THIS INFORMATION IS FOR INTERNAL USE ONLY. PLEASE CONTACT THE APPROPRIATE OFFICE FOR GENERAL SUPPORT.

Hosted Services Policy

INTRODUCTION

The purpose of this policy is to:

  • Utilize hosted services in the most appropriate way to achieve desired outcomes
  • Maintain the consistency of university and student affairs branding across hosted services
  • Protect the university's intellectual property
  • Ensure that vendor relationships are handled through required purchasing and legal channels
  • Ensure compliance with appropriate university data protection policies
  • Provide a mechanism for business continuity in the event of staffing changes
Closest Resources

Content on hosted platforms must generally use the "closest resource" available with preference going to the categories listed below, in order. Services higher in the list are always preferred, even when the service available may not be entirely equivalent to services available lower in the list. The director of IT is responsible for approving exceptions to this rule in exceptional circumstances.

  1. Services which the division has designated for a particular purpose
  2. OrgSync
  3. CWRU Division of Student Affairs website (students.case.edu)
  4. Other external partner sites with a contractural relationship with the division
  5. External partner sites with a contractual relationship to the university supported by ITS
  6. Other public sites, whether free or paid
Administrative Access

Hosted services must be established in conjunction with the IT Operations Group, which will retain administrative access to the resource. This access will be used to modify access in the event of staffing changes, provide support to end users, or to respond to official university or legal requests.

Legal Agreements

Even when they are free, hosted services have user agreements, terms of service, or other contractual language which you must accept when you sign up for an account. Individual staff members are not permitted to enter into these agreements on behalf of the university. All agreements for external sites must be executed through the IT Operations Group, which will retain a copy of the contract and approvals from the university attorney. The contract approval process ensures that the university and its data are properly protected.

Data Security

Different types of data or services have different data security and compliance requirements. University policy dictates the types of information can be stored in hosted services, and the legal agreements that must be in place to support it. Generally, restricted information cannot be stored in most hosted services, and special care must be taken with with privileged information. We may also be required to ensure that some types of data are not hosted outside of the United States.

Service Types

Specific guidelines for the following common services classes are available:

Last Updated: March 2015