Best Practices for the Web

The purpose of this policy is to outline the University's policies for students, faculty and staff concerning the use of the University's computing and communication facilities, including those dealing with voice, data, and video. This policy governs all activities involving the University's computing facilities and information resources, including electronically or magnetically stored information. Every user of these systems is required to know and follow this policy.

http://www.admin.utah.edu/ppmanual/1/1-15.html

The purpose of this policy is to outline the University's policy for students, faculty and staff concerning the use of the University's World Wide Web information resources. A set of minimum standards and guidelines for Web sites of University of Utah units and affiliates is necessary to maintain the accuracy, consistency and integrity of such sites. http://www.admin.utah.edu/ppmanual/1/1-16.html

Institutional web sites and pages at the University of Utah are those that present or represent the University's official academic, research and/or administrative programs, plans, and/or policies. Such pages are sponsored or sanctioned by the appropriate University Unit. Examples of Institutional web sites include: Parking Services, Marriott Library, Research Accounting, the Department of Biology, and NetCom.

Institutional websites must be registered with the U Webmaster's Office.

All web sites and pages linked directly from the U home site must conform to U web policy and contain these elements:

• A link (approved logo or text) to the U home page at www.utah.edu
• A link to the University Disclaimer at www.utah.edu/disclaimer/index.html
• A physical address or mail drop
• A phone number with area code
• An e-mail contact address

E-Commerce: Institutional sites and pages which exchange money or secure information are subject to additional requirements and review by the Institutional Security Office.

Non-Institutional web sites and pages at the University of Utah are those outside the defined scope of Institutional University web sites, including but not limited to personal web pages of faculty, staff, and students; web sites of non-University organizations hosted by the University as a courtesy or service; web pages of student organizations recognized by ASUU; and academic web sites and pages created by or for a faculty member. Examples of non-institutional web sites include: The Clark Planetarium, the Chess Club, the AED Pre-med Honor Society, the Utah Inter-Collegiate Assembly, and Phi Alpha Theta.

In order to be linked from the U home page listings, non-Institutional sites and pages must be registered with the U Webmaster's Office, and include the following elements:
• Contact information for the Webmaster or site manager
• A link to the U disclaimer at www.utah.edu/disclaimer/index.html OR the following text:

"The views, opinions and conclusions expressed in these pages are strictly those of the page author. The contents of the site have not been reviewed or approved by the University of Utah."

E-Commerce: Non-Institutional sites and pages linked from the U home page may not contain commercial speech, or exchange money or secure information.

Privacy Policy:
U Web Policy requires any site collecting personally identifiable information to provide a privacy policy statement describing how the information will be used. The statement or a link to it should be provided on the web page requesting the information. Each department or organization is responsible for providing privacy policy statements for the web sites they administer, and each privacy policy statement should be tailored to the specific kind of information collected.

The collection and use of the information must comply with the University Institutional Data Management Policy (PPM 1-12), Information Resources Policy (PPM 1-15), the Student Records provisions of the Student Code of Rights and Responsibilities (PPM 8-10) and the Family Educational Rights and Privacy Act (FERPA) and its implementing regulations.

Transaction and storage security must be provided for protected information. Such security is subject to review or audit by the University Institutional Security Office.

E-mail addresses obtained as a result of a request to a University Web site will not be sold or given to private companies or other organizations for marketing purposes.

The purpose of this Policy is to reduce risks to Information Technology Resources in a manner that is appropriate to their level of criticality to the operation of the University; and the sensitivity of the data residing in or accessible through the
Information Technology Resource.

This policy applies to all members of the University of Utah community, and governs all uses of electronic signatures and electronic records used to conduct the official business of the University of Utah. Such business shall include, but not be limited to electronic communications, transactions, contracts, grant applications and other official purposes.

http://www.admin.utah.edu/ppmanual/1/1-17.html

University Information Technology Resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action.

The purpose of this Policy is to reduce risks to Information Technology Resources in a manner that is appropriate to their level of criticality to the operation of the University; and the sensitivity of the data residing in or accessible through the
Information Technology Resource.

This policy is still under review by University Administration, and should be used only as a guideline and reference until formalized as official University policy.

http://www.it.utah.edu/IT_Security_Policy.pdf

E-commerce services provided by University Web sites must be in support of the University's mission. Sites engaging in Web-based e-commerce must:

1. Register with the University Webmaster and declare their provision of e-commerce services in that registration.
2. Provide data security for e-commerce transactions.
3. Be certified as a secure e-commerce site by the University Institutional Security Office prior to initiating e-commerce traffic. Recertification is required after any change in e-commerce infrastructure which may substantially affect e-commerce transaction security.
4. Be certified as audited for financial and operating practices by the University Internal Audit Department (PPM 3-23) prior to initiating e-commerce traffic.
5. Be subject periodically to audit by the University Internal Audit Department after e-commerce services have commenced.

Information about setting up a website to engage in electronic commerce can be found at http://www.utah.edu/uwebresources/ecom/index.html.