I. Preface

A. Introduction

The policies and regulations for managing websites are a foundational document that outlines the frameworks, outlines roles and responsibilities, and establishes the proper practices that must be followed and executed by the administrators of the University of Baghdad’s affiliated websites, irrespective of their authority, to ensure the security and safety of the websites. 

Note: The policies and controls of the University of Baghdad align with, and enhance, the document of guidelines and standards for information and data security issued by the General Secretariat of the Council of Ministers. The University also ensures that its protocol is regularly updated as required.

B. Goals

The goals are to establish a secure and dependable information systems environment for efficient website management. This entails assigning website administrators specific responsibilities and granting them appropriate powers. We will implement controls and instructions to define acceptable and prohibited practices, and safeguard the system against unauthorized access, to ensure correct and safe usage.

C. Scope

Website administrators within their different authority levels.

D. System

The Website Division uses the WordPress content management system to manage its webpages effectively.

II. Roles and responsibilities

  1. The Website System Manager is an IT specialist who is responsible for managing the website system. They supervise the administration and contribute to the development of policies and strategies for the system within the University of Baghdad. Additionally, they provide technical support in collaboration with the website management team and report any technical issues or misuse.
  2. The Information Security Manager is a staff member responsible for ensuring information security at the University of Baghdad.
  3. The Website Management Team is made up of specialized employees from the University of Baghdad Presidency’s Website Division. Their main responsibilities include adding, modifying, and deleting accounts of website administrators within the university’s formations. They also handle any technical issues or misuse under the supervision of the system manager and provide technical support.
  4. The support team operates within colleges, institutes, centers, or presidency departments. They are typically appointed by the relevant authorities within the college, institute, or center administration, or by the department head (in the case of presidency departments), or by the official in charge of website administration. Their responsibilities include assisting the website official in handling content and technical issues, in accordance with their level of authority and assigned tasks. They must formally notify the university presidency’s website department of their complete information through an official letter or by utilizing the technical support system the department provides.
  5. The person tasked with overseeing the website administration within colleges, institutions, centers, or presidency departments: The college, institute, center, or department head (within the presidency departments) shall carry out the assignment of individuals under the administration’s authority. It is mandatory to notify the university presidency’s website division in an official letter. The assigned individuals shall have the following responsibilities:
  • Supervising the various sections of the website to ensure a smooth publishing process.
  • Making updates to the website information.
  • Consistently monitoring the website and promptly reporting any illegal activity or technical issues.
  • Providing the required specifications and pertinent data for the website division’s annual evaluation process.

III. Standard restrictions and guidelines

  1. For website administration, the official university email account is required. 
  2. Maintaining the confidentiality of the password and preventing its sharing is crucial
  3. Utilize an exclusive password that is challenging to predict, non-sequential, adequately lengthy, and comprised of letters, numbers, and symbols without duplication. Additionally, consider periodically altering it and refraining from utilizing it across multiple accounts or login systems while strictly adhering to the password restrictions.
  4. In the Website Division, the Website Management Team is responsible for resetting passwords. The Website Management Team carries out this task upon request from the account holder who has forgotten or lost their password.
  5. To protect the public interest and ensure the security of websites, the Information Security Manager has the authority to suggest any technological security enhancements to the system administrator.
  6. It is imperative to enable the two-factor authentication feature for all website management accounts.
  7. It is not permissible to have multiple site administrator accounts within a single organization. This account is exclusively owned by the website administrator, or the designated person responsible for managing it, is the exclusive owner of this account.
  8. The system administrator may need to inspect the logs.
  9. It is not permissible to launch a website unrelated to the University of Baghdad’s official activities, such as a service, scientific event, or forum. The system administrator may need to inspect the logs.
  10. It is prohibited to create a website that falls outside the authorized domain of the Baghdad formation, whether it is for a service, scientific event, or forum that directly relates to the formation.
  11. The formation can formally request the creation of a website with a sub-domain under the University of Baghdad’s jurisdiction for conferences organized by the formation. The Website Division should receive this request in an official letter. The management of the conference can be done in two ways: either by assigning a member of the Website Division to the conference preparatory committees or by nominating a staff member from the formation and giving their complete details to the Website Division in an official letter.
  12. The Website Division is the sole authorized entity responsible for creating subdomains within the University of Baghdad’s official domain. Only the designated authority can modify the titles and descriptions of the university’s websites or main settings.
  13. When the website administrator changes, the previous and current administrator must conduct an official handover of the accounts. Additionally, the previous and current administrators must formally notify the website department through an official letter that provides comprehensive information about the new administrator, including their full name in Arabic and English, official university account, and phone number.
  14. Based on its perception, the Website Division will determine the degrees of validity mentioned in paragraph (III-C), taking into consideration technical and safety aspects.
  15. Regardless of its privileges, every account has the right to use the technical support system for technical questions or to amend accounts related to site administration, except for the site administrator’s account, as stated in paragraph (III-17).
  16. If a university account violates the restrictions outlined in these guidelines or any relevant government laws and regulations, the system administrator or information security manager has the authority to suspend it.
  17. Four unique account types vary in their duties or permissions for website management. These are the account types:
  • The System Administrator and Website Management Team maintain the “Super Admin” account: This account grants the user complete authority to access all University of Baghdad websites. The system administrator specifies the specific privileges through an official letter.
  • Administrator account: Depending on the organizational structure, the administrator of a website unit in colleges, institutes, or centers, or the administrator of the website in university presidency departments, owns this distinct account. The owner of this account possesses extensive authority, enabling them to exclusively manage their website.
  • The support team has an editor account. Editor: The account owner has limited permissions compared to the site manager account, which restricts their editing capabilities to only their site.
  • Author account within the support team: The individual who owns this account has the authority to include and modify news exclusively on their website.
FacebookXLinkedinWhatsappTelegramPrintShortlink