Information Technology

Chico State Web Governance Policy

1. Purpose

The purpose of this administrative policy is to define a unified web policy that all University and University-affiliated websites shall follow regarding web standards, branding, accessibility, security, maintenance, compliance, and enforcement.

This policy references existing Chico State, CSU system, California, and federal policies/laws that guide our responsibilities in the areas of accessibility, security, and branding. This Web Governance Policy is designed to clearly outline the processes and workflows around those areas that will be followed at Chico State. 

This policy ensures visitors to the Chico State web environment will

  • know where they are through a consistent visual experience;
  • be able to navigate to University information and services quickly, easily, and without barriers;
  • know what to expect from their interactions across the campus web;
  • find accurate, up-to-date content that adds value and meets their needs;
  • have an inclusive and accessible experience; and
  • be able to trust that their data will be handled securely.

2. Scope

The policies in this document apply to everything within the Chico State web environment. This includes any website or web app affiliated with the University or where University business is conducted, including the websites of all campus divisions and other administrative units, all University affiliates, faculty, staff, students, and third-party vendors. This does not include websites used for instruction or other instructional materials, including those in the current learning management system, which are addressed by EM 21-029.

3. Roles and Responsibilities

3.1 Vice Presidents and Deans

Vice Presidents and Deans are responsible for implementing the requirements of this policy and ensuring organizational buy‐in of its concepts for all functional units, as well as verifying that adequate procedures are in place to ensure web compliance and uniformity.

3.2 Website Owners

Website owners are responsible for providing assurance that all website procedures have been socialized among their staff responsible for implementing website changes (“site maintainers”). Website owners (the MPP(s) overseeing the primary department associated with a website) will ensure that development, implementation, and maintenance activities abide by web standards found in this document, as well as ensuring site maintainers remain current on relevant trainings such as web accessibility and general best practices. Website owners will be responsible for responding to issues that may arise from standards or accessibility findings.

3.3 Web Accessibility and Compliance Committee

The Web Accessibility and Compliance Committee is responsible for periodically assessing websites for potential risk or compliance concerns and reporting those concerns to the appropriate website owner or senior manager. This committee also reviews requests for exemptions from this policy and makes recommendation to the Information Technology Executive Committee (or designee) for decision.

3.3 (A) Web Accessibility and Compliance Committee Membership

The Web Accessibility and Compliance Committee membership shall include:

  • Voting member from the Office of Accessible Technology Services
  • Voting member from Information Security
  • Voting member from Web Services
  • Voting member from University Communications
  • Voting member from Application Development Services
  • Voting member from an auxiliary such as Chico State Enterprises or Associated Students
  • Two voting faculty members
  • Non-voting faculty or staff subject matter experts called upon as relevant

4. University Web Standard

Official University websites shall be managed within the campus Web Content Management System (WCMS) and are required to meet standards of required information; security; accessibility; information architecture and usability; site content; and visual identity. The campus WCMS provides a framework that meets these standards and facilitates site maintenance while providing for centralized management and support.

4.1 Required Information

All University websites shall contain the following information: current copyright information, contact link, and reporting mechanism for accessibility issues (link or email) or a link to the campus accessibility statement. In addition, all sites shall include an analytics script (such as Google Analytics) provided by the University.

4.2 Security

All University websites are required to meet CSU Information Security Policy standards. This applies to all CSU applications and web environments which are considered mission-critical systems, access-protected level 1 information or access protected level 2 information, and are accessible from the Internet, or provide an official public campus service or presence. Application and web development environments must comply with CSU and University standards and procedures as outlined in CSU Policy 8070.S000.

4.3 Accessibility

All University websites are required to be accessible to individuals with disabilities, conforming to Section 508 Standards and Section 255 Guidelines of the Rehabilitation Act of 1973 and the California State University Executive Order 1111, as well as any other relevant laws or policies.

4.4 Site Structure, Information Architecture, and Usability

The official University site structure, branding, and navigation are defined by the campus WCMS standard framework and shall not be altered.

The organization of information within the website shall be clear, current, easily understood, and comply with campus information architecture standards. The navigation must be logical and free of broken links.

Principles of inclusive web design should be implemented on all campus sites. This includes following best practices for usability, using inclusive language, and considering issues such as literacy levels and bandwidth restrictions

4.5 Site Content

Site content shall be factually correct, use the University Writing Style as directed in EM 02-96, and meet University branding, identity, use standards outlined at All content, including text, images, and media, shall abide by all copyright laws and accessibility requirements.

The WCMS is not a file storage solution. Photo and document files such as images, PDFs, PowerPoint, etc. not actively linked on a website are considered archival and shall not be hosted within the WCMS. Videos shall be hosted on campus solutions (such as Kaltura MediaSpace) or on third-party services such as YouTube.

Embedded tools, forms, players, and other non-standard page elements must also comply with the University Web Standard.

4.6 Visual Identity

All sites must comply with the University’s visual brand and use standards, including official logos, color palettes, and typography, as outlined by University Communications’ brand guidelines. University marks or brand may not be recreated or used on any website that does not meet the University Web Standard.

4.7 Privacy

Third-party trackers and analytics software (e.g., Google Analytics, Facebook Conversion Tracking, etc.) must not collect Personal Identifiable Information (PII). Unless excepted, services must be configured to anonymize IP addresses if such an option exists. All requests for the inclusion of tracking and analytics on University websites are subject to review by the Web Accessibility and Compliance Committee.

The use of services that facilitate the execution of arbitrary code (e.g., Google Tag Manager) is prohibited on University websites unless excepted by the Web Accessibility and Compliance Committee.

5. Requirements for Adoption of the University Web Standard

All colleges, divisions, administrative units, departments, programs, institutes, and centers are required to adopt the University Web Standard or follow the exemption process unless otherwise noted in Section 5.

5.1 Consulting Units

All Chico State consulting units such as auxiliaries, foundations, institutes, and centers are required to adopt the University Web Standards or follow the exemption process.

5.2 Athletics

Athletics websites shall comply with the brand and graphics standards as related to University naming conventions and logo usage as defined by University Communications’ brand guidelines. Web accessibility and security requirements are enforced for all websites.

5.3 Meriam Library

The Library is required to adopt the University Web Standards or follow the exemption process.

5.4 Student Organization Websites

Student organizations are not accommodated within the WCMS and should use the appropriate official site hosting solution designated by Student Life and Leadership’s Organization Policies and Procedures.

5.5 Faculty Websites

Faculty are required to follow the Chico State Policy for the Use of Digital Technologies in Teaching and Learning (EM 21-029) regarding instructional materials and meet University Web Standards for accessibility and security requirements. They are not required to follow University branding requirements or be managed within the WCMS.

5.6 Personalized Professional Sites

Sites using the University-provided hosting solution(s) (such as YourWeb) for individuals needing personalized, professionally related websites or digital learning laboratories must follow the designated user agreement, which includes University Web Standards for security and accessibility. They are not required to follow University branding requirements or be managed within the WCMS.

5.7 Chico State Web Hosting Sites

The University provides hosting services for department websites and others doing University business that cannot be accommodated in the WCMS for functionality or branding reasons. All Chico State Web Hosting sites are required to adopt the University Web Standards or follow the exemption process.

5.8 University-Created Web Applications

University-created applications are not hosted in the WCMS but must comply with all University Web Standards and application standards, including use of standard site structure and branding.

5.9 Third-Party Websites and Applications

Third-party websites and applications shall meet University Web Standards when used for University business and must be approved through the IT Procurement Review Process. Third-party applications must meet University Web Standards for accessibility and security and comply with campus branding standards to the extent possible. Third-party applications not under direct control of University personnel shall be managed in accordance with the CSU Information Security Policy on Managing Third Parties (EO 08040).

5.11 University-Affiliated Sites

Websites and web applications affiliated with campus that are not conducting official University business, such as those associated with grant-funded projects or contracts with outside organizations, shall comply with the brand and graphics standards as related to University naming conventions and logo usage as defined by University Communications’ brand guidelines. Web accessibility and security requirements are enforced for all websites.

6. Hosting and Domains

Websites conducting official University business shall be managed within the WCMS under the domain. Colleges, divisions, administrative units, departments, programs, institutes, and centers are not permitted to host official campus websites on private web servers without following the exemptions process.

Schools, colleges, divisions, administrative units, departments, programs, institutes, and centers requesting external hosting must go through the IT Procurement Review Process, which includes review by a representative of the Web Accessibility and Compliance Committee.

7. Advertising and Sponsorships

Commercial advertising is prohibited on websites conducting University business except as outlined in the Time, Place and Manner Policy (EM 20-006).

Sponsorship acknowledgements and/or links to outside commercial sites for sponsorship purposes, and/or sites built with grant or external funding that require source branding as a granting condition, are permitted. In these cases, sponsorship logos are permitted as long as the logo is displayed smaller than the University logo on the site.

8. Linking to External Sites

Content (websites, web apps, social media, etc.) linked from sites conducting official University business should meet accessibility and security standards. Links to non-Chico State sites should be used sparingly and for an essential purpose and checked regularly.

9. Maintenance and Enforcement

Each school, college, division, administrative unit, department, program, institute and center, and auxiliary is responsible for maintaining functional sites with up-to-date content that comply with all University standards.

The Web Accessibility and Compliance Committee will monitor sites for compliance with the University Web Standard. The owners of non-compliant sites will be notified by the Committee (or designee), and the appropriate office to address the violation (e.g. University Communications, Information Security, etc.) will work with the site owner to develop a plan to bring the site into compliance. If non-compliance persists, sites may be temporarily disabled by Web Services while the site owners work to bring sites back into compliance. The affected sites will be restored upon proof of compliance.

Web Services reserves the right to modify sites within the campus WCMS for maintenance purposes without notification of the site owner or site maintainers. Site owners will be notified, and consulted as appropriate, prior to substantive changes such as changes to navigation or site architecture.

10. Exemptions

Where compliance with this policy is not technically possible or may require extraordinary measures due to the nature or intent of the website, or when using emerging technologies, exceptions to University Web Standards may be granted. Requests for exemption cannot be based on issues of cost or time alone.

10.1 Exemption Process

A formal request for exemption from any area of the University Web Standard must be submitted via service ticket and include detailed rationale for non-compliance prior to developing or publicly launching a non-compliant site.

Requests will be reviewed in a timely manner on a case-by-case basis by the Web Accessibility and Compliance Committee (WACC) who will work with the requestor to obtain any additional documentation or information needed to consider the request. WACC will provide a recommendation for granting or rejecting the request to the Information Technology Executive Committee, or designee, who ultimately decide whether an exemption will be granted, rejected, or granted conditionally. Conditional exemptions may be granted where the requestor agrees to relevant modifications on a specific timeline to be reviewed by WACC for compliance. A rationale for the exemption ruling will be provided along with the decision.

Exemption requests related to accessibility requirements shall include a description of an Equally Effective Alternate Access Plan as defined by the Accessibility Technology Initiative (ATI) Coded Memoranda. If the accessibility exemption request is approved in conformance to CSU policy, a timeline shall be determined for the provision of the alternate form of access.

Exemptions are not permanent and will be reviewed on an annual basis.

10.2 Appeals

If a request for exemption is denied by the Information Technology Executive Committee or designee, the requestor may consider the rationale for rejection and submit a new request that addresses and mitigates relevant concerns. This request will follow the same review process.


Security Policies

Accessibility Policies

Relevant University Policies and Guidelines

Frequently Asked Questions