These guidelines have been created to inform content managers of the requirements for publishing web content in the College of Life Sciences and BYU.
Because public-facing websites represent the College of Life Sciences and BYU, websites should maintain a neat and professional appearance. The tone and content of any text, images, documents, and other media made available on the site should be in keeping with the mission of the College and BYU.
All web content must abide by the following standards:
Logos and Marks
The list of approved BYU logos and marks as well as the rules governing their use are found at http://licensing.byu.edu
. Creation or display of unapproved logos for BYU organizations is prohibited.
Look & Feel
With the approval of the Dean Office, the Life Sciences Web Team maintains the set of templates and styles that provide a uniform look and feel for all College web content. The LS Web Team reserves the right to make changes to bring pages into compliance with these standards.
The Life Sciences Web Team has provided a secure web environment to host the College’s websites. However, due to the amount of control given to Content Managers, there exists the potential for exposing confidential data and creating security vulnerabilities.
As an academic institution, BYU is subject to the Family Educational Rights and Privacy Act (FERPA). This law limits what student information can be displayed. BYU’s strategy for complying with FERPA can be found at http://saas.byu.edu/registrar/records/ferpa.php
. The section titled “Directory Information” lists the data that can be publicly displayed. Any other student information is considered confidential and may only be displayed to approved personnel.
Many of the features of the Content Management System (CMS) allow the gathering of information from website visitors. Whenever unauthenticated visitors have the ability to enter data that is displayed on the website, the potential exists for a website attack called cross-site scripting. (For more information on cross-site scripting, please refer to https://en.wikipedia.org/wiki/Cross-site_scripting
.) To eliminate the potential for this type of attack, any information gathered from website visitors must be reviewed before being publicly displayed. In addition, any opportunities for visitor input must be protected by a captcha (http://en.wikipedia.org/wiki/CAPTCHA
) or require that the visitor be logged-in.