Policy on Website Governance
1. Purpose
This policy establishes roles and responsibilities for governance of websites within the Fermilab web presence and the minimum requirements that website owners must meet in order to make content accessible via the Fermilab web presence.[i] This policy uses a graded approach that ensures that the Fermilab web presence supports the laboratory’s scientific mission through a consistent and current website environment that maintains the reputation of the laboratory.
2. Scope
This policy covers all websites in Fermilab-owned domains, regardless of whether hosted on servers within or outside the Fermilab network.
3. Applicability
This policy applies to all employees, users, affiliates and contractors who create or maintain websites within all Fermilab web environments.
4. Effective Date and Date Reviewed/Updated
This policy went into effect on October 1, 2015, and its update was effective on February 3, 2023.
5. Policy
5.1 Governance
Overall governance for Fermilab’s website presence resides within the Communication Division, with input from directorates, divisions, users and affiliates obtained through the Web Governance Committee. Governance is more tightly controlled in areas where there is external or labwide internal exposure.
Site owners and content editors are responsible for maintaining a clear understanding of how their websites or webpages are affected by web governance and IT policies and procedures. Site owners and content editors are responsible for ensuring their sites or pages follow all applicable security, access, branding, layout, structure, style, content guidelines, and maintenance rules as outlined in web governance and IT policies, procedures and guidelines.
5.2 Graded approach to website governance
The level of governance rigor implemented by the Communication Division for any given website will be determined using a graded approach[ii] that is based on a website’s intended audience and function; method of user access; and entity that owns the website.
The primary function of the graded approach is to provide an initial determination of (1) whether a site will undergo review by the Communication Division and (2) the likely need for approvals of site branding and content and expected update frequency. Final decisions on required approvals for site ownership, branding and content, and minimum update frequency will be made by the Communication Division on a case-by-case basis.
Before any Fermilab website is created, significantly changed or upgraded to a new technology, the website owner is responsible for demonstrating the necessary web skills and competence for supporting web updates, conducting an evaluation of the site according to the criteria below, documenting the results and following the appropriate governance procedure depending on the level indicated.
The levels of governance are:
High: Websites meeting the “high” criteria will automatically undergo review by the Communication Division. After initial review, the Communication Division will approve or deny public visibility if requested and document the high-level requirements for site branding, content and review/update frequency as well as any required additional approvals before the site can go into production.
In most cases, sites meeting the “high” criteria will be required to
- identify site ownership
- adhere to specified maintenance and branding guidelines
- have their branding, architecture and content approved by the Communication Division before entering into production
- review their site content once or twice a year and update it as deemed appropriate by the site owner in consultation with the Communication Division
Moderate: Websites meeting the “moderate” criteria will automatically undergo review by the Communication Division; however, high-level requirements for site branding, content and review/update frequency will typically be less rigorous than for sites meeting the “high” criteria. After initial review, the Communication Division will approve or deny public visibility if requested and document the high-level requirements for site branding, content and review/update frequency as well as any required additional approvals before the site can go into production.
In many cases, sites meeting the “moderate” criteria will be required to
- identify site ownership
- adhere to specified branding guidelines
- have their branding (but not content) approved by the Communication Division before entering into production
- review and update their site content at least annually
Low or Minimal: Websites meeting the “low” or “minimal” criteria will not be presented to the Communication Division for review before they go into production. As with all laboratory-supported websites, sites meeting the “low” or “minimal” criteria must still meet all applicable IT policies and requirements as specified by the laboratory.
Governance level |
Intended Audience |
Authentication, visibility |
Website owner |
Intended function |
High (If one or more of the specified criteria apply) |
Public, including industrial partners, vendors, funding agencies, job candidates All employees and/or all users and affiliates |
|
|
Public Relations Public Outreach Recruitment |
Moderate (If one or more of the specified criteria apply) |
Large subset of employees, users or affiliates (directorate/ division/large scientific collaboration)
|
Off-site, unauthenticated
|
Major laboratory unit(s), including laboratory-managed DOE Order 413 projects Scientific collaboration or external laboratory-affiliated group |
|
Low (If none of the High or Moderate or Minimal criteria apply) |
Small subset of employees, users or affiliates (department, group) |
Authenticated On-site only, unauthenticated
|
Laboratory sub-unit/club Individual employee, user or affiliate |
Information Collaborative work Archival |
Minimal (If none of the High or Moderate criteria apply) |
|
|
|
Web application or service Database |
6. Definitions
Fermilab web presence: All web accessible information in Fermilab-owned domains.
Website: A set of one or more webpages and related content under a subdomain.
Webpage: A document reachable at one URL on the web with a client such as a browser.
Site owners: People who own and are directly responsible for managing a website.
Content editors: People who have the authority and access, as designated by site owners, to modify some or all of the content of a website.
Authentication and visibility: Authenticated - a user or system is always required to provide credentials to view or access information. Unauthenticated - information is publicly accessible on the open internet (off-site) or only from within the network (on-site only).
7. Responsibilities
Communication Division
|
|
Information Technology Division |
|
Cybersecurity |
|
Web Governance Committee |
|
Site Owners and Content Editors |
|
8. Authorities
Fermilab Policies |
|
Overarching Policies for all Federal Websites |
Overarching policies covering basic requirements for all federal websites and digital services: |
9. Owner
This policy is owned by the Director of the Communication Division.
10. Review Cycle
This policy shall be reviewed every 2 years.
11. Communication Plan
This policy shall be available in the Fermilab policy database and linked from the “Request a Website” form in Service Now.
[i] Governance of web documents not directly linked from websites and stored in dedicated repositories such as DocDB, SharePoint libraries or shared drives, is documented in the Fermilab Policy on Information Categorization and Access and not covered in this policy.
[ii] A similar graded approach is used by IT for governance of documents stored in repositories – see Fermilab Policy on Information Categorization and Access for details.