Web pages are an outward representation of The University of Alabama in Huntsville (UAH) to potential and current students, along with alumni, faculty, staff, and the community. The web pages should be of consistent design and portray accurate information to the community. Moreover, the web pages need to be secure for confidential and private information.
This policy establishes the criteria and requirements for all UAH web pages that are hosted on UAH IT resources. This policy applies to all IT usage by faculty, staff, students, researchers, or other users of information technology (IT) resources that produce, update, or maintain UAH web pages.
1.0 UAH Web pages
All web pages hosted on UAH IT resources shall be for official University business and comply with the policies and design defined by the Office of Marketing and Communications.
1.1 Departmental Web pages and Web servers
Department web pages and websites shall be hosted on the primary campus web server whenever possible. Possible exceptions to this requirement may be, but are not limited to, cases where the data presented on the web page are extremely large and require being distributed from a separate web server. These exceptions shall be documented as required in the "Protection of Data" policy.
1.2 Individual Web Pages Hosted on UAH IT Resources
UAH Office of Information Technology (OIT) maintains a web server for individual web pages for academic purposes. This web server is not to be used for non-UAH business purposes. All uses of this web server are subject to all policies governing use of IT resources and web page design.
Accounts on the web pages server are granted to all active employees and students of UAH. Accounts and web pages are removed as documented in the "Network, Computer, and E-mail Accounts Administration" policy. It is the user's responsibility to backup all web page data before separating from UAH.
1.3 Encryption of Data
All confidential or private data shall be encrypted in transit. This includes, but is not limited to, usernames, passwords, personally identifiable information, and any data classified as private or confidential in the "Protection of Data" policy. Utilizing secure socket layer (SSL) sessions may provide the encryption.
1.4 Web Application Authentication
Websites or web pages that require user authentication shall be accessed through an encrypted session and utilize the university-wide Trusted identity Management System wherever possible. Any exceptions shall be documented as required in the "Protection of Data" policy.
1.5 Update and Removal of Web pages
Web pages and websites shall be updated or removed, by the data owner, when the information provided is no longer current.
2.0 Compliance with Policy
OIT personnel may take immediate action to abate identified issues impacting network or system operations.
Violations that constitute a breach of the Student Conduct Code, the Faculty Handbook, the Staff Handbook, or University policy, will be referred to appropriate university authorities.
