Units within the university shall develop policies governing the procedures to post information on publicly accessible information resources to ensure only authorized university personnel have access to publicly post content.


  • The information resource owner, or designee, is responsible for ensuring that the measures described in this Control are implemented. The intended audience for this Control includes, but is not limited to, all information resources owners and custodians. This Control does not apply to faculty or student use of information resources for limited public forums; however, such use should follow Standard Administrative Procedure 29.01.03.M0.02, Acceptable Use.


  • 1

    The information resource owner, or designee shall:

    • 1.1

      Designate individuals authorized to post information onto a publicly accessible information resource;

    • 1.2

      Train authorized university personnel to ensure that publicly accessible information does not contain nonpublic information;

    • 1.3

      Review the proposed content of information prior to posting onto the publicly accessible information resource to ensure that nonpublic information is non included; and

    • 1.4

      Review the content on the publicly accessible information resource for nonpublic information periodically based on risk management decisions, and remove such information if discovered.