Differences between revisions 2 and 3
Revision 2 as of 2016-09-13 13:59:17
Size: 7943
Editor: jjrobertson
Comment:
Revision 3 as of 2016-09-16 13:39:51
Size: 8501
Editor: rowe
Comment:
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
Line 8: Line 7:
Line 11: Line 9:
 *Support the university Strategic Plan, noting the emphasis on Community Engagement that requires positive and consistent image and branding.
 *Assist website developers, content managers, and web publishers in developing sites that comply with university policies and guidelines, and local, state, and federal laws. *
 *Facilitate the official business of the university through appropriate online transaction
s.
 *Verify that there is a development model to sustain the website over time and through technology platform shifts.
 * Support the university Strategic Plan, noting the emphasis on Community Engagement that requires positive and consistent image and branding.
 * Assist website developers, content managers, and web publishers in developing sites that comply with university policies and guidelines, and local, state, and federal laws.
 * Facilitate the official business of the university through appropriate online transactions.
 *
Verify that there is a development model to sustain the website over time and through technology platform shifts.
Line 16: Line 14:
This applies to websites located within the oakland.edu domain and all subdomains, the official website of the Oakland University and websites conducting university business. This applies to websites located within the oakland.edu domain and all subdomains, the official website of the Oakland University, and websites conducting university business.
Line 19: Line 17:
All organizations and individuals creating and maintaining websites must comply with university policies, connected acceptable use policies, applicable laws, and regulations. A partial list follows:
Line 20: Line 19:
All organizations and individuals creating and maintaining websites must comply with university policies, connected acceptable use policies, applicable laws, and regulations. A partial list follows:
 *Developers must comply with the university acceptable use Policy #890:
 * Developers must comply with the university acceptable use Policy #890:
Line 24: Line 22:
 *Connected with Policy #890 are the policies of Merit Network, Inc. (also located here: https://www.merit.edu/about-us/policies/#acceptable_use)  * Connected with Policy #890 are the policies of Merit Network, Inc. (also located here: https://www.merit.edu/about-us/policies/#acceptable_use).
Line 26: Line 24:
 *As noted in Policy #890, Oakland University websites are limited to official, course, organization, and personal sites. Websites are prohibited from hosting pages on behalf of individuals and organizations that are not affiliated with the university, in accordance with the above policies  * As noted in Policy #890, Oakland University websites are limited to official, course, organization, and personal sites. Websites are prohibited from hosting pages on behalf of individuals and organizations that are not affiliated with the university, in accordance with the above policies.
Line 28: Line 26:
 *All web sites must follow university and legal standards regarding copyright and trademarks as described in the Policy #890. Student course materials involving Fair Use copyrighted materials must be stored behind a university-protected login identity with access coordinated with course availability.
Line 30: Line 27:
 *All web sites must follow Communications and Marketing standards and related university policy. [[https://wwwp.oakland.edu/Assets/Oakland/ucm/files-and-documents/2016%20Oakland%20University%20Website%20Layout%20Governance%20%E2%80%93%20for%20web%20%E2%80%93%20Updated.pdf|Communications and Marketing Web Governance]] guides the design layout. The university's name and logos must be used in compliance with [[https://wwwp.oakland.edu/policies/communications-and-marketing/450/|Policy 450 Licensing of University Name, Logo and Symbols]]. Additional guidelines are maintained by Communications and Marketing for [[https://wwwp.oakland.edu/ucm/services/web-development-graphics/|Web Development and Graphics]]. [[https://wwwp.oakland.edu/ucm/licensing-and-brand-guidelines/ou-style-guidlines/|Style guidelines]] are also maintained by Communications and Marketing.  * All web sites must follow university and legal standards regarding copyright and trademarks as described in the Policy #890. Student course materials involving Fair Use copyrighted materials must be stored behind a university-protected login identity and with access coordinated with course availability.
Line 32: Line 29:
 *Websites must be developed and maintained with attention to accessibility standards. In compliance with [[https://www.section508.gov/section-508-of-the-rehabilitation-act|Section 508 of the Rehabilitation Act]], the Americans with Disabilities Act, and university non-discrimination policies, all websites to the extent feasible, must be made accessible to people with disabilities. If it is not feasible, alternative methods must be made available to complete the same tasks. Compliance with the [[https://www.w3.org/TR/WCAG20/|WCAG Standard 2.0 Level AA]] is desired.
 Oakland University documentation is in the knowledge base: https://kb.oakland.edu/uts/ADA Efforts
 * All web sites must follow Communications and Marketing standards and related university policy. [[https://wwwp.oakland.edu/Assets/Oakland/ucm/files-and-documents/2016%20Oakland%20University%20Website%20Layout%20Governance%20–%20for%20web%20–%20Updated.pdf|Communications and Marketing Web Governance]] guides the design layout. The university's name and logos must be used in compliance with [[https://wwwp.oakland.edu/policies/communications-and-marketing/450/|Policy 450 Licensing of University Name, Logo and Symbols]]. Additional guidelines are maintained by Communications and Marketing for [[https://wwwp.oakland.edu/ucm/services/web-development-graphics/|Web Development and Graphics]]. [[https://wwwp.oakland.edu/ucm/licensing-and-brand-guidelines/ou-style-guidlines/|Style guidelines]] are also maintained by Communications and Marketing.
Line 35: Line 31:
 *The disclosure of information about students must comply with Federal Family Educational Rights and Privacy Act (FERPA) guidelines. Student grades, individualized student activities, or other typical course activities, must be accessed through a standard university login process to comply with regulations.  * Websites must be developed and maintained with attention to accessibility standards. In compliance with [[https://www.section508.gov/section-508-of-the-rehabilitation-act|Section 508 of the Rehabilitation Act]], the Americans with Disabilities Act, and university non-discrimination policies, all websites to the extent feasible, must be made accessible to people with disabilities. If it is not feasible, alternative methods must be made available to complete the same tasks. Compliance with the [[https://www.w3.org/TR/WCAG20/|WCAG Standard 2.0 Level AA]] is desired. Oakland University documentation is in the knowledge base: [[https://kb.oakland.edu/uts/ADA|https://kb.oakland.edu/uts/ADA Efforts]].
Line 37: Line 33:
 *Websites that involve records or interactions of any type must comply with university policy for retention: Policy #481 Records Retention and Disposal. Additionally, student records may only be released within the rules stated in Policy #470 Release of Student Educational Records. Preservation of records gathered through web sites may also be required to meet external legal requests as noted in Policy #890.  * The disclosure of information about students must comply with federal Family Educational Rights and Privacy Act (FERPA) guidelines. Student grades, individualized student activities, or other typical course activities, must be accessed through a standard university login process to comply with regulations.
Line 39: Line 35:
 *Websites that involve the processing of payment with any type of payment card must be compliant with current Payment Card Industry Data Security Standards.
Line 41: Line 36:
 *Websites that involve the processing of any medical record must be compliant with medical privacy records laws and the Health Insurance Portability and Accountability Act.  * Websites that involve records or transactions of any type must comply with university policy for retention: [[http://www.oakland.edu/policies/481|Policy #481 Records Retention and Disposal]]. Additionally, student records may only be released within the rules stated in [[http://www.oakland.edu/policies/470|Policy #470 Release of Student Educational Records]]. Preservation of records gathered through web sites may also be required to meet external legal requests as noted in Policy #890.
Line 43: Line 38:
 *All websites and website analytics must comply with all applicable laws and university policies governing personal privacy and the confidentiality of information. Sites collecting personally identifiable information must link to the [[https://wwwp.oakland.edu/policies-regulations/web-privacy/|Privacy Statement]].
Line 45: Line 39:
 *Servers and applications must meet campus security standards and protect the privacy and security of personally identifiable and sensitive information. University Technology Services will periodically audit the security of campus servers and applications. If common security best practices are not implemented, the department will be responsible for implementing security improvements and mitigating risk within a reasonable time, depending on risk. If mitigation actions are not taken, the web site will be taken off-line until risk is appropriately mitigated.  * Websites that involve the processing of payment with any type of payment card must be compliant with current Payment Card Industry Data Security Standards. Please verify site plans for processing payments by describing the plan in an email to uts@oakland.edu prior to development.
Line 47: Line 41:
 *Software as a Service, Hosted software, online solutions utilization a web site, and other developed software solutions involving an agreement with Oakland University or payment from Oakland University to a vendor must be procured in compliance with university purchasing policies and procedures described here: [[https://wwwp.oakland.edu/uts/faculty-and-staff-services/software/|Software]].
Line 49: Line 42:
 *To maximize the university software investment, provide efficient use of university resources, and best comply with the above policies and guidelines, an existing university resource is the preferred first choice for any web site. Primary existing resources include:
  *[[https://wwwp.oakland.edu/ucm/services/web-development-graphics/|Percussion Content Management System]]
  *[[http://www2.oakland.edu/elis/moodlehelp.cfm|Moodle for course materials]]
  *Banner for university records
 * Websites that involve the processing of any medical record must be compliant with medical privacy records laws and the Health Insurance Portability and Accountability Act. Please verify site plans for processing any type of medical records by describing the plan in an email to uts@oakland.edu prior to development.
Line 54: Line 44:
=== Custom Web Development ===  * All websites and website analytics must comply with all applicable laws and university policies governing personal privacy and the confidentiality of information. Sites collecting personally identifiable information must link to the [[https://wwwp.oakland.edu/policies-regulations/web-privacy/|Privacy Statement]].
Line 56: Line 46:
 * Servers and applications must meet campus security standards and protect the privacy and security of personally identifiable and sensitive information. University Technology Services will periodically audit the security of campus servers and applications. If common security best practices are not implemented, the department will be responsible for implementing security improvements and mitigating risk within a reasonable time, depending on risk. If mitigation actions are not taken, the web site will be taken off-line until risk is appropriately mitigated. Servers and applications must comply witn university [[http://www.oakland.edu/policies/880|Policy #880 Systems Administration Responsibilities.]]

 * Software as a Service, Hosted software, online solutions utilization a web site, and other developed software solutions involving an agreement with Oakland University or payment from Oakland University to a vendor must be procured in compliance with university purchasing policies and procedures described here: [[https://wwwp.oakland.edu/uts/faculty-and-staff-services/software/|Software]].

 * To maximize the university software investment, provide efficient use of university resources, and best comply with the above policies and guidelines, an existing university resource is the preferred first choice for any web site. Primary existing resources include:
  * [[https://wwwp.oakland.edu/ucm/services/web-development-graphics/|Percussion Content Management System]]
  * [[http://www2.oakland.edu/elis/moodlehelp.cfm|Moodle for course materials]]
  * Banner for university records

=== Custom Web Development ===
Line 58: Line 58:
 1. Submission of the request to University Technology Services at uts@oakland.edu.
 2.Description of the purpose of the web environment.
 3. Description why an existing university web environment will not work for the project.
 4. University Technology Services (UTS) and University Communications and Marketing (UCM) will then engage in a review involving a series of meetings with the requesting office. The review will include a step-by-step review of each of the areas of policy and standards compliance with the requesting unit expected to address each area.
 5. UTS and UCM will then design an appropriate solution, including resources to sustain the website over time.
 6. UTS and UCM will work with a designated representative of the financial office to determine the initial cost of the project and the ongoing annual costs.
 7. The project will then be presented to the requesting office to determine whether they want to continue.
 8. If continued effort is desired, the project will be presented to the area Vice President for approval.
 9. If approved, the project will proceed.
 1. Submission of the request to University Technology Services at uts@oakland.edu .
 1. Description of the purpose of the web environment.
 1. Description why an existing university web environment will not work for the project.
 1. University Technology Services (UTS) and University Communications and Marketing (UCM) will then engage in a review involving a series of meetings with the requesting office. The review will include a step-by-step review of each of the areas of policy and standards compliance with the requesting unit expected to address each area.

 1
. UTS and UCM will then design an appropriate solution, including resources to sustain the website over time.
 1.
 1
. UTS and UCM will work with a designated representative of the financial office to determine the initial cost of the project and the ongoing annual costs.
 1.
 1
. The project will then be presented to the requesting office to determine whether they want to continue.
 1. If continued effort is desired, the project will be presented to the area Vice President for approval.
 1. If approved, the project will proceed.

Web Development Guidelines

Introduction

Oakland University's presence on the World Wide Web is essential to its mission. Thus, the university's web development guidelines seek to establish standards that will:

  • Support the university Strategic Plan, noting the emphasis on Community Engagement that requires positive and consistent image and branding.
  • Assist website developers, content managers, and web publishers in developing sites that comply with university policies and guidelines, and local, state, and federal laws.
  • Facilitate the official business of the university through appropriate online transactions.
  • Verify that there is a development model to sustain the website over time and through technology platform shifts.

This applies to websites located within the oakland.edu domain and all subdomains, the official website of the Oakland University, and websites conducting university business.

Policies and Standards Applicable to All Websites

All organizations and individuals creating and maintaining websites must comply with university policies, connected acceptable use policies, applicable laws, and regulations. A partial list follows:

  • Developers must comply with the university acceptable use Policy #890:

    Policy 890: Use of University Information Technology Resources

  • Connected with Policy #890 are the policies of Merit Network, Inc. (also located here: https://www.merit.edu/about-us/policies/#acceptable_use).

  • As noted in Policy #890, Oakland University websites are limited to official, course, organization, and personal sites. Websites are prohibited from hosting pages on behalf of individuals and organizations that are not affiliated with the university, in accordance with the above policies.
  • All web sites must follow university and legal standards regarding copyright and trademarks as described in the Policy #890. Student course materials involving Fair Use copyrighted materials must be stored behind a university-protected login identity and with access coordinated with course availability.
  • All web sites must follow Communications and Marketing standards and related university policy. Communications and Marketing Web Governance guides the design layout. The university's name and logos must be used in compliance with Policy 450 Licensing of University Name, Logo and Symbols. Additional guidelines are maintained by Communications and Marketing for Web Development and Graphics. Style guidelines are also maintained by Communications and Marketing.

  • Websites must be developed and maintained with attention to accessibility standards. In compliance with Section 508 of the Rehabilitation Act, the Americans with Disabilities Act, and university non-discrimination policies, all websites to the extent feasible, must be made accessible to people with disabilities. If it is not feasible, alternative methods must be made available to complete the same tasks. Compliance with the WCAG Standard 2.0 Level AA is desired. Oakland University documentation is in the knowledge base: https://kb.oakland.edu/uts/ADA Efforts.

  • The disclosure of information about students must comply with federal Family Educational Rights and Privacy Act (FERPA) guidelines. Student grades, individualized student activities, or other typical course activities, must be accessed through a standard university login process to comply with regulations.
  • Websites that involve records or transactions of any type must comply with university policy for retention: Policy #481 Records Retention and Disposal. Additionally, student records may only be released within the rules stated in Policy #470 Release of Student Educational Records. Preservation of records gathered through web sites may also be required to meet external legal requests as noted in Policy #890.

  • Websites that involve the processing of payment with any type of payment card must be compliant with current Payment Card Industry Data Security Standards. Please verify site plans for processing payments by describing the plan in an email to uts@oakland.edu prior to development.

  • Websites that involve the processing of any medical record must be compliant with medical privacy records laws and the Health Insurance Portability and Accountability Act. Please verify site plans for processing any type of medical records by describing the plan in an email to uts@oakland.edu prior to development.

  • All websites and website analytics must comply with all applicable laws and university policies governing personal privacy and the confidentiality of information. Sites collecting personally identifiable information must link to the Privacy Statement.

  • Servers and applications must meet campus security standards and protect the privacy and security of personally identifiable and sensitive information. University Technology Services will periodically audit the security of campus servers and applications. If common security best practices are not implemented, the department will be responsible for implementing security improvements and mitigating risk within a reasonable time, depending on risk. If mitigation actions are not taken, the web site will be taken off-line until risk is appropriately mitigated. Servers and applications must comply witn university Policy #880 Systems Administration Responsibilities.

  • Software as a Service, Hosted software, online solutions utilization a web site, and other developed software solutions involving an agreement with Oakland University or payment from Oakland University to a vendor must be procured in compliance with university purchasing policies and procedures described here: Software.

  • To maximize the university software investment, provide efficient use of university resources, and best comply with the above policies and guidelines, an existing university resource is the preferred first choice for any web site. Primary existing resources include:

Custom Web Development

If your unit seeks a web development environment outside the usual Percussion or Moodle environment, a review process must be initiated:

  1. Submission of the request to University Technology Services at uts@oakland.edu .

  2. Description of the purpose of the web environment.
  3. Description why an existing university web environment will not work for the project.
  4. University Technology Services (UTS) and University Communications and Marketing (UCM) will then engage in a review involving a series of meetings with the requesting office. The review will include a step-by-step review of each of the areas of policy and standards compliance with the requesting unit expected to address each area.
  5. UTS and UCM will then design an appropriate solution, including resources to sustain the website over time.
  6. UTS and UCM will work with a designated representative of the financial office to determine the initial cost of the project and the ongoing annual costs.
  7. The project will then be presented to the requesting office to determine whether they want to continue.
  8. If continued effort is desired, the project will be presented to the area Vice President for approval.
  9. If approved, the project will proceed.