University Website Policy
Policy Number: 9.1.11
Category: Information Technology
Effective Date: 08/01/2026
Owner: Marketing + Communications, Office of Information Security
Policy Applicable for: Faculty, Staff, Third Parties, Students
Responsible Office: Marketing + Communications, Office of Information Security
Scope
This Website Policy (the “Policy”) applies to all University of Cincinnati (the “University”) faculty, staff, students, and Registered Student Organizations, and third parties acting as a representative of the University.
Notwithstanding anything to the contrary, this Policy does not apply to the University of Cincinnati Foundation.
Definitions
Administrative Unit: Any University department that is separate from a college (e.g. Department of Athletics, Central Human Resources, Student Affairs, etc.).
Domain: The name you type into the address bar to get to a website (e.g. uc.edu; google.com; Wikipedia.org).
University Website: Any website that is created by, operated by, or appears to be endorsed by or affiliated with the University. This includes, but is not limited to, websites for academic units, administrative offices, Registered Student Organizations, and centers and institutes.
Web hosting: A service that provides a place for a website to live so people can visit it online. This place can be set up in different ways: shared server, virtual private server, dedicated server, the cloud, or owned hardware.
Policy
All websites must comply with University rules and policies, including University brand standards, accessibility requirements, and security requirements. All information published on a public Internet-facing website should be limited to information classified as “Public” in the UC Data Governance and Classification Policy.
A request for a new University Website may be made to Marketing + Communications.
The domain associated with a University Website must be owned solely by the University.
A University Website must be housed by University-owned web hosting services. However, if existing University-owned web hosting services will not meet the substantive needs of the College or Administrative Unit, an exemption request may be submitted to the Office of Information Security, outlining the need to use a third-party web hosting service.
The Office of Information Security may grant the exemption only if
(i) existing University-owned web hosting services will not meet the substantive needs of the College or Administrative Unit;
(ii) the third-party web hosting services vendor has passed the Information Security Review process per the Information Security Review Policy (Policy 9.1.27);
(iii) the proposed site is reviewed by Marketing + Communications pursuant to its Web Governance Protocol; and
(iv) the University has entered a properly executed contract with the web hosting service, wherein the University maintains exclusive control over the University Website, including the right to transfer the University Website to the University at any time without additional fees.
A Registered Student Organization may not request an exemption from this Policy.
Violations
Violations of this Policy may result in the removal of the unauthorized website and, if appropriate, employee discipline, up to and including termination. Students and Registered Student Organizations who violate this Policy may be subject to discipline in accordance with the Student Code of Conduct. A third party who violates this Policy may be subject to the cancellation of any contract with the University, and other appropriate action as determined in the sole discretion of the University.