Online Forms Acceptable Use Guidelines
All form users must follow these guidelines so that you collect the right data, send it securely to the right place, and store it properly.
Form embedding
Form accounts provided by Mass Digital are a part of our web content management service and are only for forms that are embedded on www.mass.gov.
Design theme
All forms should use the "Mayflower V4" design theme so that they render correctly on the website.
Form folders
You must save any forms you create in a folder you have access to. If you don't do this, they will be in an uncategorized folder that others on your team can't access.
Accessibility
All forms must be accessible. The form tool has some features and field types that are not accessible. These must not be used.
Electronic signature field
"Other" option with radio buttons and checkboxes
Feature compatibility
Some features shown in the form tool are not compatible with our implementation or violate policies. The following features should not be used:
Save and Resume
Columns
Label position (leave the default)
Sharing of submissions using "Share" links
Field types:
Credit card
Matrix
Ratings
Event / Product
Data collection
Ensure that forms are not being used to collect sensitive personal identifiable information (PII), such as Social Security numbers, driver’s license numbers, health information, credit card numbers, or bank account numbers.
You can look at the form itself or review it via the back end in Formstack under the “Build” tab to determine whether any sensitive information is being collected and remove such questions from your form.
Consult with your organization’s CIO or CISO on what can or cannot be collected, and how data should be retrieved, transmitted, and stored. Ask them to review any forms that might collect PII.
Those charged with handling the data collected through forms should be trained on what data should not be collected and how certain types of data need to be handled.
Submission and attachment storage
By default, submissions and attachments are stored in Formstack and not deleted. Formstack is a temporary storage location for this data. You must transfer any data that you want to keep to a state system outside of Formstack, and then delete the data in Formstack. There is a limit to the amount of submissions and attachment storage we have in Formstack. It cannot be used as a persistent storage area.
Emails from the form tool
All emails from the form tool must be to state government email addresses that use a government domain.
No personal, sensitive, or confidential information should be sent via email.
Before publishing a form, make sure that the people receiving the emails know that they will receive responses and understand what to do with them.
Integrations
Integrations take the form data and send it to another system. It’s critical to make sure that this system is an appropriate place for the data.
Verify with your CIO, CISO or other senior business manager that the integration method complies with your organization's policies. Some integrations could use third party tools or systems which may not be appropriate for your organization.
Find out who manages the specific integration account where the data is being sent. Verify that it is owned by the state.
If needed, make sure someone is taking action when forms are submitted and the data is sent with the integration.
Payments
Forms on this account should not collect any payments.
Removal of unneeded forms
Once a form is no longer needed for active collection of responses, the form must be deleted. We have a limit to the number of forms on our account. If you have not downloaded any required submissions or attachments, do that before deleting the form. Do not archive forms since those still count toward our usage limits.
Last updated