Services & Policies -- Arts & Sciences Information Science & Technology (A&SIST)

Arts & Sciences Web Programming Policy

Scope | Policy | Guidelines | Review Process

Scope

This policy is limited to any web-based system hosted on any server operating within the A&S Network. The review process outlined below is generally reserved for broad A&S systems.

Policy

Systems developers must familiarize themselves with the Guidelines below.
Systems developers must adhere to the Arts & Sciences IT Security Policy.
Broad, A&S-wide applications must undergo an Arts & Sciences review process to identify and plan for any ongoing maintenance needs.
All system developers are urged to understand the review process for applications in order to prepare for potential broader application across Arts & Sciences.

Top

Guidelines

Administrators and systems developers should avoid "reinventing the wheel" by thoroughly researching and, where appropriate, reusing existing technology solutions before designing and building new systems from scratch.
Functional requirements of any proposed system should be developed and documented as a preliminary step of the design process. These requirements should articulate the system's role-based authentication requirements.
Systems should use open architectures, standard protocols and non-proprietary file formats.
System security must be a top priority during design and implementation. Up-to-date information on web-based application security can be found online at The Open Web Application Security Project. In the context of this policy, OWASP's Top Ten Vulnerabilities documentation project is most useful.
Systems developers are responsible for documenting their software, by providing comments within their source code, and producing external documents that enumerate the technical architecture and the installation and configuration of any given system.
Developers and owners of systems must schedule and quantify the uptime requirements and ongoing maintenance and support effort necessary to operate each system they deploy.

Top

Review Process

The owners of broad, A&S-wide applications are asked to register those applications with the appropriate office. The registration initiates the review process necessary for the long term stability and support of A&S systems.

In registering an application, an owner is asked to:

identify sponsorship and levels of liability for the application,
describe the purpose and the intended scope of the application,
provide uptime and support requirements.

After registering an application, A&SIST staff will contact the system's owners in order to:

ensure that the system complies with the Arts & Sciences Information Technology Security Policy,
ensure that the system adheres to the Web Programming Guidelines outlined in this policy.

Programmers' time is generally billed at $70/hour. The cost of undertaking a review may be subsidized by the Dean's Office. The review will provide information required to determine and plan budgetary provision for maintenance, upgrades, and systems integration of required components.

Top