Guidelines for Berkeley.edu Websites

Campus website owners must comply with campus and systemwide policies in order to use a berkeley.edu domain. These policies include (but are not limited to):

  • Privacy
  • Brand protection
  • Security
  • Accessibility

 Summary

Campus website owners must identify a Security Contact who will receive notifications of any security issues. If the website is hosted on a third-party hosting service, the site owner must also identify a Resource Proprietor who takes responsibility for ensuring that the site meets campus IT policy requirements and includes a privacy statement, which indicates what personal data the website collects from visitors and how that information is used. This is done through the NetReg service.

Campus website owners should also ensure that their data collection practices align with the UC Statement of Privacy Values. For example, campus websites should not engage in prohibited activities such as the use of third-party advertisements or analytics that track and provide users’ personal data to third parties.

Third-party "no-code" web hosting services are not suitable for berkeley.edu domains because they do not make it possible to comply with Privacy, Brand Protection, Security, Accessibility, and other applicable policies. Examples of these services include Squarespace, Weebly, Wix, and Webflow.

Below is an outline of the requirements and processes for setting up a Berkeley.edu "hostname" for a website. Note: The word "domain" is often used in this context; however, "hostname" is the correct term, and will be used on the rest of this page.

 Requirements and Guidelines

All requests for berkeley.edu hostnames and other records must go through the DNS (Domain Name System) Administrator and the NOS (Network Operations Services) team. The DNS Administrator and NOS team will make all decisions at their own discretion.

All hostnames and other berkeley.edu records must have a legitimate university business use. These records must not be offensive or abusive. Other University entities (such as the Office of Communications & Public Affairs, or Business Contracts and Brand Protection) may determine if a hostname is unacceptable.

All hostname records must comply with all appropriate technical standards and processes, both global and published/communicated by the NOS team (via campus Knowledge Base articles or other means).

Berkeley.edu DNS records may not be created unless they meet criteria outlined in the campus DNS Policy (TBD), and are reviewed by the appropriate campus entities.

Web Accessibility Resources

Terms & Definitions

  • Domain: A top-level name in the Domain Name System (DNS)
    • Examples: berkeley.edu, google.com. 
  • Subdomain: A lower level domain, which may contain other DNS names
    • Examples: technology.berkeley.edu, security.berkeley.edu. 
  • Hostname: An individual name within a domain or subdomain. Typically points to a web site or the IP address of an individual device.
  • DNS: Domain Name System
  • DNS Administrator: Domain Name System Administrator
  • Security Contact: A role used by authorized members to register IT Resources in NetReg and to receive security notices involving those resources. 
  • NetReg: Campus self-service network registration portal, which includes registration for offsite hostnames. 
  • Resource Proprietor: A Berkeley Campus Administrative Official (e.g. Dean, Director, PI, MSO, or other responsible individual to whom financial, administrative or management responsibilities for the department have been delegated) to sponsor the activity.
  • ISO: Information Security Office