Last modified: mars 14, 2025

Policy No. 4204 Website Services Security Procedure

Download Website Services Security Procedure Document

Vue d'ensemble

District and school websites are an online representation of Provo City School District. They reflect the goals and values of the district. Websites are a first impression and a gateway to the many valuable services offered through the district.

Without proper security, websites can be attacked, hacked, and misused for nefarious purposes, including malware and virus distribution, backdoor entry, human exploitation, and false, misleading, or inappropriate content.

Objectif

The purpose of this procedure is to provide a baseline standard for the building and maintaining of websites in a secure manner.

Champ d'application

This procedure covers all Provo City School District websites, including elementary school websites, secondary school websites, and district-level websites. This does not include Social Media platforms (e.g., Facebook, Twitter).

Procédure

Website Server Software and Hardware Restrictions

All District-authorized school and district websites will be hosted on server hardware in a location accessible and controlled by District Technology Support.
District Technology Support shall have the ability to edit, change, disable, and/or enable school and district websites at any time.
District-authorized school and district websites, including teacher and staff web pages, are not to be hosted outside District Technology Support control.
Server installation and security procedures must be followed when installing or changing server hardware and software.
Only District Technology Support will have access to maintain the server hardware and software.

Website Content Management

Only trained district and school personnel who are selected to manage website content will have access to edit school and district websites.
One (1) Content Manager from each school and/or department will be selected and trained to manage website content.
Content Managers are responsible for maintaining and monitoring content on assigned websites and/or web pages.
Content Managers can request to have Content Contributors assist them. Content Contributors are only allowed access to designated web pages and do not need to be trained. Content Managers are responsible for any content posted by contributors.
Every teacher has, or will have, an official web page hosted on their school website. Training is not required for teachers to access and use this web page; however, teachers will be required to read and understand the standards and ethics found in the document: Web Page Guidelines for Administrators, Teachers, and Staff.

Access to Website Content Management Systems

All websites in Provo City School District are maintained through a Content Management System (CMS). This allows trained teachers and staff to access and edit content without understanding code and backend processes. The following processes are employed to keep each CMS secure:
- CMS users shall maintain a strong password and not share the password with any other person.
- CMS users may only upload the following file types to the media library. All other file types are prohibited:
  - PDF
  - JPEG
  - GIF
  - PNG
  - XLS
  - MP4
  - MOV
  - MP3
- CMS users must properly compress and resize images and movies that are uploaded to the media library according to procedures listed below.

For detailed procedures, see the following documentation:

Web Services Security Procedure
Website Access Procedure
Web Server Installation and Configuration Procedure
Web Page Guidelines for Administrators, Teachers, and Staff
Content Manager Responsibilities

Last Update Status:

Updated January 2015