Risk Assessment
Facebook
Identify, resolve, and assessment any risk found in Facebook's entire software library.
Facebook cares a great deal about how safe their software is for themselves and most importantly the millions of users around the world. To gauge the risk of any piece or collection of software, they identify vulnerabilities, create and safeguards, then run repetitive assessments on those risks. This tool is built to facilitate that very important yet complicated process.
Create an in-house solution that captures the complete end-to-end workflow lifespan of a risk and its assessment
Product Designer
Including: Information Architecture, User Research, Visual Design, Interaction Design, Prototyping
MVP deployed. Working on revisions to various user workflows and visual design.
MVP released. Unless otherwise noted, the work here is the current production design. Work in progress.
.jpg)
.png)
Facebook cares a great deal about how safe their software is for themselves and most importantly the millions of users around the world.
To gauge the risk of any piece or collection of software, they identify vulnerabilities, create and safeguards, then run repetitive assessments on those risks.
This tool is built to facilitate that very important yet complicated process.
Create an in-house solution that captures the complete end-to-end workflow lifespan of a risk and its assessment
Lots of work was put into creating any number of diagrams or documentation around the various complex flows of team/user.
These slides (click the image to see more) are just excerpts from a dive into a single process of one team's (GRC) flow. In general, the tools provides a way for various teams to create objects related to the identification or resolution of risks. Once these objects are created and linked together, they can be assessed. This is some documentation around that assessment flow.
Facebook cares a great deal about how safe their software is for themselves and most importantly the millions of users around the world.
To gauge the risk of any piece or collection of software, they identify vulnerabilities, create and safeguards, then run repetitive assessments on those risks.
This tool is built to facilitate that very important yet complicated process.
Create an in-house solution that captures the complete end-to-end workflow lifespan of a risk and its assessment
For reference, this is an example of an early version of the product's layout. The key parts to notice are the horizontal navigation and standard table that's used to display the inventory of objects in the database.
In the following images, the new direction of the tool utilizes a vertical navigation to be extensible as users' needs grow.
There is also a move away from a table component to a card view as it affords me the opportunity to leverage a more robust information hierarchy, making all the data more consumable by the user.
Facebook cares a great deal about how safe their software is for themselves and most importantly the millions of users around the world.
To gauge the risk of any piece or collection of software, they identify vulnerabilities, create and safeguards, then run repetitive assessments on those risks.
This tool is built to facilitate that very important yet complicated process.
Create an in-house solution that captures the complete end-to-end workflow lifespan of a risk and its assessment
One of the huge challenges working on this tool is that there are a number of user groups who can not align on workflow or terminology.
So, while there's an ongoing effort to get everyone on the same page which would therefor allow me to simply the UI, I created a team selector landing page for the users. This allows them to dive into their respective areas of focus, or should they be a unique power user who is on multiple teams, allows them to easily switch.
Of note, there does exist a "Today" card where I've abstracted and unified tasks across teams. In this way, there's still a single place to see one's action items without having to jump around.
Facebook cares a great deal about how safe their software is for themselves and most importantly the millions of users around the world.
To gauge the risk of any piece or collection of software, they identify vulnerabilities, create and safeguards, then run repetitive assessments on those risks.
This tool is built to facilitate that very important yet complicated process.
Create an in-house solution that captures the complete end-to-end workflow lifespan of a risk and its assessment
There are many different areas in this tool, place to create and manipulate objects, but until recently, there wasn't a place for a person to see if there was anything they needed to do. So I built a "Your Action Items" page to solve that issue.
Depending on the user role and team they selected earlier, they could see all or a focused set of tasks on this page.
Of note, here is a look at the new vertical nav as it while collapsed.
Facebook cares a great deal about how safe their software is for themselves and most importantly the millions of users around the world.
To gauge the risk of any piece or collection of software, they identify vulnerabilities, create and safeguards, then run repetitive assessments on those risks.
This tool is built to facilitate that very important yet complicated process.
Create an in-house solution that captures the complete end-to-end workflow lifespan of a risk and its assessment
Many of the pages are focused on presenting lots of objects and their associated top-level data to the user. The tool had been using simply tables to present the data to the user, but I've been working with stake holders to provide a new way of looking at the data.
The object you're looking at is the expanded version. There's a header card on top and a more familiar table-esque component below. The default view would be a list of these cards in a collapsed state. And when the user needs more information, they'd simply expand the card.
Facebook cares a great deal about how safe their software is for themselves and most importantly the millions of users around the world.
To gauge the risk of any piece or collection of software, they identify vulnerabilities, create and safeguards, then run repetitive assessments on those risks.
This tool is built to facilitate that very important yet complicated process.
Create an in-house solution that captures the complete end-to-end workflow lifespan of a risk and its assessment
All of the objects in this tool get combined and linked together to a singluler end, getting assessed for their effectiveness at resolving risks.
This is a look at part of a Safeguard assessment. The user would land here from one of their tasks and begin the process. There are some instructions placed at the top and then the objects needing attention below.
In this particular situation, the assessment is handed back and forth between 3 different user types, each contributing their own input to the overall assessment. These users, and their input, can be seen in the modified table under "Assessor", "Reviewer", and "Auditor."