Annually

• Ensure users for each Organization are valid - Touchpoints team sends a list of existing, active users in the system for an Organization to the Organization Manager. The Organization Manager is responsible for notifying the Touchpoints of invalid accounts. Sometimes, separation lists are available, and a separation list communicates staff that are no longer valid.
• Review and updates the information security architecture [at least annually] to reflect updates in the enterprise architecture. Touchpoints LATO PL-8 Part b (login required 🔐)
• Review and update Touchpoints' Privacy Impact Assessment in coordination with GSA's Privacy Office. Ensure any new form fields that collect PII have been considered (login required 🔐)

Quarterly

• Operating system and web application vulnerability assessment results are provided to the ISSO monthly, and are tracked by the TP ISSO in the TP POA&M, which is submitted at least quarterly to the GSA OCISO. RA-5 Part e

Monthly

• Review all system warnings and notifications, including, but not limited to: Cloud.gov, New Relic, AWS Cloudtrail.
• Review Google Analytics web traffic and usage

Weekly

• Update Data Portfolio program statistics reports
• Review New Relic reports
• Review Snyk reports
• Run Customer Count Reports - gives the Touchpoints team an indication of Customer Support related work
• Run Customer Activity Reports - gives the Touchpoints team an indication of system usage and activity
• Run Customer Reporting Reports - gives CX Cap team an indication of specific program progress (eg: A11 Onboarding)
• Respond to ISSO-initiated ongoing Nessus and NetSparker scans in the Touchpoints Scan Review Log

Daily