Home / Help / Reference

SOP implementation checklist

Completed SOP items on the live site; open work is in the Digital operations SOP.

← Site guide overview

Maps the Digital Operations SOP to work already in place on nsva.org. Open items and Phase 2 gaps are listed in the SOP under Platform implementation and Implementation priorities.

Verify routing: Operations Center Β· Reference: Site guide

Email and Domain

  • Microsoft 365 transactional send from @nsva.org (SMTP secrets: nsva-smtp-user, nsva-smtp-pass, nsva-email-from β€” see Email delivery setup)
  • Production deploy: EMAIL_PROVIDER=smtp, Stripe for commerce (cloudbuild.yaml)

Office Mailbox Provisioning

  • Workflow routing uses configured national office addresses (NSVA_OFFICE_EMAILS in operations-sop.ts β€” only mailboxes wired in code)
  • Forwarding / shared inbox procedure documented (Email delivery setup β†’ Leadership transition)

RBAC Alignment

  • SOP Levels 1–5 mapped to platform roles (/admin/operations routing snapshot)
  • MFA required for leadership/admin roles
  • Role assignment via Admin β†’ Roles (Email delivery setup)

Workflow Routing β€” national (code)

  • membership_application_submission / membership_application_decision
  • event_submission (calendar, registrations, forms, island charter intake email)
  • donation_received (in-app API + payment confirm only)
  • ships_store_order (Stripe payment confirm)
  • sponsorship_inquiry
  • convention_registration (includes Commander in routing list)
  • island_transfer_request
  • Admin routing inspection via Operations Center
  • Operations Center UI: /admin/operations

Notifications (email + in-app)

  • Membership apply: office email + approve_members bell
  • Convention register: office email + access_admin_panel bell
  • Island transfer: Secretary office email + secretary bell
  • Sponsorship, calendar, forms: office and/or admin bell per route
  • Store/donation (integrated path): office email on payment confirm + bell

Audit and Governance

  • Approvals/rejections and high-impact admin actions audited
  • Financial transitions: orders, donations (in-app), membership payments (Stripe), Zeffy webhook paths when enabled
  • Executive analytics + pipeline counts (/admin/analytics)
  • /api/test-email gated in production

Membership integrity & access

  • Duplicate prevention: email + username-as-email on apply; email on approve; case-insensitive payment link
  • Island transfer does not create duplicate members
  • Password reset: no password change until email sends (self-service + admin send)
  • Admin Set Temp Password (no email) for SMTP outages (force-password-reset + Members UI)

Data continuity

  • Export paths: members, orders, donations, audit log (Backup & restore)
  • Backup/restore runbook documented
  • Role-based To: addresses stable across personnel changes (when M365 mailboxes kept)

Payments reference

Environment Typical PAYMENT_PROVIDER Notes
Local dev mock Confirm via /api/payments/confirm-mock
Production (Cloud Run) stripe Store + membership; webhook /api/webhooks/stripe
Optional zeffy Embed + /api/webhooks/zeffy; not production default

See Ship’s Store deployment.