Tech:SRE 2021 Restructure/Approvals Policy

= Proposed version = Name: Expenditure Authorisation Policy - Site Reliability Engineering (available on-wiki and in PDF format for the Board)


 * Author: Ferran Tufan
 * Date: 2021-01-24
 * Ratified by Board on: 

Definitions

 * Board: Miraheze Limited's Board of Directors, legally responsible for the company and allocating donor funds to departments.
 * Budget: the sum of money received from the Board in order to operate the Site Reliability Engineering team.
 * Budget holder: a member of Site Reliability Engineering, responsible for tracking the budget and authorising expenditures. Unless otherwise specified, the Director of Site Reliability Engineering is the budget holder. In the case of absence from the Director of Site Reliability Engineering, one of the Engineering Managers will be appointed as (ad-interim) budget holder.
 * Budget period: the timeframe (January 1 - June 30 or July 1 - December 31) for which a budget has been allocated.
 * Commitment: an obligation to spend a certain amount of money over a given timespan.
 * Director of Site Reliability Engineering: a member of Site Reliability Engineering in charge of leading Site Reliability Engineering, appointed by the Board.
 * Emergency: a situation where looping through the regular approval chain would (or greaterly impact) very likely cause permanent data loss or a data breach, therefore immediate spending is necessary.
 * Engineering Manager: a member of Site Reliability Engineering in charge of leading a team within Site Reliability Engineering, appointed by the Director of Site Reliability Engineering.
 * Volunteer: a member of Site Reliability Engineering, regardless of the role.

Description
Site Reliability Engineering (SRE) is responsible for the innovation, security, privacy and administration of IT services, infrastructure and data of Miraheze. Site Reliability Engineering maintains all Miraheze servers and services, develops new extensions for the community, resolves the requests of the community and advises the Board on information security and privacy matters.

The Site Reliability Engineering department reports directly to the Board. In order to provide services to the Miraheze community, Site Reliability Engineering receives a budget from twice per year. This budget is located on a dedicated bank account. This document describes which rules apply to Site Reliability Engineering for spending the budget.

Expenditure
The authorised person for expenditure depends on the commitment. For example, purchasing a £50/month (including VAT) server with a 24-month commitment (obligation) results in a commitment of £50 * 24 = £1200. With just a monthly commitment (obligation), the commitment is £50 * 1 = £50. Signing a contract with high monthly expenses with a long-time commitment to pay for the services implies higher financial risks - potentially even affecting Miraheze after a budget period has passed, hence the commitment is an important indicator. In general: the higher the commitment, the stricter the rules are.


 * Commitment up to £300.00: sign-off from the budget holder.
 * Commitment exceeding £300.00, but up to £600.00: sign-off from the budget holder and at least one (1) Engineering Manager.
 * Commitment exceeding £600.00: sign-off from the budget holder and at least two (2) Engineering Managers.

Emergencies
The aforementioned approval chain must be adhered to at all times. However, in an emergency, waiting for the formally required sign-offs may pose a threat to Miraheze. If a situation is an emergency and involved team members have a good faith belief the required budget holder and/or Engineering Managers will not be able to respond in a reasonable amount of time (rule of thumb: 30 minutes), the Engineering Managers and the budget holder are authorised to spend without any formal approval or with only a fraction of the required sign-offs. They must inform the budget holder (Engineering Managers) or the Board (budget holder) regarding the expenses as soon as possible. The consequences of misuse of funds are up to the discretion of the budget holder (Engineering Managers) or the Board (budget holder).

Objections
Any volunteer has the right to raise objections against a decision from the budget holder or Engineering Managers. They should try to resolve the dispute with the involved parties first. However, if the volunteer is not satisfied with the outcome, they are allowed to invoke the Board's for the objection. The Board has the final say in the complaints procedure.

Out of budget
If the budget has been exceeded (due to regular requests or emergencies), the budget holder must testify to the Board. If an emergency is (partially) the cause of this incident, the involved parties must testify to the Board as well. The Board has the authority to take any action in order to resolve the incident. Examples of actions are, but are not limited to:
 * Allocating extra funds for the remainider of the budget period.
 * Firing the Director of Site Reliability Engineering (budget holder).
 * Reverting a commitment (if possible).

Ad-hoc
In the event of a situation not covered by this policy, the Board has to pass a resolution. A change to this policy (other than fixing a spelling mistake) must go through the resolution process of the Board.

= Old version =

''Reminder for all: you are working with donor money. Any purchase not for the sake of improving the Miraheze services does not fall under this policy. Misuse of funds is a gross offense.''

The Technical Team, also known as Site Reliability Engineering, is responsible for hosting the sites and managing the IT services used by Miraheze, has a budget allocated bi-yearly by the Board. A budget period covers Jan 1 – Jun 30 or Jul 1 – Dec 31. This approvals policy should ensure consensus on spending and transparency about Miraheze’s expenses within the Technical Team.

Assignment of roles: (ad-interim) budget holder Lewis
 * Budget holder: Ferran Tufan (as appointed by the Board)
 * Senior Site Reliability Engineers: John Lewis
 * Site Reliability Engineers: anyone in the ‘ops’ group, sans Senior Site Reliability Engineers and
 * (Ad-interim) budget holder, in case of long-term absence (unless otherwise overridden): John

Personal budget
Site Reliability Engineers must adhere strict standards before they are appointed, and they might need to purchase test servers for experiments. Every Site Reliability Engineer gets a $25.00 fixed budget, for Senior Site Reliability Engineers this is $40.00. This may be retrieved out of the bank account directly (by buying the server in the control panel, if applicable) or will be reimbursed upon request. In the current situation, this amount is $0.

Regular requests
Use significant figures for calculation. If the purchase cannot be covered by personal budget, the policy below must be applied. Up to 15.00% per budget period: sign-off from budget holder. 15.00% - 30.00%: sign-off from budget holder, one Senior Site Reliability Engineer (if applicable), and: 30.00% or greater: sign-off from budget holder, one Senior Site Reliability Engineer (if applicable), and:
 * at least one, or 25%3 of Site Reliability Engineers (rounded up to above), whichever is higher.
 * at least two, or 50%3 of Site Reliability Engineers (rounded up to above), whichever is higher.

Emergencies
When purchases must be made to reduce the impact of an emergency (e.g. keeping critical data intact), a Senior Site Reliability Engineer may decide to make purchases without prior approval by the budget holder, even if the purchase exceeds their (total/combined) personal budget. They must inform the budget holder as soon as possible. The consequences of misuse of funds are up to the discretion of the budget holder.

Objections
Any (Senior) Site Reliability Engineer can raise objections against a decision of the budget holder. They should try to resolve the dispute with the budget holder, however; if that is not possible, they can notify the Board of the objection. In said case the Board may decide to pass a resolution to agree/revert the decision of the budget holder. The Board has the final say in any dispute.

Out of budget
If the budget has been exceeded (due to regular requests or emergencies), the budget holder will have to testify to the Board. If the Board determines the budget holder has acted irresponsibly, they may appoint a new (temporarily) budget holder. Other consequences are also up to the Board.

Ad-hoc
In the event a situation is not covered by this policy, a decision has to be approved by the Board. Any change made to this policy must go through the resolution process of the Board.