Security Awareness

Web Development FAQs

Web Page Development

 

Web Page Development

I want to develop a departmental web page. Do I need to notify anyone or follow any development standards?

No one needs to be notified however, web page/publication developers creating official University web pages/publications need to comply with the page/publication design guidelines outlined in the University Data and Computing Standards and the Data/System Administrator Responsibilities and System Requirements and any other University/Campus publishing policies/guidelines/procedures. Web page developers must also comply with the Americans with Disabilities Act by designing web pages/publications that are accessible to screen reading devices that are used by people with visual impairments. Refer to the University World-Wide Web Guidelines for specific development requirements. Departmental web pages should be linked to the appropriate campus' homepage (e.g., Amherst Campus related pages/publications should contain a link to the Amherst Campus homepage) and linked to a search engine that has access to all official University web pages/publications.

Policy Referenced : Data and Computing Standard (PDF)

Date Revised : 2006-03-29

Back to top

I am developing a web application for my department. Are there any standards?

Yes. The application you are developing should be ADA (i.e., Americans with Disabilities Act) compliant.

Additionally, the University Data and Computer Standards and the Data/System Administrator Responsibilities and System Requirements outline the standards for applications/databases developed for use on the WWW which access Confidential, Restricted, or Private Data . 

Web applications/databases should support and include:

a. User authentication

b. A level of security that ensures only authorized users have access to appropriate data

c. Inter-system communication security - the controls put in place to insure that communications between computer systems at different sites is private, complete and accurate, and that unauthorized access is denied.

d. Journaling - the process of recording access (read, changes, deletions, etc.) against data so that a previous version of the data can be reconstructed. This is also referred to as logging.

e. Monitoring - usually the use of audit trails or logs.

f. Trace facilities - methods that provide a historical record of specified events occurring in a computer system(s).

Policy Referenced : Data and Computing Standard (PDF)

Date Revised : 2006-03-29

Back to top

Can I create a personal web page and put it on a University server/web site?

University Internet resources may not be used to create web pages for personal business or financial gain, except as permitted by other University policies. The University does allow for employees' personal pages that provide information about an individual that is relevant to that individual's role at the University and student personal pages.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-29

Back to top

Are there any restrictions regarding what data can be posted on University web pages?

No private or confidential data will be accessible on the WWW without the permission of the appropriate University data custodian.

WWW access to such data shall be secured in a manner which is commensurate with the classification and confidentiality of the data contained on the page/publication.

Information contained on official web pages/publications shall contain no statements of a fraudulent, defamatory, harassing, abusive, obscene or threatening nature. Such information will be removed from display.  Additionally, the University has special concern for incidents in which individuals are subject to harassment or threat because of membership in a particular racial, religious, gender or sexual orientation group.

Official web pages may contain external advertising if University policy allows such advertising in print media and only if such advertising is specified pursuant to a valid contractual agreement between the University and a third-party.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-29

Back to top