Number
06.01.10
Division
Finance and Administration - Office of Information Technology (OIT)
Date
April 2018
Purpose
The purpose of this policy is to establish the criteria and requirements for UAH web servers and web pages.
Policy

Web pages are an outward representation of The University of Alabama in Huntsville (UAH) to potential and current students, along with alumni, faculty, staff, and the community. The web pages should be of consistent design and portray accurate information to the community. Moreover, the web pages need to be secure for confidential and private information.

This policy establishes the criteria and requirements for all UAH web pages that are hosted on UAH IT resources. This policy applies to all IT usage by faculty, staff, students, researchers, or other users of information technology (IT) resources that produce, update, or maintain UAH web pages.

Procedure

1.0 UAH Web pages

All web pages hosted on UAH IT resources shall be for official University business and comply with the policies and design defined by the Office of Marketing and Communications.

1.1 Departmental Web pages and Web servers

Department web pages and websites shall be hosted on the primary campus web server whenever possible. Possible exceptions to this requirement may be, but are not limited to, cases where the data presented on the web page are extremely large and require being distributed from a separate web server. These exceptions shall be documented as required in the "Protection of Data" policy.

1.2 Individual Web Pages Hosted on UAH IT Resources

UAH Office of Information Technology (OIT) maintains a web server for individual web pages for academic purposes. This web server is not to be used for non-UAH business purposes. All uses of this web server are subject to all policies governing use of IT resources and web page design.

Accounts on the web pages server are granted to all active employees and students of UAH. Accounts and web pages are removed as documented in the "Network, Computer, and E-mail Accounts Administration" policy. It is the user's responsibility to backup all web page data before separating from UAH.

1.3 Encryption of Data

All confidential or private data shall be encrypted in transit. This includes, but is not limited to, usernames, passwords, personally identifiable information, and any data classified as private or confidential in the "Protection of Data" policy. Utilizing secure socket layer (SSL) sessions may provide the encryption.

1.4 Web Application Authentication

Websites or web pages that require user authentication shall be accessed through an encrypted session and utilize the university-wide Trusted identity Management System wherever possible. Any exceptions shall be documented as required in the "Protection of Data" policy.

1.5 Update and Removal of Web pages

Web pages and websites shall be updated or removed, by the data owner, when the information provided is no longer current.

2.0 Compliance with Policy

OIT personnel may take immediate action to abate identified issues impacting network or system operations.

Violations that constitute a breach of the Student Conduct Code, the Faculty Handbook, the Staff Handbook, or University policy, will be referred to appropriate university authorities.

Review
The IT Investment Advisory Council is responsible for the review of this policy every five years (or whenever circumstances require).

Web Servers and Web Pages