ISO PS011 Web Page Guidelines

Policies and Standards ISO PS011 Web Page Guidelines [Previous]  [Next]  [Policy Home]

Policy Name: Web Sites
Policy Number: IS PS011
Effective Date: July 23, 2007
Review Date: July 23, 2008
Last Revision Date: July 23, 2007
Last Revision By: Bruce Edwards
Contact Name: Bruce W. Edwards
Contact Email: ISOPolicy@louisville.edu
Approved By: Compliance Oversight Council
Version: 1.0

POLICY:

The web presence of the University is to securely provide information, allow for interactive functions and promote a positive image of the University to other Universities, accrediting agencies, funding agencies, the media, prospective students, their families, and the public.

Administrative Standards:

General (all web sites)

• Intellectual Property must be respected. See IS PS003 Intellectual Property.
• Privacy laws, regulations and standards of the University must be followed. All sensitive information must be managed appropriately so that unauthorized access to sensitive information is prevented to the extent possible. If you are unable to assure that sensitive information is adequately controlled via a website or other network accessible method, the information should not be placed on or collected via the website.
• The University reserves the right to disable and/or remove the web page links and publishing capability on University managed servers (or internet accessibility to such by University supplied network components) of anyone who uses these resources to violate University contractual obligations; to perpetrate, aid or abet criminal acts or intellectual property/copyright violations to make accessible materials that are obscene or consume (or result in the consumption of) excessive amounts of computing or network resources.

University School, Department, Unit or other University entity web pages

• Security of these pages on the University of Louisville web site are the responsibility of School, departmental, unit, group or other University entity who produces and maintains them and must comply with security guidelines outlined in this document as well as other applicable University guidelines.
• Web sites should conform to the University's graphic identity standards.

Individual Web Pages

• Security of individual pages on the University of Louisville web site are the responsibility of the person to whom the account is assigned and must comply with security guidelines outlined in this document as well as other applicable University guidelines.
• For information regarding content of individual web pages please contact the Office of Communications and Marketing.

Technical standards (all web sites):

• All enhanced capabilities configured on web pages must be deployed with security in mind. The web site creator must use appropriate settings for any enhanced capabilities deployed to prevent or minimize opportunity to misuse or exploit the enhanced capability.
  
  Example: Use of a form to generate an email to the web page owner: Care must be taken to ensure that settings for the form mail are such that the form mail can not be used to generate SPAM.
• The standards outlined in IS PS010 Network Service must be followed. Pay special attention to the Connecting to University affiliated computing resources from outside the University network section.

Software Standards:

• University School, Department, Unit or other University affiliated entity web pages
  Plone Content Management System (CMS) is the recommended web-site management software. The CMS's built-in capabilities are configured by the Information Technology Division to maintain a high level of security.

All persons while conducting/performing work, teaching, research or study activity or otherwise using University resources. Scope/Applicability also includes all facilities, property, data and equipment owned, leased and/or maintained by the University or affiliates.

POLICY AUTHORITY / ENFORCEMENT:

The University's Information Security Officer (ISO) is responsible for the development and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.

POLICY REVIEW:

This policy will be reviewed annually to determine if the policy is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed.

COMPLIANCE:

Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.

Version / Revision Date / Description

1.0 / July 23, 2007 / Original Publication

Approved July 23, 2007 by the Compliance Oversight Council
Shirley C Willihnganz, Executive Vice President and University Provost, Chair of the Compliance Oversight Council

[Next]