Vendor Guidelines
Review these guidelines and share them with potential vendors to ensure a smooth experience building your website.
Custom web development
Customers whose websites are hosted in the Web Publishing service are encouraged to make use of campus resources first before considering off-campus services. This includes:
- Using a theme or plugin that has already gone through our code review process, instead of finding an alternative that provides similar functionality.
- Working with OIT’s Design & Web Services team for projects that involve adding custom functionality to WordPress.
- Working with University Communications for custom design work or brand consultations.
- Working with your college, department, or other campus unit’s web team in any of these areas.
When campus resources are unable to meet your specific needs, you may want to consider working with an external vendor. Please share these guidelines with potential partners during your bid process or prior to signing any contracts. Note that all contracts that exceed $5,000 must also go through the university’s IT purchase compliance process.
Off-campus vendors contracted to build custom WordPress themes or plugins must follow the following guidelines:
- External staff working on the custom development project must have a “no-pay” account granting them access to university systems. The unit hiring the vendor is responsible for requesting and managing these accounts. These accounts allow external staff to submit requests and communicate directly with OIT via the IT service portal.
- Any theme or plugin code must be maintained in either:
- NC State’s GitHub Enterprise service (accessed using a no-pay account)
- A public GitHub.com repository
- Any theme or plugin must pass the Web Publishing code review process, including:
- Security best-practices
- Code quality best-practices
- Privacy and personal data best-practices
- Conformance to WCAG 2.1 AA or better
- For themes, all template and CSS files must be shared with the IT Accessibility Office for review and approval prior to launch.
- For a plugins that create new pages, or add blocks to the WordPress editor, the markup generated and CSS files must be shared with the IT Accessibility Office for review and approval prior to launch.
- Additionally, the university’s automated accessibility scanning tool will generate a report of any issues that must be addressed before launch.
- Consistency with university brand guidelines (or a deviation from the brand approved by University Communications)
After the conclusion of the work by your vendor and on an annual basis moving forward, you will be required to provide documentation that your custom project will be supported. For the purposes of these guidelines, a custom theme or plugin is considered supported if:
- The supporting team provides documentation of features and functionality that is sufficient for campus support staff to respond to tier-1 service requests.
- The supporting team responds promptly (no more than 2 business days after initial contact) to tier-2 and tier-3 service requests.
- The supporting team completes any required bug fixes or any reasonable code maintenance tasks required by OIT.
Support may be provided by the same vendor that completed the work, another third-party service, or a campus web development team will be responsible for maintaining the theme/plugin. Unsupported code cannot remain on the Web Publishing service.
Note also that the Web Publishing service does not include support for vendor FTP accounts, nor does it include any other file system access. All code edits and releases must happen through GitHub or some other approved version control system.
Questions to Ask Your Vendor
Even if an off-campus vendor has a portfolio of beautiful websites, the code powering those websites may not meet our requirements. A good vendor should be able to answer the following questions to your satisfaction. Please consider including these or similar questions in your RFP.
- Who is allowed to use this code?
NC State reserves the right to reuse code licensed to any unit within the university. In most cases, custom themes and plugins are sufficiently custom to the group commissioning the code that this isn’t an issue. But some circumstances exist in which a custom theme or plugin might be reused in multiple places throughout the university. - How will you know that the project is finished? How will we know that it’s finished?
Projects should be appropriately scoped, with clear criteria for judging when work is completed. You and your vendor should have a plan for clear and timely communication about changes in requirements. - How easy is it to stop using what you build for us?
No website lasts forever. Some day you may need a new design, or the requirements for your custom functionality will change. Your vendor should have an answer about data portability so that you’re not permanently locked into their product. - What third-party resources and libraries do you depend on?
Using third-party resources isn’t a bad thing, but your vendor should be able to account for the external JavaScript libraries and other resources that go into their projects. This is an important part of long-term maintainability. - Will the final product meet WCAG 2.1 AA accessibility standards?
Accessibility is a requirement for all NC State websites, regardless of where they’re hosted. Websites hosted in the Web Publishing service with significant known accessibility issues will not be allowed to launch.
Marketing materials and web content production
Customers whose websites are hosted in the Web Publishing service are encouraged to make use of campus resources first before considering off-campus services. This includes working with University Communications or your unit-level communications staff on marketing and web content production.
When campus resources are unable to meet your specific needs, you may want to consider working with an external vendor. Please share these guidelines with potential partners during your bid process or prior to signing any contracts. Note that all contracts that exceed $5,000 must also go through the university’s IT purchase compliance process.
Off-campus vendors contracted to create web content must follow the following guidelines:
- External staff logging into WordPress must have a “no-pay” account granting them access to university systems. The unit hiring the vendor is responsible for requesting and managing these accounts. These accounts allow external staff to submit requests and communicate directly with OIT via the IT service portal.
- Anyone creating content must understand and follow the university brand guidelines. When appropriate, external staff are encouraged to attend UComm’s brand training workshops.
- Anyone creating content must understand and follow WCAG 2.1 AA accessibility requirements.
At the conclusion of the content production project, you and your vendor are encouraged to create a content maintenance plan for your own internal use. This plan should include:
- An inventory of all content created by your vendor
- Ownership assignments for who on your team will be responsible for keeping that content up-to-date moving forward
- A schedule for how often that content needs to be reviewed and updated.