Web Guidelines

Please note that compliance with University Guidelines is expected in normal circumstances, and any deviation from Guidelines – which should only be in exceptional circumstances – needs to be justifiable.

Purpose

The University of Otago's goal for its web presence is to provide a usable, informative, consistent and up-to-date online presence that represents and promotes the teaching, research, values, and culture of the University of Otago to all its students, staff, colleagues and external users.

These Guidelines supplement, and should be read in conjunction with, the University of Otago Web Policy.  They provide practical information for staff, including information on best practice, and resources and support to assist those responsible for maintaining the quality and integrity of the University's web presence.

Organisational scope

The Web Guidelines apply to the web presence of any department, group, centre or other organisational unit that is a part of, or owned, managed and staffed by the University, or run by funding won under the auspices of the University, irrespective of whether their website is hosted on University servers or otherwise.

The Web Guidelines differentiate between University websites, built specifically for the University of Otago and over which the University has comprehensive control, and the University's wider web presence, which includes material provided through external websites and third-party applications, over which control is more limited.

Joint venture collaborators are strongly encouraged to use the Web Guidelines as a reference.

Definitions

University web presence

All webpages available via the internet which purport to represent all or part of the University of Otago, including webpages associated with applications, blogs, social media and other web-based services.

University  websites

A subset of the University web presence, encompassing all webpages created specifically for the University of Otago; for the purposes of this Policy this definition excludes third-party application webpages (e.g. Blackboard webpages) and external webpages upon which the University may have a presence (e.g. Facebook).

Content Management System (CMS)

Software, or a suite of software applications, that is used to prepare, publish and manage content in a web-ready format.

Heads of Departments

For the purpose of this policy, the term Heads of Departments includes Directors of Centres and Research Groups, and Directors of Service Divisions.

Web Contact Person

A nominated departmental, or cross-departmental, contact person who can direct queries on content and technical issues to the appropriate person for action.

Content Administrators

Staff charged with generating and organising content for the University's web presence, including designated web editors and reviewers.

Designers

Those with responsibility for the appearance of websites, including specialist design staff in Web Services and some staff in departments.

Programmers/Developers

Those with advanced skills in the software, applications and code which underlie websites, including specialist staff in Web Services and some technical staff in departments.

Website Administrators

Staff who have administrative responsibility for websites within the University's overall web presence.

Social media

The creation, dissemination and exchange of user-generated content in an electronic and online setting using (but not limited to) social networks.

Te Reo Māori

The Māori language.

Te Ao Māori

The Māori world or a Māori worldview.

Kaupapa Māori

Any particular plan of action created by Māori, expressing Māori aspirations and expressing Māori values and principles.

Content

1. Branding

1. Branding of University websites should be consistent with the University's Brand Policy and Brand Guide.
2. All University websites should include links to the University's Disclaimer and Copyright and Website Privacy notices.
3. Other parts of the University's web presence (e.g. material on external sites and third-party applications) should, so far as is practically possible, adhere to the requirements for University websites detailed in clauses 1(a) and (b) above.

2. Production of Web Content

1. To assist with the production of quality web content, Heads of Departments are strongly encouraged to appoint or nominate a lead Content Administrator to work across all websites in their remit.
2. All prose content published to the University's web presence must be checked for accuracy, spelling and grammar.
3. Staff involved in writing web content are strongly encouraged to complete the “Writing for the Web” online course and to access other web writing resources available via the Web Services website.
4. Staff involved in producing web content are encouraged to integrate Te Reo Māori and aspects of Te Ao Māori and Kaupapa Māori where appropriate, in accordance with the Māori Strategic Framework (further advice may be sought from the Office of Māori Development).
5. Where practicable, content displayed on webpages should be dynamically sourced from a single authoritative data source, including but not limited to:
   1. paper and course information held by Academic Services
   2. publications information held by the Research Office
   3. staff contact information held by Information Technology Services and/or Human Resources, and
   4. Central identity and access information held by Information Technology Services.
      Content Administrators and Developers/Programmers should be aware of primary sources of data that may be dynamically accessed, and can seek advice from Information Technology Services or Web Services on interfacing with such data sources.
6. Departments or staff engaged in, or considering engaging in, social media need to act in accordance with the University's Social Media Policy, and should also be cognisant of the Policy for Managing News Media Enquiries.  Additionally, consideration should be given to:
   1. the monitoring and moderation of social media to ensure the University's reputation and standards are maintained
   2. the allocation of sufficient time to maintain the social media presence on a daily basis, and
   3. the need for University staff to self-identify as such when representing the University in a social media setting.
7. Staff or students involved in producing web content, including through social media, should be aware of copyright considerations and relevant legislation as listed in the 'Related Policies, Procedures and Forms' section at the end of these Guidelines.

3. Management of Web Content

1. To assist with the management of web content, Heads of Departments are strongly encouraged to appoint or nominate a Web Contact Person, to whom they can delegate responsibility for ensuring that content is managed as per the requirements of these Guidelines and the University's Web Policy.
2. To ensure a high quality and accurate web presence, content should be updated whenever necessary, and formally reviewed at least annually to ensure that it remain current and correct.
3. Designers and Content Administrators should familiarise themselves with the access management tools that are currently available at the University in order to appropriately restrict access to sensitive or confidential content (further information is available from Information Technology Services and Web Services).
4. The National Library of New Zealand carries out periodic archiving of all websites with the .nz country code.  In addition, University websites should be archived if major changes are being implemented, or if the website and/or significant web content are going to be retired or decommissioned. Advice may be sought from the Web Office, and archiving may be achieved either through requesting a National Library of New Zealand selective web site harvest, or through the use of other archiving technologies.

4. Hosting and Building of Websites (including Online Applications)

1. To provide better security and maximise the value of the University's investment in information technology, all University websites should be hosted by the University and be accessible via the otago.ac.nz domain.
2. To support appropriate branding, accessibility, security, content and content management, all University websites, other than blogs, shall be built on and operated through the University's central Content Management System.
3. Where online applications in the University's web presence are developed and maintained by third party entities (e.g. staff and student webmail, Blackboard, AskOtago) these applications should meet University standards to the extent that this is possible, and compliance with the University's Web Policy and these Guidelines should be encouraged, particularly where accessibility and privacy issues are concerned.
4. Before a third party utility application is implemented, Information Technology Services and Web Services should be consulted to ensure that the application meets basic University requirements.
5. University websites previously built outside the University's central Content Management System are expected to comply with standards in the Web Policy and these Guidelines, and to meet current acceptable technical standards (advice on which can be sought from Web Services).
6. Heads of Department are expected to have plans in place, including timelines, for migrating University websites not already in the University's central Content Management System into that System.

5. Accessibility

1. The University's web presence aims to meet New Zealand Government Web Accessibility Standards, except where these standards are Government specific.
2. Developer/Programmers, Designers and Content Administrators are strongly encouraged to evaluate their webpages for accessibility using tools such as the WAVE web accessibility evaluation tool.

6. Security

1. All significant information security incidents and risks, including those involving web services, must be reported to the Information Security Office.
2. Developers/Programmers are expected to be familiar with the University's Information and Communications Technology Regulations 2014, and relevant Information Technology policies, and should be aware of web application security issues outlined by industry-specific initiatives such as the Open Web Application Security Project (OWASP).
3. Developers/Programmers should have operational awareness of security concerns including, but not limited to:
   1. maintenance of appropriate access control on files and directories
   2. maintenance of appropriate access control on resources such as databases
   3. the potential for cross-site scripting and cross-site request forgery
   4. the potential for session fixation and hijacking
   5. the potential for SQL injection
   6. the need for appropriate encryption during secure transactions and data storage, and
   7. the appropriate use of existing authentication frameworks.

7. Sources of Support

1. Web Services can provide:
   1. advice on all aspects of the University's web presence, including resources to assist with web design, web development and web writing, and
   2. assistance with content which poses legal or reputational risk to the University.

2. Information Technology Services can provide:
   1. technical advice, including advice on applications and application interfaces, access management tools and security
   2. web-related training opportunities, and
   3. assistance with website security issues which pose a risk to the University.

3. The Office of Māori Development can provide advice on Te Reo Māori and Te Ao Māori.
4. The University maintains information on copyright considerations, and further advice can be sought from the Manager, Copyright and Open Access.

Related policies, procedures and forms

University policy documents

• Web Policy
• Brand Policy
• Brand Guide
• Social Media Policy
• Policy for Managing News Media Enquiries
• Information and Communications Technology Regulations 2014
• Māori Strategic Framework
• Information and Records Management Policy

Relevant legislation

• Crimes Act 1961
• Copyright Act 1994
• Defamation Act 1992
• Films, Videos, and Publications Classification Act 1993
• Harmful Digital Communications Act 2015
• Privacy Act 1993

Other resources

• Copyright at Otago
• New Zealand Government Web Accessibility Standards
• WAVE web accessibility evaluation tool
• National Library of New Zealand web harvesting information
• New Zealand Government Web Toolkit on removing or archiving web content

Contact for further information

If you have any queries regarding the content of this policy or need further clarification, contact the

Senior Strategy and Policy Adviser
External Engagement
Email: adviser-ee@otago.ac.nz