Topics Map > Service Documentation

Web Hosting - Terms of Use

The following terms of use define what you can expect from us and conversely, what we expect from you, our customer.

Questions or concerns on the following content may be directed to us at webhosting@doit.wisc.edu.


Eligibility for this Service:

This service is available to the University of Wisconsin, System and its affiliates.

This service is not available to host individual/personal websites for students, faculty, or staff.

Responsible Use:

Customers using this service are required to:

Inappropriate Use Policy:

We reserve the right to remove a website or application if it compromises the confidentiality, integrity, or availability of University data or information systems; violates University policies or laws that govern the use of University data; or performs a function that is inappropriate for a non-restricted data environment, which is offered: Web Hosting - Restricted Data, PCI, HIPAA.

Examples of inappropriate use of this service include, but are not limited to:

  • Security issues resulting from software flaws
  • Site neglect and failure to apply security patches
  • Spam or other inappropriate commercial activity
  • Publication or collection of information inappropriate for a public-facing web server such as credit card numbers, protected health information, social security numbers, or FERPA-protected information

Actions:

  1. Notifications will be sent to the listed contacts on the account making them aware of the situation and a timeline to respond.
  2. A second notice will be sent and pursuant follow-up with departmental leadership and/or  UW-MIST contacts in these departments to advise.
  3. Violations can be referred to the Office of CyberSecurity for review and CSOC-based notifications and tracking.
  4. The site can be suspended or protected (NetID, IP-based, etc.) and decommissioned from the service.

Restricted and PCI Data:

Restricted Data: Customers are required to inform Web Hosting Service if they intend to handle restricted data in an application that is part of their account. If your website processes restricted data or may need to do so, please contact Web Hosting Service. Web Hosting Service has a dedicated environment for restricted data accounts. Applications handling restricted data are subject to an initial consultation and review process.

The hosting platform and application access should be as restrictive as possible and only open to the audience it serves.  The Web Hosting Service can implement NetID and firewall rule protections, but the customers are responsible for ensuring their application is as restrictive as possible.

PCI / Credit Card Processing: E-commerce services at the UW Madison are managed and provided by Business Services .  The restricted data platforms are NOT fully PCI compliant to process, store or transmit credit card data directly but offer compliance for storefronts that send the processing of the credit card payment to the E-Commerce service.

HIPAA Covered Data

DoIT's Web Hosting restricted data hosting environments are not suitable for handling protected health information (PHI), subject to the Health Insurance Portability and Accountability Act (HIPAA) privacy rule. We reserve the right to decline a request to host a website or application if the data processed by the website or application are determined to be protected health information subject to HIPAA Privacy Rule.

Please see the UW-Madison HIPAA Guidelines.

The restricted data platform is NOT fully compliant with HIPAA security standards but hosting can be accommodated if patient data is de-identified per https://policy.wisc.edu/library/UW-114 

For more information please see: Web Hosting - Restricted Data, PCI, HIPAA

Compliance

It is your responsibility to comply with Restricted Data Security Standards. If your application stores, processes, transmits, handles or otherwise accesses restricted data as defined at UW-Madison, and the Web Hosting Service is not notified, the University will take appropriate action to enforce compliance.

Web Hosting Account

A web hosting account contains web-accessible directories on one of our hosting platforms that are billed to a single fund/invoice. Separate platforms/frameworks for the domains in the account or different billing sources will require distinct web hosting accounts. However, multiple websites on the same hosting platform can be part of one account. Please see our Additional Domains page for more information.

Free Bronze Service web hosting accounts are available to customers who only require static web pages (i.e. HTML-only) because these sites typically require much less support time and server resources.  Corresponding test instances are available upon request.

Each Nickel, Silver, Gold, or Platinum web hosting account also receives a test domain for developing/testing content before production releases. Customers should only advertise their Production domain and reserve the test domain for development and testing.

Note: Customers can also request additional development, testing, QA (Quality Assurance) environments to complement their production environments.

You can apply for any type of account (Bronze, Nickel, Silver, Gold, or Platinum) via our Account Request Form.

Division of Responsibilities:

Web Hosting is responsible for maintaining a stable environment for application development and web access. Customers are responsible for all the content of their site(s) and all web application development, including testing and troubleshooting. Web Hosting will strive to maintain the availability of the services at all times. In the event of an outage, Web Hosting staff members will endeavor to resolve the issue promptly and provide appropriate information to users via https://outages.doit.wisc.edu and email notifications to any contacts listed for an account, which is impacted.

Web Site Development Assistance:

Customers interested in partnering with DoIT developers can learn about the groups that provide custom development services. You can request web development assistance from DoIT, and a specialist will help connect you with the right group.

When filling out the request form, please provide a detailed description of the assistance needed. It's also helpful to include preferred development languages and platforms if known, such as ASP.NET, PHP, Java, Open Source (WordPress, Drupal), Node.js, Ruby, etc.

Backups:

The web hosting service utilizes DoIT's Bucky Backup service to protect data and recover it if needed. We maintain the last three versions of a particular file no older than sixty days. We also maintain nightly backups for all customer MySQL databases hosted on our servers.

For more information, please see: Web Hosting - Web Site Backup and Recovery.

Support Policy:

Support requests for the Web Hosting Service are primarily handled via email to webhosting@doit.wisc.edu during business hours. We endeavor to respond to customer requests within 24-48 hours, and full resolution time may vary based on the issue and capacity.

Please contact the DoIT Help Desk for site support outside of business hours and for emergencies.

DoIT does maintain a 24 x7 Network Operations Center, which monitors various servers/services. Our servers/services have monitoring in place and the NOC will call web hosting support staff if there is a known outage from our service. However, off-hours support for almost all DoIT services is considered “best effort”.  When team members receive a call from the NOC after hours many will take the call but are not obligated to do so.

Infrastructure (and Maintenance):

Web Hosting Service maintenance and upgrades to our platforms are conducted during our established maintenance window (Sunday 6 AM-12 PM).

This service is not recommended for sites that cannot accommodate infrequently scheduled maintenance outages or sites that require a highly customized hosting environment or High Availability configurations (i.e. specialized software installation, server restarts to pick up configuration changes, load balancing with multiple servers, etc.)

The Web Hosting environment is robust enough to support many of UW-Madison's high-profile websites. In some cases, however, a dedicated server hosted on the DoIT Platform or via one of the UW-Madison Cloud providers may be more appropriate. 

For more information please see Web Hosting - Shared vs. Dedicated Hosting Options

Cancellation:

Customers can contact us at any time to cancel service and billing on an account.  Please see our cancellation page for instructions on how to inactivate your account.

Questions/comments on web hosting? Send email to webhosting@doit.wisc.edu



Keywords:
polices, terms, appropriate use, guidelines, best practices, restricted data, PCI, HIPAA, security, responsibilities support 
Doc ID:
44461
Owned by:
Jake S. in DoIT Web Hosting
Created:
2014-10-24
Updated:
2024-07-23
Sites:
DoIT Web Hosting