Security and operational standards for web servers and websites

These standards apply to everyone in the University who host, operate or manage web servers and websites which are hosted either internally or externally.

The following Standards apply to all personnel throughout the University who host, operate or manage web servers and websites which are hosted either internally or externally. Failure to fully comply with the requirements of these Standards, by those to whom they apply, could result in the web server that they operate being blocked from the University network, or the website which they are associated with being taken down.

  1. Computers that are used as web servers or to host websites are to be secured and configured in accordance with the University's Systems Security & Network Access & Management Policy.
  2. Websites and web pages are only to be published once they have been confirmed as fully complying with the University's website regulations­. ­
  3. All web servers and websites must be registered with University webmaster prior to them being put into operational production or published to make them available to their intended audience, as appropriate.
  4. Where passwords are used to access websites, these must be passed over SSL (https connection). Digital certificates, which are to be used for this purpose, can be obtained from the IT Web Team.
  5. Access to websites must be controlled to prevent injection of unauthorised content and modification. Care must be taken to ensure that the content cannot be edited by anyone without permission, with particular focus on the content of guestbooks, blogs and wikis. The owner (the person who registers a website) is responsible for regularly and frequently checking their site and is accountable for all of its content.
  6. The branding used on all University websites, whether hosted within or outside the University, must fully comply with the University's Vis­ual Identity standards, and all websites must be developed using one of the standard approaches outlined on the University Communications pages
  7. Websites are not to be hosted external to the University without first obtaining clearance from the University's Communications and Marketing Team. All such applications are to be approved by the University's webmaster in the first instance.
  8. The University reserves the right to take down any website without warning or consultation, pending investigation, where the content is regarded as bringing the University into disrepute (or which may bring the University into disrepute), or where the University is served with a notice to take a website down by a recognised authority.

Related downloads