Web Shared Services performs and coordinates a number of reviews and tests of the Web sites on SUNY System Administration's servers.
Semi-annually, all sites are reviewed for compliance with SUNY's Web Standards, the NYS Office for Technology's standards, and the W3C's Web Content Accessibility Guidelines (WCAG) 1.0 Priority 1 by Web Shared Services. If any violations are found, the office responsible for the Web site will be contacted via email with an attached document that outlines the areas in which need to be addressed. That office will have two weeks to address those violations unless an alternative due date is agreed upon. If violations aren't addressed within the agreed upon date, the Web site may have to be removed from the servers, to protect SUNY from liability.
As a university, SUNY collects and holds large amounts of Personally Identifiable Information (PII), which must be protected for the safety of the various people we serve. Without proper security this information is vulnerable to compromise and the responsible office would therefore become liable. As such, there is an absolute ban on hosting any PII on SUNY's Web servers. Twice a year, the servers are thoroughly scanned to ensure that they are free of PII. Any PII found must be removed immediately followed up by a PII Report to the ISO committee.
Using a variety of tools, the Web servers, including all applications and forms on them, are regularly tested for security vulnerabilities. The vulnerabilities looked for include SQL injection and cross-site scripting. Reported issues are handled and addressed promptly.
Offices are asked annually to review and update their Policies and Procedures listed on the Web site.
Each site on the SUNY Web servers may use up to 3 GB of storage as part of their basic hosting. A scan is made periodically of each site's usage, and offices with sites that exceed 3 GB are notified that they will need to either reduce their usage or pay for additional storage.
Web Shared Services receives a monthly list of terminated employees, and then searches the Web servers to locate any references to those employees that will need to be changed. The responsible office for areas that reference the terminated employee is notified that their site will need to be updated, and then has two weeks to make corrections.
Statistical information is automatically collected for all Web sites on the SUNY servers. Information collected includes page visits, broken links, client browsers, and aggregate visitor information. Reports with the collected information can be generated upon request.
Web Shared Services has an automated tool to check accessibility compliance with New York OFT Standard NYS-P08-005, as well as Section 508 (ADA) and WCAG 1.0. This tool is run on all new sites, and can be run on existing sites by request.