|Deletions are marked like this.||Additions are marked like this.|
|Line 37:||Line 37:|
* Any display or processing of confidential information described in [[http://www.oakland.edu/policies/860|Policy #860 Information Security]] requires review by the Chief Information Officer or designee prior to development.
Web Development Guidelines and IT Accessibility Toolkits
Oakland University's presence on the World Wide Web is essential to its mission. Thus, the university's web development guidelines seek to establish standards that will:
- Support the university Strategic Plan, noting the emphasis on Community Engagement that requires positive and consistent image and branding.
- Assist website developers, content managers, and web publishers in developing sites that comply with university policies and guidelines, and local, state, and federal laws.
- Facilitate the official business of the university through appropriate online transactions.
- Verify that there is a development model to sustain the website over time and through technology platform shifts.
This applies to websites located within the oakland.edu domain and all subdomains, the official website of the Oakland University, and websites conducting university business.
Policies and Standards Applicable to All Websites
All organizations and individuals creating and maintaining websites must comply with university policies, connected acceptable use policies, applicable laws, and regulations. A partial list follows:
- Developers must comply with the university acceptable use Policy #890:
Connected with Policy #890 are the policies of Merit Network, Inc. (also located here: https://www.merit.edu/about-us/policies/#acceptable_use).
- As noted in Policy #890, Oakland University websites are limited to official, course, organization, and personal sites. Websites are prohibited from hosting pages on behalf of individuals and organizations that are not affiliated with the university, in accordance with the above policies.
- All web sites must follow university and legal standards regarding copyright and trademarks as described in the Policy #890. Student course materials involving Fair Use copyrighted materials must be stored behind a university-protected login identity and with access coordinated with course availability.
All web sites must follow Communications and Marketing standards and related university policy. Communications and Marketing Web Governance guides the design layout. The university's name and logos must be used in compliance with Policy 450 Licensing of University Name, Logo and Symbols. Additional guidelines are maintained by Communications and Marketing for Web Development and Graphics. Style Guidelines are posted here http://viewer.zmags.com/publication/8131966b#/8131966b/1 and are also maintained by Communications and Marketing.
Websites must be developed and maintained with attention to accessibility standards. In compliance with Section 508 of the Rehabilitation Act, the Americans with Disabilities Act, and university non-discrimination policies, all websites to the extent feasible, must be made accessible to people with disabilities. If it is not feasible, alternative methods must be made available to complete the same tasks in a time window equivalent to 24-hour web site availability. Compliance with the WCAG Standard 2.0 Level AA is desired. Oakland University documentation is in the knowledge base: https://kb.oakland.edu/uts/ADA%20Efforts.
- Domain names (URLs) must comply with university Communications and Marketing standards and comply with university policy #850 Network Infrastructure Policy. Domains will be monitored and tested for compliance with accessibility standards. Any licensing costs required to add scanning for the domain will be funded by the unit creating the web site.
- The disclosure of information about students must comply with federal Family Educational Rights and Privacy Act (FERPA) guidelines. Student grades, individualized student activities, or other typical course activities, must be accessed through a standard university login process to comply with regulations.
Any display or processing of confidential information described in Policy #860 Information Security requires review by the Chief Information Officer or designee prior to development.
Websites that involve records or transactions of any type must comply with university policy for retention: Policy #481 Records Retention and Disposal. Additionally, student records may only be released within the rules stated in Policy #470 Release of Student Educational Records. Preservation of records gathered through web sites may also be required to meet external legal requests as noted in Policy #890.
Websites that involve the processing of payment with any type of payment card must be compliant with current Payment Card Industry Data Security Standards. Please verify site plans for processing payments by describing the plan in an email to email@example.com prior to development.
Websites that involve the processing of any medical record must be compliant with medical privacy records laws and the Health Insurance Portability and Accountability Act. Please verify site plans for processing any type of medical records by describing the plan in an email to firstname.lastname@example.org prior to development.
All websites and website analytics must comply with all applicable laws and university policies governing personal privacy and the confidentiality of information. Sites collecting personally identifiable information must link to the Privacy Statement.
Servers and applications must meet campus security standards and protect the privacy and security of personally identifiable and sensitive information. University Technology Services will periodically audit the security of campus servers and applications. If common security best practices are not implemented, the department will be responsible for implementing security improvements and mitigating risk within a reasonable time, depending on risk. If mitigation actions are not taken, the web site will be taken off-line until risk is appropriately mitigated. Servers and applications must comply witn university Policy #880 Systems Administration Responsibilities.
Software as a Service, hosted software, online solutions utilization a web site, and other developed software solutions involving an agreement with Oakland University or payment from Oakland University to a vendor must be procured in compliance with university purchasing policies and procedures described here: Software.
- To maximize the university software investment, provide efficient use of university resources, and best comply with the above policies and guidelines, an existing university resource is the preferred first choice for any web site. Primary existing resources include:
Custom Web Development
If your unit seeks a web development environment outside the usual Percussion or Moodle environment, a review process must be initiated:
Submission of the request to University Technology Services at email@example.com .
- Description of the purpose of the web environment.
- Description why an existing university web environment will not work for the project.
- University Technology Services (UTS) and University Communications and Marketing (UCM) will then engage in a review involving a series of meetings with the requesting office. The review will include a step-by-step review of each of the areas of policy and standards compliance with the requesting unit expected to address each area.
- UTS and UCM will then design an appropriate solution, including resources to sustain the website over time.
- UTS and UCM will work with a designated representative of the financial office to determine the initial cost of the project and the ongoing annual costs.
- The project will then be presented to the requesting office to determine whether they want to continue.
- If continued effort is desired, the project will be presented to the area Vice President for approval.
- If approved, the project will proceed.