MarCom Studio

All Official UTSA websites must be hosted in a secure and high-performing environment to ensure the university's website properties follow best practices for access control, experience minimal outages and are protected from cyber-attacks.

HOSTING REQUIREMENTS

UTSA's official websites are currently hosted on a variety of servers managed on and off campus. The university's goal is to migrate the majority of UTSA websites to servers managed by University Technology Services (UTS) over time.

UTS-managed servers are centrally supported and sites hosted in this environment realize significant benefits including regular backup, 24/7 server monitoring and proactive maintenance. In addition, hosting official UTSA websites on a UTS-managed server provides critical business continuity and centralized access by UTS in case of emergencies or personnel turnover. See the full list of benefits and features on UTS's server virtualization page.

There are valid business cases for hosting some UTSA websites on a non UTS-managed server, whether it is a departmental managed server or a third party hosted solution. Site owners seeking to host a site on a non-UTS-managed server must request an exception through the Web Steering Committee.

The Web Steering Committee may exempt sites from being hosted on a UTS-managed server if it falls into one of the following categories:

• The site is not considered an official UTSA website, but rather classified as an affiliated site, third-party web application/site or personal faculty website.
• The site is a software-as-a-service cloud-hosted application providing a discrete service (e.g.Blackboard, NetCommunity, RowdyLink), and is hosted and fully supported by the vendor.

Any existing external hosting agreements may be reviewed by the Web Steering Committee and amended or renegotiated, as necessary.

EXTERNAL AND DEPARTMENTAL HOSTING PROVIDER REQUIREMENTS

For UTSA official websites hosted on non UTS-managed servers (either by an external third-party, or on a UTSA departmentally-managed server), the following requirements must be followed:

• Security: All policies, procedures and guidelines regarding university information security apply to departmental and third-party hosting service providers, per the individually contracted agreements. See Office of Information Security's (OIS) Security Standards and Information Resources Use and Security Policy (HOP 8.12) for applicable policies and guidelines. Departments that host their sites must have representation within the Information Security Associates and Information Technology Associates working groups.
  
  
• Designated UTSA points of contact: The hosting department or vendor must agree to allow designees from the University Marketing's Web Team, UTS, Office of Information Security and UTS Cyber Security to have access authority for all UTSA sites
  
  
• Technical and maintenance sustainability of web asset: The hosting department or vendor must ensure that they have the technical capability to build and maintain the hosted site and underlying software and/or hardware. Patching and upgrade of the server OS, hardware firmware, and installed software must be performed regularly. Purchased software and hardware must have an up-to-date support agreement with the vendor throughout the lifecycle of the site.
  
  
• Business continuity: It is strongly recommended that any sites hosted on departmental or third party servers arrange for administrative access for a departmental account (in addition to personal UTSA accounts) for business continuity purposes. UTS and the Office of Information Security may not have the ability to manage the permissions of these third-party applications, therefore the department must ensure that administrative access is reviewed periodically and reassigned when an individual who has such access leaves the university or moves to another department.
  
  
• Site Registration: All departmental and third-party hosted sites should register their sites annually with the University Marketing's Web Team.

ADDITIONAL DEPARTMENTAL-OWNED SERVER REQUIREMENTS

Any UTSA department that is hosting an official website on a departmentally-owned and managed server has full administrative responsibility and accountability for their server. Departmentally-based servers are subject to regular review and approval by UTS to ensure the technical and security integrity of the campus network.