Guidelines for Berkeley.edu Websites
Campus website owners must comply with campus and systemwide policies in order to use a berkeley.edu domain. These policies include (but are not limited to):
Campus website owners must identify a Security Contact who will receive notifications of any security issues. If the website is hosted on a third-party hosting service, the site owner must also identify a Resource Proprietor who takes responsibility for ensuring that the site meets campus IT policy requirements and includes a privacy statement, which indicates what personal data the website collects from visitors and how that information is used. This is done through the Socreg asset registration portal
Campus website owners should also ensure that their data collection practices align with the UC Statement of Privacy Values. For example, campus websites should not engage in prohibited activities such as the use of third-party advertisements or analytics that track and provide users’ personal data to third parties.
Third-party "no-code" web hosting services are not suitable for berkeley.edu domains because they do not make it possible to comply with Privacy, Brand Protection, Security, Accessibility, and other applicable policies. Examples of these services include Squarespace, Weebly, Wix, and Webflow.
Below is an outline of the requirements and processes for setting up a Berkeley.edu "hostname" for a website. Note: The word "domain" is often used in this context; however, "hostname" is the correct term, and will be used on the rest of this page.
Requirements and Guidelines
Campus departments must first receive approval from the Information Security Office (ISO) to use a berkeley.edu hostname with an offsite hosting service. The approval process is completed via the ISO's Socreg asset registration portal.
To complete the offsite hostname registration process in Socreg the campus department must choose a "Security Contact" for the offsite hostname. A Security Contact is a role used by authorized members to register IT Resources in Socreg and to receive security notices involving those resources. If others in your department have a Security Contact role in Socreg, ask them to request the offsite hostname.
If you do not know your department's Security Contact, you can begin the registration process by logging into Socreg and creating a new offsite hostname registration. ISO staff will help you find your department's Security Contact as part of the registration and approval process.
The Security Contact will need to know the following information in order to register an offsite hostname:
Offsite hostname: The requested berkeley.edu hostname.
Hosting Service: The offsite hosting service.
Data Protection Level: Select the approved Data Protection Level
for the service; for example, sites on Pantheon are only approved for Protection Level P1.
Description: Simple description of website.
IT Resource Proprietor: The ISO requests that all websites have a Resource Proprietor. This is a Berkeley Campus Administrative Official (e.g. Dean, Director, PI, MSO, or another responsible individual to whom financial, administrative or management responsibilities for the department have been delegated) to sponsor the activity.
Additional notes to DNS Administrator: The DNS (Domain Name System) information provided by the offsite hosting service. The DNS Administrator needs this information in order to point the berkeley.edu hostname to the hosting service in the campus DNS.