Last modified: mars 14, 2025
Policy No. 4204 Website Services Security Procedure
Vue d'ensemble
District and school websites are an online representation of Provo City School District. They reflect the goals and values of the district. Websites are a first impression and a gateway to the many valuable services offered through the district.
Without proper security, websites can be attacked, hacked, and misused for nefarious purposes, including malware and virus distribution, backdoor entry, human exploitation, and false, misleading, or inappropriate content.
Objectif
The purpose of this procedure is to provide a baseline standard for the building and maintaining of websites in a secure manner.
Champ d'application
This procedure covers all Provo City School District websites, including elementary school websites, secondary school websites, and district-level websites. This does not include Social Media platforms (e.g., Facebook, Twitter).
Procédure
Website Server Software and Hardware Restrictions
- All District-authorized school and district websites will be hosted on server hardware in a location accessible and controlled by District Technology Support.
- District Technology Support shall have the ability to edit, change, disable, and/or enable school and district websites at any time.
- District-authorized school and district websites, including teacher and staff web pages, are not to be hosted outside District Technology Support control.
- Server installation and security procedures must be followed when installing or changing server hardware and software.
- Only District Technology Support will have access to maintain the server hardware and software.
Website Content Management
- Only trained district and school personnel who are selected to manage website content will have access to edit school and district websites.
- One (1) Content Manager from each school and/or department will be selected and trained to manage website content.
- Content Managers are responsible for maintaining and monitoring content on assigned websites and/or web pages.
- Content Managers can request to have Content Contributors assist them. Content Contributors are only allowed access to designated web pages and do not need to be trained. Content Managers are responsible for any content posted by contributors.
- Every teacher has, or will have, an official web page hosted on their school website. Training is not required for teachers to access and use this web page; however, teachers will be required to read and understand the standards and ethics found in the document: Web Page Guidelines for Administrators, Teachers, and Staff.
Access to Website Content Management Systems
- All websites in Provo City School District are maintained through a Content Management System (CMS). This allows trained teachers and staff to access and edit content without understanding code and backend processes. The following processes are employed to keep each CMS secure:
- CMS users shall maintain a strong password and not share the password with any other person.
- CMS users may only upload the following file types to the media library. All other file types are prohibited:
- JPEG
- GIF
- PNG
- XLS
- MP4
- MOV
- MP3
- CMS users must properly compress and resize images and movies that are uploaded to the media library according to procedures listed below.
For detailed procedures, see the following documentation:
- Web Services Security Procedure
- Website Access Procedure
- Web Server Installation and Configuration Procedure
- Web Page Guidelines for Administrators, Teachers, and Staff
- Content Manager Responsibilities
Last Update Status:
Updated January 2015
Related Policies and Procedures
- 4204 Utilisation acceptable
- 4204 Audit
- 4204 Bureau propre
- 4204 Plan de reprise après sinistre
- 4204 Courriel
- 4204 Formation des employés à la sensibilisation à la sécurité
- 4204 Chiffrement
- 4204 Mot de passe
- 4204 Accès à distance
- 4204 Sécurité des routeurs et des commutateurs
- 4204 Sécurité des postes de travail sensibles
- 4204 Plan d'intervention de sécurité
- 4204 Sécurité du serveur
- 4204 Installation du logiciel
- 4204 Services de sécurité des sites web
- 4204 Communication entre dispositifs sans fil
- 4204 Communication d'infrastructure sans fil