deployment process * Research Recruitment strategies/considerations * End-user facing support content (TDP Knowledge Center) * Future Research --- ## Knowledge Transfer ### PM Process Overview / how we work #### **Agile practices** The Raft TDRS team, in alignment with 18F and industry best practices, employs Agile methodologies to facilitate the dynamic nature of our work. Our team embraces the inherent fluidity of priorities and has established a well-defined process that enables us to effectively collaborate across job functions and adapt to the evolving requirements of user needs. Operating within two-week sprints, our team initiates each sprint with a collaborative planning session involving OFA partners. Together, we define sprint goals and outline the necessary work to achieve them. Early sprints were prioritized based on factors like urgency, risk levels, and the team's capacity. User stories encompass comprehensive elements, including requirements, acceptance criteria, tasks, dependencies, and resources. Engineers actively contribute insights on scope complexity, user story size, and readiness for implementation. To foster open communication and collaboration, we conduct daily Stand-Up meetings. These meetings review completed work of the previous day, discuss tasks for the day, and address any blockers or dependencies. Weekly backlog refinement meetings ensure an up-to-date and prioritized backlog, allowing us to assess and commit to the highest priority item for the next sprint. Flexible roadmap designs accommodate changing requirements, breaking down milestones into implementable chunks. At the end of each sprint, a demo is held for OFA staff to showcase completed work and gather valuable feedback. This feedback informs subsequent sprint planning, incorporating user insights and refining priorities. We emphasize rapid feedback loops through retrospectives, addressing issues, mitigating risks, and optimizing tools and processes. Regular meetings with the government product owner and technical lead facilitate goal alignment and prompt resolution of concerns or challenges. #### ***Sprint Cycle*** - 2 week duration (Wednesday - Tuesday) #### Week 1 | Wednesday | Thursday | Friday | | ----------------------- | --------- | ------------ | | Stand Up | DevSecOps | Product Sync | | - | Async Stand Up | Dev Office Hours | | Office Hours / Dev Sync | - | Stand Up | #### Week 2 | Monday | Tuesday | Wednesday | Thursday | Friday | | ------------ | ------------------ | -------------- | -------------- | -------------- | | Dev Office Hours | Backlog Refinement | Office Hours | Async Stand Up | Daily Stand Up | | Stand Up | UX Sync | Daily Stand Up | DevSecOps | Prod Sync | | - | - | - | - | - | #### Week 3 | Monday | Tuesday | | ------------ | ---------------------- | | Stand Up | End of Sprint Ceremony | | Office Hours | Backlog Refinement | | UX Sync | | ### Government Information, Equipment & Property Inventory - [ ] Tech Leads (Andrew Jameson) laptop --- ### UX Overview #### Key Documents - The [Research Roadmap](https://app.mural.co/t/hhsacf3483/m/hhsacf3483/1709846673487/c9cdb59b5b8573d91ac669cdf1cc1038a188d3cb?sender=ueee9d42e6008c9c841a24687) is a living document created to support our agile research planning processes and release strategy. It captures top level research scope and goals which, when prioritized, are refined into plans capturing detail similar to the scope of [research plans 18F uses](https://guides.18f.gov/ux-guide/research/plan/). - [Figma](https://www.figma.com/file/irgQPLTrajxCXNiYBTEnMV/TDP-Mockups-For-Feedback?type=design&node-id=0%3A1&mode=design&t=uAfdU1Jj88jVudx5-1) - The [Stakeholder Types and Personas](https://github.com/raft-tech/TANF-app/blob/develop/docs/User-Experience/Research-Syntheses/2020%2C%20Summer%20-%20Understanding%20Stakeholders%20and%20creating%20personas.md) document captures ethnographic data about types of TDP users and stakeholders in TDP or TANF policy. - The [Research Syntheses](https://github.com/raft-tech/TANF-app/blob/develop/docs/User-Experience/Research-Syntheses) folder contains summaries of the scope of all research studies conducted on the project and their respective findings. The contained readme organizes them in reverse chronological order and links to a number of related Mural resources. - The [Markdown Practices](https://github.com/raft-tech/TANF-app/blob/develop/docs/User-Experience/UX-markdown-practices.md) document includes guidance regarding how to get started with GitHub Markdown formatting and reproduce the format of current syntheses. - The [Process Map](https://app.mural.co/t/hhsacf3483/m/officeoffamilyassistance2744/1608314993566/5724cd3c3e5e964ab9c85743e5b8e1d89c767788?sender=mreiter1745) documents how TANF data is processed and submitted by States, Tribes, and Territories. It maps both human-driven steps and those of the legacy system. #### Guides & Audits The Raft UX Team, in frequent collaboration with OFA subject matter experts, has produced and maintained guides and audits to assist in specific project efforts, enable cross-functional knowledge transfer, and increase visibility into the status of certain work. These include: - The [User Research Guide](https://github.com/raft-tech/TANF-app/blob/develop/docs/User-Experience/User-Research-Guide.md) covers practices and considerations for ensuring participant privacy and safety (including psychological safety). - The [Accessibility Guide](https://github.com/raft-tech/TANF-app/blob/develop/docs/Technical-Documentation/accessibility-guide.md) is intended to allow team members of any discipline to quickly familiarize themselves with the accessibility standards relevant to our work, testing tools used to ensure those standards. - The [Accessibility Audit](https://hackmd.io/79rAOVzISbOvaTNv8nSpeA) tracks outstanding accessibility issues (and associated tickets in the project backlog) across the TANF Data Portal (TDP), TDP's Django Admin panel, and the TDP Knowledge Center. - The [Error Style Guide](https://hackmd.io/J9mD0jeUSVm3QgJucSo5_g) documents the "anatomy" of errors from the legacy system and lays out a framework for mapping them to plainer language in the context of TDP's parsing engine. - The [Errors Audit](https://hackmd.io/itv2dcDPRVulWm5mcaJtHQ) tracks outstanding disparities (and associated issues in the backlog) between current parsing engine output and desired plain language output. #### UX-Owned Technical Resources - [TDP Knowledge Center](https://tdp-project-updates.app.cloud.gov/knowledge-center/) - [fTANF Installation Guide](https://tdp-project-updates.app.cloud.gov/knowledge-center/ftanf.html) - [TDP Project Updates](https://tdp-project-updates.app.cloud.gov/) - [Knowledge Center & Project Updates README](https://github.com/raft-tech/TANF-app/blob/develop/product-updates/README.md) ___ ## Transition Timeline (will be top of doc if executed) ### Milestone Events * Document Reviews: T-minus 2 weeks * GitHub Audit: T-Minus 2 weeks * Return GFE Equipment: 8 days * Access Audits: T-Minus 5 days * Pairing Sessions: T-Minus 4 days * Lessons Learned Sync: T-Minus 3 days * System Turnover: T-Minus 1 day