Topics Map > Service Documentation

Web Hosting - Terms of Use

The following terms of use define what you can expect from us and conversely, what we expect from you, our customer.

Questions or concerns on the following content may be directed to us at webhosting@doit.wisc.edu.


Eligibility for this Service:

This service is available to the University of Wisconsin, System and its affiliates.

This service is not available to host individual/personal websites for students, faculty, or staff.

Responsible Use:

Customers using this service are required to:

Inappropriate Use Policy:

We reserve the right to remove a website or application if the website or application compromises the confidentiality, integrity, or availability of University data or information systems; violates University policies or laws that govern the use of University data; or performs a function that is inappropriate for a non-restricted data environment (Web Hosting Service has a dedicated restricted hosting environment). Examples of inappropriate use of this service include, but are not limited to:

  • Security issues resulting from software flaws
  • Site neglect and failure to apply security patches
  • Spam or other inappropriate commercial activity
  • Publication or collection of information inappropriate for a public-facing web server such as credit card numbers, protected health information, social security numbers, or FERPA-protected information

Actions:

  1. Notifications will be sent to the listed contacts on the account making them aware of the situation and a timeline to respond.
  2. A second notice will be sent and pursuant follow-up with departmental leadership and/or  UW-MIST contacts in these departments to advise.
  3. Violations can be referred to the Office of CyberSecurity for review and CSOC-based notifications and tracking.
  4. The site can be suspended or protected (NetID, IP based, etc.) and eventually decommissioned from the service.

Restricted and PCI Data:

Restricted Data: Customers are required to inform Web Hosting Service if they intend to handle restricted data in an application that is part of their account. If your website processes restricted data or may need to do so, please contact Web Hosting Service. Web Hosting Service has a dedicated environment for restricted data accounts. Applications handling restricted data are subject to an initial consultation and review process.

The hosting platform and application access should be as restrictive as possible and only open to the audience it serves. Web Hosting Service can implement NetID and firewall rule protections, but the customers are responsible for ensuring their application is as restrictive as possible.

PCI / Credit Card Processing: E-commerce services at the UW Madison are managed and provided by Business Services via CashNET.  The restricted data platforms are NOT fully PCI compliant to process, store or transmit credit card data directly but offer limited PCI compliance for storefronts that send the processing of the credit card payment to the E-Commerce provider.

HIPAA Covered Data

DoIT's Web Hosting Service restricted data hosting environments are not suitable for handling protected health information (PHI), subject to the Health Insurance Portability and Accountability Act (HIPAA) privacy rule. We reserve the right to decline a request of hosting a website or application if the data processed by the website or application are determined to be protected health information subject to HIPAA Privacy Rule.

Please see the UW-Madison HIPAA Guidelines.

The restricted data platform is NOT fully compliant with HIPAA security standards.   However, if patient data is de-identified per the policy https://policy.wisc.edu/library/UW-114 and doesn't fall under full HIPAA it can be accommodated. 

For more information please see: Web Hosting - Restricted Data, PCI, HIPAA

Compliance

It is your responsibility to comply with Restricted Data Security Standards. If your application stores, processes, transmits, handles or otherwise accesses restricted data as defined at UW-Madison, and the Web Hosting Service is not notified, the University will take appropriate action to enforce compliance.

Web Hosting Account

A web hosting account is defined as a web-accessible directory on one of our hosting platforms that are billed to a single fund/invoice. Where multiple platforms or billing sources are needed, there will need to be multiple web hosting accounts. However, multiple websites on the same hosting platform can be part of one account. Please see our Additional Domains page for more information.

Free Bronze Service web hosting accounts are available to customers who only require static web pages (i.e. HTML-only) because these sites typically require much less support time and server resources.  Corresponding test instances are available upon request.

Each Nickel, Silver, Gold, or Platinum web hosting account also receives a test domain for developing/testing content before production releases. The other domain is the customer's Production domain. Customers should only advertise their Production domain and reserve the test domain for development and testing.

Note: Customers can also request additional development, testing, QA (Quality Assurance) environments to complement their production environments.

You can apply for any type of account (Bronze, Nickel, Silver, Gold, or Platinum) via our Account Request Form.

Division of Responsibilities:

Web Hosting is responsible for maintaining a stable environment for application development and web access. Customers are responsible for all the content of their site(s) and all web application development, including testing and troubleshooting. Web Hosting will strive to maintain the availability of the services at all times. In the event of an outage, Web Hosting staff members will resolve the issue promptly and provide appropriate information to users via available channels, such as https://outages.doit.wisc.edu and email notifications to any contacts listed for an account, which is impacted.

Web Site Development Assistance:

Customers interested in partnering with DoIT developers can learn about the groups who provide custom development services. You may also request web development services from DoIT, and a specialist will help connect with you with the right group.

When filling out the request form, please provide a detailed description of the assistance needed. It's also helpful to include preferred development language and platforms if known, such as ASP.NET, PHP, Java, Open Source (WordPress, Drupal), Node.js, Ruby, etc.

Backups:

The web hosting service utilizes DoIT's Bucky Backup service to protect data and recover it if needed. We maintain the last two versions of a particular file no older than sixty days. We also maintain nightly backups for all customer MySQL databases hosted on our servers.

For more information, please see: Web Hosting - Web Site Backup and Recovery.

Support Policy:

Support requests for the Web Hosting Service are primarily handled via email to webhosting@doit.wisc.edu during business hours. We endeavor to respond to customer requests within 24-48 hours, and full resolution time may vary based on the issue and capacity.

Please contact the DoIT Help Desk for site support outside of business hours and for emergencies.

DoIT does maintain a 24 x7 Network Operations Center, which monitors various servers/services. Our servers/services have monitoring in place and the NOC will call web hosting support staff if there is a known outage from our service. However, off-hours support for almost all DoIT services is considered “best effort”.  When team members may receive a call from the NOC after hours many will take the call but are not obligated to do so.

Infrastructure (and Maintenance):

Web Hosting Service maintenance and upgrades to our platforms are conducted during our established maintenance window (Sunday 6AM-12PM).

This service is not recommended for sites that cannot accommodate infrequently scheduled maintenance outages or sites that require a highly customized hosting environment or High Availability configurations (i.e. specialized software installation, server restarts to pick up configuration changes, load balancers, with multiple servers, etc.)

The Web Hosting environment is robust enough to support many of UW-Madison's high-profile websites. In some cases, however, a dedicated server hosted on the DoIT Platform or via one of the UW-Madison Cloud providers may be more appropriate.  For more information please see Web Hosting - Shared vs. Dedicated Hosting Options

Cancellation:

Customers can contact us at any time to cancel service and billing on an account.  Please see our cancellation page for instructions on how to inactivate your account.

Questions/comments on web hosting? Send email to webhosting@doit.wisc.edu



Keywordspolices, terms, appropriate use, guidelines, best practices, restricted data, PCI, HIPAA, security, responsibilities support   Doc ID44461
OwnerJake S.GroupDoIT Web Hosting
Created2014-10-24 11:46:59Updated2023-10-24 10:08:54
SitesDoIT Web Hosting
CleanURLhttps://kb.wisc.edu/webhosting/terms-of-use
Feedback  0   0