Skip to main content

Service Agreement

This is the "fine print" for your website.

Background

Web Publishing is a managed WordPress service for individuals, departments, and organizations at NC State.

Your Responsibilities

As the individual or entity that has registered this website, you are responsible for:

  • Renewing your website on an annual basis and, where applicable, paying service fees. If you do not renew your website within 30 days of receiving a renewal notification, your website may be removed from the Web Publishing service.
  • Selecting the individuals at NC State who should have decision-making authority for your website; providing OIT with their names and contact information; and updating that information whenever it changes. Decision-making authority may include:
    • Annual renewals
    • Changes to service level and billing information (as applicable)
    • Requests to make a website live or archive a website
  • As applicable, receiving approval for use of any third-level, fourth-level, or non-NCSU domains.
    • If this website uses a non-NCSU domain, you are also responsible for:
  • Manage the users who have access to edit your web content, and assign appropriate user roles.
  • Creating the content of your website, adding users responsible for creating content, and removing objectionable content as needed. Content on your website includes:
    • Text
    • Images
    • Videos
    • Other media files (eg. PDF documents)
    • Navigation menus
    • Comments or other user-submitted information

Web Content

You are responsible for the content stored within your website, as well as any content requested by and displayed on your website (eg. an embedded YouTube video). In particular, you are responsible for ensuring that the content on your website:

  • Follows any applicable state and federal laws. This includes (but is not limited to) FERPA, HIPAA, GLB, ECPA, and CFAA.
  • Follows any applicable University policies, rules, and regulations. In particular, you must adhere to the University’s Computer Use Regulation and the University’s Data Management Procedures Regulation. No purple or red data may be stored in your website.
  • Follows any community standards and expectations articulated by the University.
  • Is accessible to all users, particularly those with disabilities. Your content must adhere to WCAG 2.1 AA standards or better. (Contact the IT Accessibility Office for additional information.)
  • Is material that you are permitted to distribute. You are responsible for responding in a timely manner to any requests for removal of copyrighted material.

If your website represents a University unit or otherwise exists to conduct official University business, you must adhere to the University’s branding guidelines or have permission from University Communications to deviate from those guidelines.

Media Library

Your website has a quota of 5 GB for media uploads, with additional storage available in 10 GB increments for $36/year. (See Costs below.) Supported file types that may be uploaded to your website’s Media Library include:

  • Images (.jpg, .jpeg, .png, and .gif)
  • PDFs (.pdf)
  • Productivity suite files, eg. from Microsoft Office programs (.doc, .docx, .odt, .ppt, .pptx, .pps, .ppsx, .key .xls, .xlsx, and .csv)

Additional file types may be enabled on a per-site basis as required by your business process and after review by OIT. In general, audio and video files should not be hosted in Web Publishing and should instead be uploaded to another service.

Personal Information

Your website must adhere to the University’s privacy statement. Under the University’s Data Management Procedures Regulation, no purple or red data may be stored in your website.

When collecting information from your users (via form submissions, automated scripts, or other methods), you are expected to practice data minimization. Only collect the information required to fulfill your operational needs. Do not collect information that you do not need and do not store data you will not use.

You are responsible for responding in a timely manner to any requests related to personal information. This includes requests for removal of personal information from your website or systems connected to your website.

User Management

When adding and managing users to your website, you are expected to practice the Principle of Least Privilege. In particular, you should only grant the Administrator role to users who must complete tasks on your website that require Administrator-level privileges.

Users outside of the NC State community may be added to your website. However, OIT and the NC State Help Desk will not guarantee support for users who do not have an active Unity ID.

Payment Processing

The Web Publishing service is NOT PCI-compliant. You are not permitted to accept, receive, or transmit any sort of payment card information through this service, nor may your site link or transmit information to a payment processor.

If you need to accept payment card information for any purpose, you are required to contact NC State Merchant Services (merchantservices@ncsu.edu) to arrange for the use of the University’s e-storefront service or other Merchant Services-approved options.

Custom Code

At some service levels, you may be permitted to activate themes and plugins that have been selected, purchased, or written by you.

These themes and plugins will undergo a code review prior to installation in the Web Publishing service. However, you are still responsible for ensuring that this custom code:

  • Does not introduce security vulnerabilities.
  • Complies with WCAG 2.1 AA or better.
  • Does not consume excessive system resources, have a “run-away script,” or otherwise “misbehave” in a way that jeopardizes the operation of the Web Publishing service.
  • Does not depend on “freezing” versions of WordPress or other themes and plugins (eg. code that works with WordPress version 5.5 but breaks at version 5.6 or higher).
    • If updates to WordPress or other themes and plugins break functionality in your custom code, you are responsible for fixing that code in a timely manner or discontinuing your use of that code.
  • Is properly licensed. Unlicensed code, or code whose license has lapsed, will be removed from the Web Publishing service.

Additionally, themes and plugins may not be used to operate your website as a course management service or a mail hosting service.

The Web Publishing service does not support stand-alone applications outside of WordPress. Only WordPress themes and plugins are permitted.

Non-Compliance

Failure to fulfill your responsibilities may result in the temporary or permanent removal of your website from the Web Publishing service. OIT may temporarily suspend your website while investigating complaints related to your website.

OIT is not required to provide notice that a website has been removed, but will make a good faith effort to do so in a timely manner.

OIT’s Responsibilities

OIT is responsible for:

  • Maintaining stable web hosting with minimal interruptions to service.
  • Managing the WordPress application, including timely installation of updates to core installation files, themes, and plugins.
  • Providing timely responses to questions, support tickets, and bug reports.
  • Communicating with you about changes to the service and your website, including annual renewals.
  • Creating backups of your website for disaster recovery. (Backups may be restored only for disaster recovery, not for accidental deletions of content.)
  • As needed, providing a temporary URL while building a website prior to launch.
  • Managing all DNS configuration for your domain.
  • Installing and maintaining SSL certificates for your hosted domain.

Incident Response

OIT is responsible for responding to incidents in which your website has been compromised, eg. hacking or content defacement. This response includes:

  • The site will be immediately disabled from access by/to the Internet.
  • User login credentials may be suspended for the Web Publishing service.
  • In consultation with OIT Security and Compliance, OIT Web Services Staff will begin attempting restoration and remediation of the affected account(s). This will likely take more than one business day to complete.
  • In the case of security issues the site and account will only be reactivated upon approval by OIT’s Security & Compliance Unit that confidential and/or sensitive information has been removed and associated applications hosted on this service have been disabled or remediated.

For reporting and help with security incidents please contact OIT’s Security & Compliance and follow the Cybersecurity Incident Response Procedure.

OIT reserves the right to charge the owning unit for staff hours required to repair and/or remediate accounts that have been hacked, or are in violation of terms.

Costs

Web Publishing supports the following service levels:

  • Free
  • Standard
    • Annual Total: $337 per site, pro-rated per month.
  • Bulk-Rate Custom
    • $187.50 per month platform fee plus $3 per site per month
    • Annual Total: $2,250 platform fee plus $36 per site

The service level selected for a website determines the themes and plugins available on that website; and, in the case of Custom and Bulk-Rate Custom websites, the ability to request additional themes and plugins. Note that all themes and plugins must pass the code review process.

Additional charges may be assessed for extra storage and for use of non-NCSU domains:

  • Extra storage (available only at the Standard, Custom, and Bulk-Rate Custom levels)
    • $3 per 10 GB per month
    • Annual Total: $36 per 10 GB
  • Non-NCSU domain (available only at the Custom and Bulk-Rate Custom levels). Non-NCSU domains require approval.
    • Annual Total: $24 (flat rate, not prorated)

Service fees are billed at the time of annual renewals at the start of the new fiscal year, and are paid via interdepartmental transfers. Mid-year site registrations, changes in service level, or changes requiring storage or domain fees will be billed at the discretion of OIT staff and prorated based on months remaining in the year.

OIT reserves the right to charge the owning unit for additional staff hours required to repair and/or remediate accounts that have been hacked or are in violation of terms listed in this agreement.