Last modified: março 14, 2025
Policy No. 4204 Website Services Security Procedure
Visão geral
District and school websites are an online representation of Provo City School District. They reflect the goals and values of the district. Websites are a first impression and a gateway to the many valuable services offered through the district.
Without proper security, websites can be attacked, hacked, and misused for nefarious purposes, including malware and virus distribution, backdoor entry, human exploitation, and false, misleading, or inappropriate content.
Finalidade
The purpose of this procedure is to provide a baseline standard for the building and maintaining of websites in a secure manner.
Escopo
This procedure covers all Provo City School District websites, including elementary school websites, secondary school websites, and district-level websites. This does not include Social Media platforms (e.g., Facebook, Twitter).
Procedimento
Website Server Software and Hardware Restrictions
- All District-authorized school and district websites will be hosted on server hardware in a location accessible and controlled by District Technology Support.
- District Technology Support shall have the ability to edit, change, disable, and/or enable school and district websites at any time.
- District-authorized school and district websites, including teacher and staff web pages, are not to be hosted outside District Technology Support control.
- Server installation and security procedures must be followed when installing or changing server hardware and software.
- Only District Technology Support will have access to maintain the server hardware and software.
Website Content Management
- Only trained district and school personnel who are selected to manage website content will have access to edit school and district websites.
- One (1) Content Manager from each school and/or department will be selected and trained to manage website content.
- Content Managers are responsible for maintaining and monitoring content on assigned websites and/or web pages.
- Content Managers can request to have Content Contributors assist them. Content Contributors are only allowed access to designated web pages and do not need to be trained. Content Managers are responsible for any content posted by contributors.
- Every teacher has, or will have, an official web page hosted on their school website. Training is not required for teachers to access and use this web page; however, teachers will be required to read and understand the standards and ethics found in the document: Web Page Guidelines for Administrators, Teachers, and Staff.
Access to Website Content Management Systems
- All websites in Provo City School District are maintained through a Content Management System (CMS). This allows trained teachers and staff to access and edit content without understanding code and backend processes. The following processes are employed to keep each CMS secure:
- CMS users shall maintain a strong password and not share the password with any other person.
- CMS users may only upload the following file types to the media library. All other file types are prohibited:
- JPEG
- GIF
- PNG
- XLS
- MP4
- MOV
- MP3
- CMS users must properly compress and resize images and movies that are uploaded to the media library according to procedures listed below.
For detailed procedures, see the following documentation:
- Web Services Security Procedure
- Website Access Procedure
- Web Server Installation and Configuration Procedure
- Web Page Guidelines for Administrators, Teachers, and Staff
- Content Manager Responsibilities
Last Update Status:
Updated January 2015
Related Policies and Procedures
- 4204 Uso aceitável
- 4204 Auditoria
- 4204 Mesa limpa
- 4204 Plano de recuperação de desastres
- 4204 E-mail
- 4204 Treinamento de conscientização de segurança para funcionários
- Criptografia 4204
- 4204 Senha
- 4204 Acesso remoto
- 4204 Segurança do roteador e do switch
- 4204 Segurança para estações de trabalho confidenciais
- 4204 Plano de resposta de segurança
- Segurança do servidor 4204
- Instalação do software 4204
- 4204 Segurança dos serviços do site
- 4204 Comunicação de dispositivos sem fio
- 4204 Comunicação de infraestrutura sem fio