Purpose
Guidelines regarding confidential and sensitive content on a USD website, how information is secured on USD web servers, as well as how web systems are monitored.
By default any information stored on USD web servers is not secured and can be viewed by anyone and may be crawled by search engines. In addition, any information stored on USD-affiliated websites created outside the sandiego.edu domain are not secured. As a result, websites should not collect and store confidential or sensitive information unless the data can be properly secured.
Application
These policies apply to websites on the USD domain (*.sandiego.edu) that are supported by ITS University Web Services, as well as personal USD Sites (WordPress-powered) websites.
University websites and personal WordPress websites will be reviewed annually by University Web Services to assess ongoing security of data and check for any inappropriate confidential or sensitive information.
University Web Services will periodically review storage utilization reports and file listings for the campus web server and will contact persons who violate this procedure and request they remove the offending files or provide justification for their storage on the campus web server.
Practice/Standard
- Acceptable use and responsible use of university computing resources applies to all maintainers who add content to any pages on the USD website.
- Confidential and sensitive data, including FERPA and HIPAA, is identified in the Information Security Policy. Servers are scanned for specific violations on a periodic basis.
- Security against hackers and malware attacks. For security purposes and to make sure USD websites and personal WordPress websites remain available to all users, we use special software programs and scripts to monitor network traffic and identify unauthorized attempts to upload or change information, or otherwise cause damage to the system. These programs collect no information that would directly identify individuals, but can collect information to help identify someone attempting to tamper with USD websites. Activities may be monitored and recorded. Anyone using USD websites expressly consents to such monitoring.
- Obtaining access to a university website. Any USD-affiliated department/organization, faculty/staff member or student is eligible to add content to the site. For the university website, users must complete the Content Management System (CMS) training and submit an online access request after training is complete to have their account created. All academic and administrative websites must be housed on the university web server and are required to use the *.sandiego.edu domain.
- Obtaining a personal USD Sites website. The university provides a USD Sites (WordPress-driven) solution offering users a web-based content management system and themes to choose from. USD Sites is a self-service personal or professional website system that can be used to build class websites, e-portfolios, individual or group blogs, or project or group websites. There are several dynamic USD-branded themes to choose from allowing you to create your website with little coding knowledge or web software needed. Activate your account by completing the 'Register' form on the USD Sites landing page. Currently, there is no technical assistance provided for this intuitive platform after your account is opened. Refer to Wordpress.org for documentation and other resources.
- Web Server Storage. The campus web servers should only be used to store files that are needed for the website. They should not be used as file storage space for files not needed for the actual website. This would include all non-web files, unedited images or video clips, or personal files. Appropriate usage of storage space is reviewed periodically.
Exceptions
It is highly discouraged to create a separate domain from sandiego.edu. However, if an exception is made on an outside server, such as through Squarespace, GoDaddy, etc., the same policies apply for exposing confidential/sensitive information. However, these spaces cannot be maintained or monitored by University Web Services.
Examples of Potential Cases
Policies apply to all types websites:
http://www.sandiego.edu/ (Main website)
http://www.sandiego.edu/peace (Academic area website)
http://www.sandiego.edu/finance (Departmental website)
http://alumni.sanidego.edu (3rd-party vendor domain)
http://www.meetatusd.com (Personal domain websites)
http://sites.sandiego.edu/webteam (USD Sites WordPress-driven site)
Status: In effect, created November 11, 2016
Policy Steward: Senior Director Library and Web Services
Policy Owner: Vice Provost and Chief Information Officer, ITS