Monitoring Legal and Compliance Pages

Sometime in the last couple of weeks, we had a fail.

Our website houses our contractual agreements for our free users and our individual customers. About three weeks ago, we had an issue with a plugin on our website and did a regression to our last stable copy, back to before the updates to the agreements were published.

Now, those changes are small and easily managed, so it didn’t have a big impact on our systems and had zero impact on our customers. But, it was still an unnecessary fire drill this morning. Had we made a substantive change as opposed to making the wording more friendly, it could have created hours of rework and customer communications, possibly adding extra complexity in the management and monitoring of our agreements.

With a monitoring tool in place that can not only validate page data but can read the page content, this gets really easy. Here is a very inelegant video of me walking the process. From start to finish, I create the group, the folder, the monitor (and make a video!) in less than 10 minutes. I also published the process to our ops playbook.

Here’s a transcript of the video:

We just had an issue here at Stack Moxie. We have been working on the website and we have three critical legal pages on our website. Our privacy policy, the terms of use contracts for all of our free and click-through customers, and our data sub-processors addendum are all published, and reflected everywhere on our website. And we had some issues with the website, and so we regressed to an old version which means we had actually regressed to old versions of all of those contracts, legal contracts, which is a pretty big deal for us.

So, I figured this has probably happened with a lot of people now, especially with a global data privacy that you expect privacy standards and, and data subprocessors to be published and available on your website. So I wanted to show how I’m using Stack Moxie to make sure that never happens again. Alright, I’m gonna turn off my video and I’m going to share my screen.

Alright, so, the first thing I’m gonna do is go into my Admin.

And I’m gonna create a new user group for notifications and alerts for legal.

So, what you can see is we have notification groups down here that can let different people know when something has happened.

So, I’ve already set this up and I’m gonna show you what it looks like. I have named the group legal. If you are a company who has a global outlook list or notification groups that you’re using, like we do we, have a group that’s called “Legal at Stack Moxie,” you can add that group email, or you can individually add members to this notification group as well.

And we’re going to respect the user preferences on how they’re receiving notifications and then when something is a legal violation, we’re gonna send them immediate notifications that are gonna overwhelm those notification settings.

So, I’ve updated this notification group. Now the next thing I’m gonna do, is I’m going to create a folder to hold these scenarios.

So this folder is going to be called “Legal.”

“These are critical programs that run legal systems like our Privacy Policy…”

And what I’m trying to do is get some keywords in the description in case someone is searching for that. Perfect, I’ve created a folder, I’m going to “Legal,” I’m going to click right here in the folder and I am going to start one from a Stack Moxie Starter.

What I’m going to be looking for is making sure that the web page is up and I’m gonna start with the starter, because it’s the easiest way to create a scenario.

So for instance this one is Stack Privacy Policy URL. This is the landing page URL, and I’m gonna name the scenario: Privacy policy. When I’m selecting severity, I think about how often do I want to see alerts and how immediately I’ll respond. And so for me this is a P.2, right? If this goes down for an hour or two it’s not critical, but we need to get to it same day. If it gets regressed, we’ll get notified but it’s not like we’ve got a security breach and everyone needs to stop. A P2 means it’s super important but it’s not like stop talking to a customer mid sentence and move on.

I’m gonna want this to schedule, I’m gonna actually, because this is not going to be filling out data and sending synthetic data that could impact feedback on our lead volume, our API limits, possibly sending messages to sales teams with synthetic or fake data schedule, I’m going to schedule this one to go every day, cause I wanna know pretty much everyday if something is broken.

Alright, and then I wanna make the alerts go to my legal team. Alright, so I’m gonna create this and then I’m going to come in and I’m gonna edit it.

So, this is checking to make sure the page is up and that it’s not doing a redirect to another page, and what I’m gonna add here is now we’re going to check, we’re going to add a new step, which is to look at the page.

We’re going to look for the content.

And we’re gonna make sure that this page content contains, well, it should be exact match since it’s gonna look for the whole thing, so I’m gonna make sure it should contain this update date.

So for our internal process now, every time we update these contracts we’re gonna update the notification on the documents that we store in our internal file storage, we keep a master list of all our legal agreements and when the last updated date is, so we’ll update that date. And the third step is going to be updating the information on the website including this last update date. And the final step is going to be running this test and updating this current page info “expected value” to be the most recent updated date, so it always know to look for the most recent updated version of this.

Now, we can save and run.

And we’ll see if it passes or fails.

For anyone who hasn’t seen Stack Moxie before, this is how it works. It actually is doing the things you would do as a person. Now, if you are using this in real life and not a demo example, I highly recommend that you not sit here and watch the robots run, because it takes a second and that’s the whole point of having the robots do it instead of you doing it is not having to sit here and watch the robots run.

But it’s gonna run all the information. It’s gonna perform these steps – where it’s not redirecting to another page and then it’s got the current login page and that it’s finding that copy. So this is up and working. And now every single day from here on out, we’ll know that the privacy policy is up working that nothing has made changes. Thanks for taking the time.