University Websites Procedures and Guidelines

About These Procedures

These procedures implement the University Websites Policy. They define site categories, technical requirements, branding standards, domain conventions, hosting requirements, and processes for requesting exceptions. The Web Governance Board reviews and recommends updates to this document; the Office of University Communications maintains the current version. 

When the policy and these procedures appear to conflict, the policy governs. When these procedures and any unit-level guidelines conflict, these procedures govern. 

Site Categories 

The university’s web presence is governed in four categories. Site category is determined by the site’s primary purpose, audience, and the voice it represents. 

Category 1 — Institutional Voice 

Sites whose primary purpose is the university communicating as the institution to external audiences. The university takes full editorial and reputational responsibility for these sites.

Examples include uoregon.edu, admissions.uoregon.edu, around.uoregon.edu, college and school sites, academic department sites, and other units that exist to speak for and about the institution. 

Full governance applies: brand alignment, content review by University Communications when required, approved hosting, accessibility audits, and full security standards. 

Category 2 — Affiliated Voice 

Sites hosted on UO infrastructure that speak for a faculty member, lab, research project, student, or official student government. These sites are governed for accessibility, security, and a minimum level of brand affiliation. 

Examples include faculty professional pages, research lab sites, scholarly project sites, student portfolios on UO Blogs, and grant-funded project websites where UO is the lead institution. 

Minimum brand guidelines and universal standards apply: the minimum brand guidelines (logo, name, identity bar) plus the universal standards (accessibility, security, privacy, records). Content and visual identity above the minimum brand guidelines remain with the project, scholar, or unit. Content on Category 2 sites is subject to the universal content standards in these procedures (see Content). Intellectual property in the underlying scholarship, creative work, research data, and instructional content remains governed by the relevant IP, research, and academic freedom policies. 

Category 3 — Procedurally Excluded 

Sites operating under UO-affiliated domains that the university has limited operational control over, typically because they are operated by a third-party vendor or built on a platform UO cannot modify. These sites are listed individually in the Currently Excluded Sites section below. 

Excluded sites remain subject to universal standards where platform configuration permits. The Web Governance Board sets the specific scope of each exclusion. 

Category 4 — Off-Domain Affiliated Projects 

Some projects — particularly multi-institutional consortia, federally funded research initiatives where UO is one of several partners, and experimental research platforms — should not operate under uoregon.edu. The university assists with registration of an appropriate third-party domain and external hosting, and these sites are not in scope for this policy. 

University Communications and Information Services maintain a referral process for projects that meet these criteria.

Standards by Category 

Brand

 

category 1

category 2

category 3

University Wordmark

Required, full lockup

Required, minimum lockup acceptable

Where platform configuration permits

UO color palette

Required

Recommended; project palette permitted above floor

Where platform configuration permits

Standard footer

Required 

Required 

Where platform configuration permits 

Standard identity bar 

Required 

Required 

Where platform configuration permits 

UO tone and editorial standards

Required 

Recommended

N/A

The standard identity bar is a small bar along the top of the site that identifies it as a UO site and indicates its type (e.g., academic department, research lab, faculty page). It is designed to add institutional context without interfering with the site's design or layout, which is why it applies across both Category 1 and Category 2.

The guidelines for Category 2 are intended to make UO affiliation clearly visible to a visitor within the first viewport, without imposing visual constraints that would compromise scholarly or project identity. 

Accessibility 

All in-scope sites must comply with the Information and Communications Technology Accessibility Policy and its accompanying procedure, which establish WCAG 2.1 AA as the university's standard and govern implementation, exceptions, and remediation. The ICT Accessibility Program is the operational authority. 

Security 

All in-scope sites must comply with the Information Security Program and the data classification, privacy, and platform standards it establishes. Information Services is the operational authority. 

Hosting 

In-scope sites must be hosted on platforms approved by Information Services in coordination with the Web Governance Board. Currently approved platforms include: 

  • UO Drupal Hosting (for sites requiring extensibility and custom development) 
  • UO Blogs / WordPress (for standard sites; preferred default for most Category 1 and 2 sites) 
  • UO Pages (for static content and archived projects) 
  • Other platforms specifically approved in writing for a defined purpose 

Approved platforms include minimum brand guidelines (logo, name, identity bar) in their templates. Sites built on approved platforms satisfy the minimum brand guidelines through the platform itself; no individual action is required of stewards or content creators., unless they modify the template or configuration in a way that removes or obscures those elements. 

Websites requiring specialized infrastructure follow the exception process below. Where the underlying tool is a web application rather than a website, the policy does not apply, and Information Services provides appropriate research infrastructure options separately. 

Private hosting — including personal servers, departmental hardware outside sponsored environments, and unapproved third-party platforms — is not permitted for in-scope sites. 

Site Intake (Future) 

Before site provisioning, units would benefit from a brief intake conversation that determines site category, appropriate hosting platform, anticipated exceptions, and steward designation. The intent is to surface category and infrastructure questions at the start of a project rather than after a site is built, and to direct units to the right resources within existing policy and procedure. 

The Web Governance Board is charged with defining and recommending the specifics of a site intake process — including who conducts intake, when it is required, what it covers, and how it interacts with existing procurement and provisioning workflows. Intake is intended to be advisory, not a decisional gate. 

Content 

The following content prohibitions apply to all sites associated with the University of Oregon, including sites otherwise excluded from this policy's scope. In addition to the editorial standards in the Oregon Brand Guide, no site associated with the University of Oregon may include: 

  • Content that implies or promotes endorsement of a political candidate or ballot measure by the university, unless officially sanctioned by the Board of Trustees 
  • Copyrighted content without legal authorization 
  • Advertising for outside products or services, unless under a direct written agreement with the university 
  • Defamatory content, or other speech that violates university policy (e.g., discriminatory content, true threats) 

Content reflecting an individual’s academic, research, or instructional role — including content protected under academic freedom — is permitted on Category 2 sites and remains subject to applicable university policies. 

Fundraising Content 

All donation-related content on in-scope sites must be coordinated with or approved by University Advancement. Donation-related content includes solicitations, giving links and forms, named gift opportunities, and content describing university campaigns or programs supported by philanthropic funding. 

Fundraising efforts that are not coordinated with University Advancement may be removed. 

Currently Excluded Sites

The following sites are excluded from specific provisions of the University Websites Policy. The Web Governance Board maintains and updates this list.

Site             

reason for exclusion

Provisions Excluded

goducks.com                      

Commercial site managed by third-party athletic vendor; UO lacks operational control over platform

Brand alignment, accessibility remediation, source code standards, hosting requirements

Additions and removals are decided by the Office of University Communications on advisory recommendation from the Web Governance Board.

Web Governance Board

Purpose

Initial decisions on exception requests, enforcement actions, and operational matters are made by the responsible university units within their domains of authority: University Communications for brand and editorial standards; Information Services for hosting, security, and technical standards; the Office of General Counsel for legal matters; University Advancement for fundraising standards; and other units as their authority applies.

The Web Governance Board reviews appeals of those decisions and advises university executives on how to proceed. The Board is advisory. Decisional authority on appeals rests with the appropriate university executive, not with the Board itself.

The Board also reviews and advises on updates to these procedures, additions to the Currently Excluded Sites list, and other matters referred to it by University Communications.

Composition

The Board includes representatives from:

  • Office of University Communications (chair)
  • Office of the Provost
  • Office of the President
  • Information Services
  • Office of General Counsel
  • Office of the Vice President for Research and Innovation
  • Faculty representative
  • Student representative

Operations

The Board meets at least quarterly. Meeting cadence, agenda setting, and recordkeeping are managed by the chair. The Board produces a written advisory recommendation on each matter brought before it.

Domain Authority Summary

The following table summarizes which unit holds first-round decisional authority for common categories of decisions under this policy. The Web Governance Board reviews appeals and advises the appropriate VP, who issues the final decision. Matters appropriate for presidential review follow the same path and conclude with the President.

decision area

Initial authority

Advisory consultation

Appeals path

Brand, editorial, voice

University Communications

Web Governance Board

Web Governance Board → VP for Communications

Hosting platform, security, technical standards

Information Services

Web Governance Board

Web Governance Board → VP for Information Services

Domain naming, subdomain requests

University Communications

Information Services

Web Governance Board → VP for Communications

Exception requests (within established categories)

Responsible unit by domain

Web Governance Board → appropriate VP

Exception requests (novel or precedent-setting)

Responsible unit by domain

Web Governance Board

Web Governance Board → appropriate VP

Legal interpretation, policy conflicts

Office of General Counsel

Web Governance Board

Web Governance Board → General Counsel → President

Fundraising activities

University Advancement

University Communications

Web Governance Board → VP for Advancement

Site deactivation (compliance)

Responsible unit

Web Governance Board

Web Governance Board → appropriate VP

Outsourcing / vendor approval

University Communications, Information Services, Purchasing

Web Governance Board

Web Governance Board → appropriate VP

Site Stewardship

Web Steward Role

Every in-scope site has a designated Web Steward — a current full-time UO staff or faculty member who:

  • Oversees daily technical and editorial standards for the site
  • Completes the annual compliance attestation
  • Receives automated scanning reports and addresses identified issues within set timelines
  • Serves as the primary contact for the site within the unit
  • Coordinates with unit Content Creators

A Web Steward may be responsible for multiple sites. The number of sites a single steward can reasonably oversee depends on site complexity and the steward’s available time; Web Trustees are responsible for ensuring adequate stewardship coverage in their portfolios.

Stewardship is best-effort. Stewards aren’t personally liable for the institution’s overall compliance posture. A Web Trustee may be asked to reassign stewardship if a steward is unable to maintain effective oversight.

Annual Attestation

Each Web Steward completes an annual compliance attestation, which confirms:

  • The site remains active and serves a current institutional purpose
  • Content is current and accurate
  • The site meets applicable brand, accessibility, and security standards
  • Outdated content has been archived or removed per the records retention schedule
  • The steward is still in the role; if not, a replacement has been designated

Inactivity and Deactivation

Sites without an active Web Steward, or sites that fail to receive an annual attestation within 60 days of the due date, are subject to deactivation. The site’s Web Trustee is notified at 30 days, 60 days, and 90 days. After 90 days, the site is archived and may be removed from publication.

Sites that have not been accessed in two years may also be reviewed for deactivation. Notice is provided to the site’s steward at least 90 days in advance. Site owners may request an exception.

Training

The Office of University Communications, in coordination with Information Services and the ICT Accessibility Program, maintains required training for Web Stewards covering brand standards, accessibility requirements, security expectations, content standards, and the attestation process. Web Stewards complete initial training within 90 days of designation and refresher training annually.

Web Stewards are responsible for ensuring that Content Creators within their portfolio are familiar with applicable standards before being granted editing access. The annual attestation includes confirmation that this orientation has occurred.

Domain Governance

Approved Use

The uoregon.edu and oregon.edu domains, and any university-affiliated subdomains, are reserved for official university use as described in the policy and in these procedures.

Subdomain Requests

Subdomain requests for websites are submitted to Information Services for technical handling and reviewed by the Office of University Communications, which holds approval authority for website subdomains on uoregon.edu. The Web Governance Board may provide advisory consultation on requests that establish precedent or warrant cross-unit review.

For subdomains intended for web applications or other non-website purposes, Information Services holds approval authority and University Communications provides advisory consultation.

Approval criteria for website subdomains include:

  • The site serves a clear institutional purpose
  • The subdomain fits the university's information architecture and subdomain strategies
  • The subdomain supports findability (clear naming, search engine appropriateness)
  • The subdomain follows university naming conventions
  • The requesting unit has identified a Web Steward and Web Trustee
  • The site will be hosted on an approved platform

Vanity URLs and Redirects

Vanity URLs (e.g., uoregon.edu/example) and redirects are tools for short, memorable, or campaign-specific links. They are governed as follows:

  • Vanity URLs are created and maintained by Information Services
  • Redirects from uoregon.edu domains and subdomains to non-UO destinations require approval and must serve a documented institutional purpose
  • The university retains the right to remove or disable redirects that obscure the nature of the destination, attempt to bypass this policy, or otherwise present institutional risk
  • Vanity URLs and redirects are reviewed periodically for continued relevance

Third-Party Domains

Use of non-uoregon.edu domains (such as .org or .com) for university work requires approval from University Communications and Information Services, on advisory review by the Web Governance Board. Such approvals are typically reserved for multi-institutional consortia, externally branded initiatives that pre-date UO involvement, or projects where a non-UO domain better serves the audience.

University funds may not be used to purchase or maintain unapproved domains.

Off-Domain Projects

Some projects — particularly multi-institutional consortia and experimental research initiatives — should not operate on uoregon.edu at all. University Communications and Information Services maintain a referral process for these cases.

Outsourcing and Third-Party Vendors

External vendors may not design, host, or maintain in-scope UO websites without prior review.

The Approved Vendor List for web services is maintained by Purchasing and Contract Services, in coordination with University Communications and Information Services. Units may select from the list without additional vendor approval; the specific scope of work follows standard university purchasing procedures.

For specialized needs not served by the Approved Vendor List, the unit submits the proposed vendor and scope of work to Purchasing and Contract Services for review. If the vendor meets the criteria below, they are added to the list and the engagement proceeds. The Web Governance Board reviews requests where the vendor proposes work outside standard categories.

The Approved Vendor List is reviewed and updated regularly. Criteria for inclusion:

  • Demonstrated capability with university web standards
  • Compliance with UO accessibility, security, and brand requirements
  • Reasonable terms for university procurement

All vendors working on in-scope sites — whether on the Approved Vendor List or engaged under an exception — must follow this policy and these procedures. Work that does not comply with university accessibility, security, brand, or governance standards must be remediated by the vendor at their own expense.

Vendor relationships in place when this policy takes effect are reviewed during the 18 months and either confirmed, brought into compliance, or transitioned.

Files

Downloadable files (PDFs, Word documents, presentations, spreadsheets) made available on in-scope sites are governed by:

Web Stewards are responsible for ensuring files on their sites comply with both. Accessibility enforcement is governed by the ICT Accessibility Procedure.

Exception Process

General Process

An exception to any provision of these procedures may be requested by submitting a written request to the responsible university unit (University Communications for brand/editorial matters, Information Services for hosting/technical matters, and so on, as detailed in the Domain Authority Summary). Requests are typically routed through the unit's Web Steward, but may be submitted directly by any faculty, staff, student, or affiliated party with a stake in the matter. The responsible unit issues the decision in writing.

Exception requests include:

  • The provision being requested for exception
  • The reason the standard cannot be met
  • The proposed alternative approach
  • The duration of the exception (permanent or time-bound)
  • The Web Trustee’s endorsement

Common Exception Categories

  • Brand exceptions — for projects with established external brand identity or specific audience needs
  • Hosting exceptions — for sites requiring specialized infrastructure not provided by approved platforms
  • Domain exceptions — for use of third-party domains
  • Accessibility timeline exceptions — for sites requiring extended remediation periods
  • Legacy site exceptions — for sites pre-dating this policy that require defined transition periods

Questions regarding Academic Freedom and Other Substantive Policies

When a content question on an in-scope site raises a potential conflict with Academic Freedom, Freedom of Inquiry, and Free Speech Policy (or another substantive policy), the matter is referred to the Office of General Counsel for determine whether the content or proposed action is consistent with that policy. The Office of University Communications and the responsible unit follow that determination.

A faculty member, steward, or unit may appeal General Counsel’s determination through the appeals process. The Web Governance Board reviews the appeal and advises the appropriate university executive, who issues the final decision.

Appeals

Initial decisions made under these procedures may be appealed to the Web Governance Board. The Board reviews the appeal and provides an advisory recommendation to the appropriate university executive, who issues the final decision. Appeals include the original decision, the basis for appeal, and any new information not previously considered.

Monitoring, Sanctions, and Appeals

Monitoring

The Office of University Communications, in coordination with Information Services, monitors compliance through:

  • Automated accessibility, security, and broken-link scanning
  • Annual Web Steward attestations
  • Periodic review of new and updated sites
  • Response to reported issues

An inventory of in-scope sites is maintained jointly by the Office of University Communications and Information Services. The inventory is updated through Web Steward attestations, automated scanning, subdomain registration, and periodic discovery efforts. Sites identified after the initial inventory are added on discovery.

Sanctions

Non-compliance with the policy or these procedures may result in:

  • Required remediation within a specified timeline
  • Temporary removal of content
  • Revocation of access to university website systems
  • Disabling of the website, individual pages, or domain mapping
  • Referral to the relevant Vice President or Dean
  • Required completion of training before editing access is restored
  • Required reduction of site size or remediation of resource consumption issues
  • Required review and removal of outdated or unused content

Sanctions are proportionate to the issue and applied after notice to the Web Steward and Web Trustee, except in cases of immediate demonstrable university risk (active security breach, legal exposure, etc.) where temporary action may precede notice.

Appeals

Sanctions may be appealed via the same process as exception decisions: the Web Governance Board reviews the appeal and advises the appropriate university executive, who issues the final decision.

Transition Period for Existing Sites

For sites in operation when this policy and these procedures take effect, the following transition periods apply:

  • Universal Baseline Standards (accessibility, security, privacy, brand guidelines): Sites must come into compliance within 18 months of policy adoption, or on a remediation timeline established with the responsible unit, whichever is later.
  • Hosting on approved platforms: Sites currently hosted outside approved platforms must either migrate or receive a hosting exception within 18 months of policy adoption.
  • Vendor relationships: Existing vendor relationships are reviewed during the 18 months and either confirmed, brought into compliance, or transitioned.

During the transition period, sites are not subject to deactivation for non-compliance with new requirements unless they present demonstrable university risk (active security breach, legal exposure, or similar). The university will work in good faith with units to develop reasonable remediation paths.

Edge Cases

The following edge cases reflect common questions and the current operational approach. The Web Governance Board may update these guidelines as patterns emerge.

Faculty Sites

  • Faculty profile pages on department or college sites → Category 1 (site speaks for the unit)
  • Faculty professional pages at faculty-specific URLs → Category 2 (faculty voice, minimum brand guidelines apply)

Research Labs and Centers

  • Centers and labs that primarily describe and represent the unit → Category 1
  • Centers and labs whose sites primarily present scholarly output → Category 2
  • Lab and project sites mixing both → Category 2 by default; the site’s primary purpose determines tier
  • Visible UO affiliation is required regardless of category; minimum brand guidelines apply

Research Projects

  • UO-led research projects → Category 2; minimum brand guidelines + IP/research policies govern content
  • Multi-institutional consortia and externally branded research initiatives → Category 4; consult University Communications for off-domain registration
  • Grant-funded projects requiring specialized infrastructure → Hosted on appropriate research computing platforms; the website portion follows Category 2 standards

Student Work and Organizations

  • Student portfolios required for coursework (e.g., ENG 250 on UO Blogs) → Category 2; brand guidelines apply, IP remains with the student per UO Policy II.07.02
  • Student-edited academic journals and publications → Category 2
  • Official student government (including ASUO’s uoregon.edu site) → Category 2; the university retains less direct authority over student-government editorial decisions, while baseline accessibility and security still apply

Faculty Personal Use

  • Faculty personal blogs on UO Blogs within the Acceptable Use Policy → Category 2; minimum brand guidelines and universal standards apply, content is the faculty member’s
  • Emeritus faculty sites → Category 2; subject to archival status/review under the inactivity provisions in Site Stewardship

Conferences and Events

  • Conferences hosted and produced by UO units → Category 1
  • Academic conferences UO is hosting once or co-hosting → Category 4 typically; the conference is its own entity. Universal Baseline Standards apply where the site uses UO infrastructure.

Partnerships

  • Partnership sites where UO is the primary host and represents UO’s involvement → Category 1 or 2 depending on voice
  • Co-equal partnerships that could be hosted by either institution → Category 2 or 4; governance defined by the partnership agreement

Definitions

  • Web Trustee—Vice President or Dean holding ultimate accountability for the digital compliance of their portfolio. A Web Trustee may be asked to reassign stewardship if a steward is unable to maintain effective oversight.
  • Web Steward — Full-time UO staff or faculty member designated by a Web Trustee to oversee daily technical and editorial standards for one or more sites. Stewardship is a best-effort responsibility.
  • Content Creator —Staff, faculty, or student responsible for day-to-day content creation and maintenance.
  • Website—A public-facing digital communication channel whose primary purpose is conveying information to a reader.
  • Web Application—A software system whose primary value is interactive functionality, data processing, or computation.
  • Minimum Brand Guidelines—The minimum level of visible UO affiliation required on a site, intended to make university affiliation clearly visible without constraining the site’s primary visual identity.
  • Site Category—One of four categorizations (Institutional Voice, Affiliated Voice, Procedurally Excluded, Off-Domain Affiliated Projects) used to determine which standards apply.
  • In-Scope Site—A site to which the University Websites Policy applies, as defined in the policy’s Scope section.