UMass Create – Site Owner Best Practices (Security & Compliance)

Overview

UMass Create provides a managed web hosting environment with centralized infrastructure and baseline security safeguards. Site owners are responsible for maintaining their site content and ensuring alignment with university policies and applicable standards.

This guidance is intended to support safe and responsible use of the platform and will evolve as university-wide standards are updated.

1. Account & Access Security

  • Use strong, unique passwords for all accounts

  • Do not share login credentials

  • Limit access to only those who need it

  • Remove users who no longer require access

2. Site Maintenance

  • Keep themes, plugins, and site software up to date

  • Remove unused plugins, themes, and media files

  • Regularly review site content for accuracy and relevance

3. Data & Privacy

  • Do not store or collect sensitive data (e.g., student records, SSNs, financial data)

  • Be mindful when using forms—avoid collecting unnecessary personal information

  • Follow university policies, including Acceptable Use and FERPA

4. Responsible Use

  • Use the platform for academic, research, and university-related purposes

  • Do not host malicious, misleading, or unauthorized content

  • Comply with all applicable university policies

5. Accessibility Awareness

  • Site owners are responsible for ensuring their content meets accessibility expectations (e.g., ADA Title II considerations)

  • Use accessible themes and follow basic accessibility practices when creating content

6. Backups & Recovery Awareness

  • Maintain copies of critical content when appropriate

  • Understand that recovery options may be limited depending on the situation

7. Platform Responsibilities

UMass Create maintains:

  • Centralized infrastructure and hosting environment

  • Baseline security controls and monitoring

  • Account-level isolation between sites

Site owners operate within this environment and are responsible for their individual site content and compliance.

8. Ongoing Improvements

This guidance will continue to evolve in alignment with university IT, security, and accessibility standards.