Institutional Online Resource (IOR) Governance Policy
Institution Online Resources (IOR) Governance Policy
As the scope of Georgia College & State University’s (GCSU) web presence broadens, it is necessary to establish a policy to inform the ownership, control, and use of all Institution Online Resources (IOR). To that end, this policy concerns the university’s ownership, control, and use of all IORs, addressing the following matters: (1) exclusive ownership and control of all IORs; (2) exclusive authority over all IORs owned or controlled by the university and the exclusive authority to acquire additional online resources in its name in the future; (3) approval of content published on an IOR; and (4) removal of content improperly published to an IOR.
Definition of Institution Online Resources
The university’s IOR consist of all online resources owned or controlled by the university, including internet domains, websites, web pages, email accounts, web or mobile applications, official social media accounts of the university and all its departments and programs, online educational resources, and the content therein. IORs do not include non-public-facing IT resources. IOR also do not include personal webpages or social media accounts of universities employees and students. GCSU instructs employees and students that @gcsu.edu and @bobcat.gcsu.edu accounts shall not be used for personal accounts and business not related to either employment duties or academic communications.
Authority and Control over Institution Online Resources
In keeping with University System of Georgia (USG) policy and guidance, all IOR are the property of the university and under its exclusive control. The university has the exclusive authority over all IOR and the exclusive authority to acquire additional IORs in its name in the future.
Inventory of Institution Online Resources
Each department, program, or initiative of the university (hereafter referred to as “department”), must maintain its own inventory of IOR under its jurisdiction. Each department must submit an annual copy of the inventory to the Office of University Communications (UC) and the Office of Information Technology (IT) through the current submission guidelines.
Adoption of Policy Governing Institution Online Resources
Each department must have a documented procedure that is submitted annually to UC and IT through the current submission guidelines that details the acquisition of new IORs, the management of existing IORs, the retirement of IORs, the statement of the data retention requirements for each IOR, and approval procedures documentation. Each department’s IORs must comply with university-wide and USG policies and guidelines, including the following:
Management of Institution Online Resources
Administrative access to IORs must be delegated and documented in each department and reported annually to UC and IT through the current submission guidelines.
Part of the separation process for employees shall include the transition of account control over any IORs managed by the departing employee.
Limitation on Management by Student Employees
Student employees shall not be granted administrative access privileges or duties over an IOR without express written permission from the appropriate employee with designated approval authority for the IOR and with appropriate approval and oversight procedures in place for any content the students are to publish on an IOR.
Creating New Online Resources and Managing Existing Content
Each department must have a documented procedure for (1) the establishing of IOR, (2) the management of existing IOR, (3) approval of content, (4) the deletion of IOR no longer needed, and (5) the designation of one or more individuals ultimately responsible for approving content which will be submitted annually through the current submissions guidelines.
Each department shall be responsible for the content of each IOR under its control, including responsibility to ensure that content (1) complies with applicable USG and university-wide policies, (2) complies with federal accessibility requirements, and (3) does not violate the intellectual property rights of third parties. A sample of approval statements can be found in the IOR Submission Guidelines.
UC, IT, and/or the Office of Legal Affairs may be contacted to provide recommendations or direct assistance to comply with or clarify existing USG and GCSU policies and relevant federal accessibility guidelines.
Moderation of Third-Party Content
Content created by third-party users of an IOR shall be moderated in compliance with applicable university policies governing the posting of content on such IOR and subject to any applicable terms and conditions or end user agreements of the third-party hosting platform.
Removal of Unauthorized Content
Any IOR content that has not been approved by the responsible department or is otherwise not in compliance with university policies or the applicable department’s required review and approval process shall be removed promptly following discovery. Failure to do so may result in employee discipline. The authority and responsibility for removing such content will reside with the department that controls the IOR where the content is located. If a department requires assistance to remove such content, then the UC or IT may provide assistance with unauthorized content. Ultimate authority for the approval or removal of content on IOR rests with the President of the university or a designee.
Any IOR content that is due to an unauthorized account breach should be immediately reported by the responsible department to the university’s Office of Information Security (iso@gcsu.edu) for a review of any potential data privacy and cybersecurity concerns.
Policy Approved by Executive Cabinet on 09-27-2022
Effective as of January 1, 2023