Policies and regulations for the management and utilization of email within the University of Baghdad domain

I. Preface

1. Introduction
The website management policies and controls are a fundamental document that outlines the work frameworks, defines roles and responsibilities, and demonstrates the correct practices that website administrators affiliated with the University of Baghdad, with the corresponding authority, must observe and implement to ensure the safety and security of websites.
The General Secretariat of the Council of Ministers’ information and data security policies and standards document does not conflict with the University of Baghdad’s policies and controls; rather, they complement it. We regularly update the policy as needed.
2. Goals
Ensuring the optimal use of website management by establishing regulates and instructions that clarify acceptable and prohibited practices and protecting the system from illegal access to ensure that all website administrators within the university carry responsibility for correct and safe usage, in accordance with their granted authorities. Provide a safe, dependable, and smooth information systems environment.
3. Scope
All University website administrators with different privileges.
4. System
The Website Division utilizes the WordPress content management system to manage its websites.

II. Roles and responsibilities

1.  Manager of website systems
   An information technology specialist oversees the administration’s work, develops general policies and strategies for the system, and implements these strategies within the University of Baghdad. Additionally, the specialist is responsible for providing technical support in collaboration with the website management team and reporting any technical issues. Otherwise, it may be abused.
2.  Manager of Information Security
   At the University of Baghdad, he is an employee who is responsible for managing information security.
3.  Management team for website systems
   Under the supervision of the system manager, a team of employees in the Website Division / Presidency of the University of Baghdad with specialized knowledge is tasked with the addition, modification, and deletion of website administrator accounts within the University of Baghdad formations, as well as the resolution of any technical issues or misuse. Technical support is also provided.
4. Managers of the website for colleges, institutes, centers, or presidential departments.
   They will be assigned by the administration of the college, institute, center, or department head (within the presidency departments), with the need to inform the website division in the university presidency by an official letter, and their duties will be:
   • Managing the website and its various sections and supervising the publishing process within the website.
   • Update the website’s contents.
   • Continuously ensure that the site is monitored and disclose any technical issues or intrusions.
   • Submitting pertinent requirements and information during the Website Division’s annual evaluation procedure.
5. Support team that provides support in presidential departments, centers, institutes, or colleges. They will be assigned by the administration of the college, institute, center, department head (within the presidency departments), or the website management official. Their duties will be to assist the website official in providing content and technical matters, according to the degree of authority and assignment, with the need to inform the website division of their complete information in an official letter or via email. Technical support system (provided by the Website Division at the University Presidency).

III. Policies and regulations

1. The official university email account must be utilized in the website administration accounts.
2. It is permissible to disclose the password or permit others to use it, provided that the confidentiality of the information within the system is maintained. The violator is responsible for the legal repercussions that result.
3. The website is managed by four distinct categories of accounts, each of which possesses distinct roles or authorities:
   A. The system administrator and the website system administration team are granted access to the Super Admin account. The system administrator and an official letter identify the websites that the account holder has the authority to access.
   B. Administrator account: A distinctive account that is owned by the administrator of the website unit in colleges, institutes, or centers (depending on the structure of the formation) or the website administrator in the departments of the university presidency. The owner of this account has unlimited powers that enable them to manage their site.
   C. Editor’s account within the supporting team: The proprietor of this account is granted fewer privileges than the site administrator’s account, which permits him to only make modifications to his own site.
   D. Author account within the supporting team: The owner of this account is authorized to post and modify news within their site.
4. Use a unique password that is difficult to guess, non-consecutive, and long enough. It must be composed of letters, numbers, and symbols and without repetition, considering changing it periodically and not using it in more than one account or login system, with the need to fully adhere to the password policy.
5. Passwords can be reset by the website system management team in the website division in the case that the account bearer forgets or loses their password after submitting a request.
6. The Information Security Manager is authorized to recommend any security technical enhancements to the System Manager to safeguard websites and support public safety.
7. Two-factor authentication must be enabled on all website administration accounts.
8. The unique owner of this account is the website administrator or the individual responsible for managing it, and it is not permissible to have two or more accounts from the site administrator account category in a single configuration.
9. The system administrator may be required to examine the logs.
10.  It is prohibited to establish a website that is not part of the University of Baghdad’s official domain for a service, scientific event, or forum that is related to the university.
11. The formation has the option to submit a request in an official letter to the Website Division to establish a website with a sub-domain within the University of Baghdad for conferences held within the formations. The website will be managed either by the Website Division by appointing a member of the division’s staff to the conference’s preparatory committees, or by nominating a name within the formation staff, who must provide the full information to the website division in an official letter.
12. The Website Division is the sole and official entity that is authorized to establish subdomains within the official domain of the University of Baghdad. It is prohibited to modify the addresses and descriptions of the university’s websites or primary counters without its authorization.
13. In the event of a change in the website administrator, the previous and current administrator must conduct an official handover of the accounts. The website division must be notified of the change in the administrator by means of an official letter that includes the full name of the new administrator in Arabic and English, as well as their official university account and phone number. The levels of authority referenced in Paragraph (III -3) are determined by the Website Division in accordance with its assessment of technical and security requirements.
14. All accounts, regardless of their respective powers, are entitled to utilize the technical support system for technical inquiries or to modify the site administration accounts (except for the site manager account, as specified in Paragraph (III-13).
15. If any university account violates the controls outlined in this policy or any relevant government laws and legislation, the system administrator or information security manager reserves the right to suspend the account.