Web Hosting Policy

Policy Statement

World Wide Web services at the University of North Texas provide critical information and services to members of the University community, prospective students, and the general public, playing a vital role in helping the University fulfill its mission. Consequently, the information architecture, ease of use, accuracy, and security of the University's web presence are of paramount importance to the University community. This policy governs the means by which units may publish information to the web.

All managed web hosting services, including those not managed directly by Information Technology Shared Services (ITSS), are the property of UNT or the UNT System, depending on the managing unit. All use of these resources constitutes an explicit binding agreement to abide by relevant federal and state laws and UNT policies. Unauthorized use of managed web hosting services is prohibited.

Application of Policy

This policy applies to all entities that publish University-related information on all new and updated web sites at UNT. University websites approved to be hosted by non-ITSS providers must comply with the terms of this policy.

Definitions

  • Information Manager. An "information manager" may be designated from among the department heads, deans, or directors that report to an information owner. An information manager is permitted to change the web site content.
  • Information Owner. An "information owner" is a full-time staff or faculty member responsible for business functions and for determining controls and access to information and information resources supporting that business function. The appropriate senior administrator (Vice President, President, Provost, or Chancellor) is the information owner for all web sites publishing official information created or maintained by his or her area of responsibility.
  • Official Information. "Official information" refers to the governing or authoritative documents of the University or information that is published as part of the normal course of University business.
  • Personal Publishers. "Personal publishers" are individuals at the University publishing web content unrelated to those individuals' official work role at the University. Examples of such information include student pages, faculty members' vitas that are published independently of departmental faculty information, and staff members' pages that represent personal information such as hobbies.
  • Unit. A "Unit" is any individual, college, department, administrative unit, research group, or other organization formally associated with the University or University System.
  • Managed Web Hosting Service. A "managed web hosting service" is a web hosting service maintained by a designated custodian employed full time by either the University or the UNT System, as defined in the section of Policy 3.6 entitled "Custodian of an Information Resource."
  • Web Hosting Service. A "web hosting service" is a collection of server software providing remote storage and delivery of web site content.
  • Web Site. A "web site" is a collection of web pages containing information, forms, or interactive tools related to a particular unit and/or service, having its own home page (index page), unique web address, distinct business function, or a navigational structure that differs from its parent site (such as an academic department's web site that is part of a college or school parent site).
  • Web Site Builder. A "web site builder" is the individual, or representative of a group of individuals, who builds and develops a web site, including architecture, functionality, and other components which are maintained by a web site custodian. The web site builder is designated by the web site custodian, and may be the same individual.
  • Web Site Building Tool. A "web site building tool" is a software application intended, at least in part, to facilitate the development and maintenance work involved in publishing a web site, enabling the web site maintainer to perform day-to-day content management tasks without extensive technical training or experience.
  • Web Site Custodian. A "web site custodian" is the full-time staff member assigned by the information owner or information manager to oversee the development and maintenance of a web site.
  • Web Site Maintainer. A "web site maintainer" is the individual responsible for day-to-day content management and maintenance duties necessary for a particular web site, as determined by the web site custodian. The web site maintainer is designated by the web site custodian, and may be the same individual.

Procedures and Responsibilities

1. Web Site Responsibilities

All individuals responsible for a web site (information owner, custodian, maintainer, and builder) must provide their names, the site(s) for which they are responsible, and contact information to ITSS.

The information owner, information manager, and web site custodian must be full-time University staff members, although their web site responsibilities might not necessarily be their only job duties. The web site maintainer must be a University staff member or student, but does not have to be employed full-time or entirely for this purpose. Units should consult with ITSS before hiring individuals to fill these roles, in order to ensure that positions are posted with the proper qualifications. Website builders in particular have specific responsibilities which require careful consideration. Contact ITSS Central Web Services for more information.

Only the owners of information, or their designated information managers, custodians, or maintainers may change the content of the information that they manage. Owners must routinely review the official information placed on the web by their staff to ensure its timeliness and accuracy.

Responsible Parties: Web site builders, custodians, maintainers, and information owners.

2. Use of the University System Web Hosting Service

ITSS provides a centrally-managed web hosting service to ensure that reliable, cost-effective web hosting is available throughout the University System. All units and individuals publishing web sites must use ITSS-approved web site building tools to do so, and must host their web sites on ITSS's centrally-managed web hosting service, provided that they are eligible under the terms of its Service Level Agreement. Use of non-ITSS web hosting services and use of unauthorized web site building tools must be approved by ITSS.

ITSS is responsible for approving, distributing, and, as necessary, developing appropriate web site building tools as well as updating and patching the centrally-managed web hosting service as required. Appropriate use of this web hosting service is governed by the Service Level Agreement, published by ITSS.

Responsible Parties: All Units, Individual Publishers, and ITSS.

3. Web Site Creation and Maintenance

New web site requests will be subject to an initial consultation and review process by both ITSS and University Relations, Communications and Marketing (URCM). If the request is approved, the web site will be assigned an appropriate location in the University information architecture.

Before its initial launch and periodically thereafter, each web site will be reviewed by ITSS and URCM to ensure that it is a beneficial part of the University's overall web presence and conforms to all University, local, state and federal web standards, rules, laws, and policies.

Web sites may be taken offline, either temporarily or permanently, when deemed necessary by ITSS, URCM, or the designated information owner. Reasons for taking a website offline may include but are not limited to security issues, intellectual property claims, violations of policy, or a violation of the terms of the SLA.

When a web site is taken offline, the web hosting service on which the web site is hosted must be configured to redirect future requests for that web site elsewhere as appropriate, in order to avoid breaking inbound links.

Responsible Parties: All web site builders, maintainers, custodians.

4. Web Site Registration

In order to ensure that University web sites are developed and maintained in conformity with UNT policies, as well as state and federal laws and regulations, each web site must be registered on an annual basis with ITSS.

New web sites that have not registered or that do not meet University web policies or guidelines can be declared ineligible for use of managed web hosting services and have their public launch suspended.

Responsible Parties: All web site builders, maintainers, custodians.

5. Privacy Policy

Each web site must provide a privacy statement on its home page (index page). Each privacy statement must identify the information collected from site visitors, describe its use, and assure site visitors of the integrity of their information during transmission and storage.

Privacy Notice

Each privacy statement must identify both passive and active information collected from site visitors and describe its use. Passive information is collected without alerting the site visitor. Active information is purposely provided by the site visitor.

Examples of passive information include:

  • browser detection: browser type and browser version
  • remote host name: the DNS entry for the computer accessing the web site
  • cookies: hidden identifiers used to store data during a visit, and cumulatively over time

Examples of active information include:

  • name of the site visitor
  • e-mail address of the site visitor
  • comments or answers to questions provided by the site visitor

Security of Private Information

Each web site will assure site visitors of the integrity of their information, in transit and in storage. This assurance should include whether the transmission of their data is secured and by what means, the positions or employees that will be able to access the information, and under what conditions that information will be accessed.

Because of the requirements to protect students' information under the Family Educational Rights and Privacy Act, any unit collecting data falling under FERPA guidelines must carefully review its handling of such data and insure that its procedures adhere to the act.

Responsible Parties: All web site builders, maintainers, custodians.

6. Security of University Web Sites

All web sites will conform to the State of Texas rule for protecting the security of information, 1 TAC §206.73. Prior to providing access to information or services on a web site that require user identification, each institution of higher education shall conduct a transaction risk assessment and implement appropriate privacy and security safeguards. At a minimum, web sites that require an individual to enter information in a Web based electronic form shall use an SSL session or equivalent technology to encrypt the data.

Responsible Parties: All web site builders, maintainers, custodians.

7. Legal and Intellectual Property Responsibility

Persons responsible for web development are required to adhere to all applicable state and federal regulations and internal policies and guidelines associated with security, risk measures, and copyright compliance. Permission from the copyright owner must be obtained in advanced before publishing copyrighted material on University web sites and notification of copyright should be shown on pages containing those materials.

Responsible Parties: All web site builders, maintainers, custodians.

8. Responsibility for Official Information

Because official information represents the University to a worldwide community, it must be timely, accurate, and consistent with University policies and local, state and federal laws. All official information published on University web sites must conform to URCM rules, as detailed in Web Publishing Policy 3.9. Failure to conform to URCM rules is grounds for taking a website offline.

Responsible Parties: All web site builders, maintainers, custodians.

9. Responsibilities for Personal Publishers

Personal publishers are responsible for the content of the pages they create, and the views and opinions expressed in such content are strictly those of the author and do not represent the University. However, personal publishers must comply with all University rules and policies as well as state and federal laws concerning appropriate use of computers.

Responsible Parties: Personal publishers.

10. Commercial Sales, Solicitations and Advertisements

The use of University web hosting resources for commercial gain is strictly prohibited unless authorized by and in accordance with URCM policies.

Responsible Parties: All web site builders, maintainers, custodians.

11. Sanctions for Policy Violations

Penalties for violation of this policy range from loss of web hosting service usage privileges to dismissal from the University, prosecution, and/or civil action. Each case will be determined separately on its merits. Referrals for legal action will be made through the Office of the Vice Chancellor and General Counsel.

Responsible Parties: All web site builders, maintainers, custodians.

12. Authority

The Central Web Services team in ITSS is the administrative owner of the official ITSS managed web hosting service. The members of this team have the authority to intervene in cases that include but are not limited to service abuse and security breaches, as these situations might impact University business or compromise the protected information of the University's employees and/or students.

While Central Web Services is not the owner of all managed web hosting services, it has the authority to work with the owning department, the ITSS Information Security Team, and/or the ITSS Data Communications Department to mitigate, or minimize the impact that may result from any web hosting service abuse.

Responsible party: Central Web Services.

References and Cross-references.