Skip to content

Rule 4-003I Web-based Electronic Commerce (Web E-Commerce)

Effective date: July 1, 2019

  1. Purpose and Scope

    1. The purpose of this rule is to outline requirements for implementing or conducting electronic commerce transactions or services on University Web sites. The rule ensures that Web Sites and Web Pages conduct e-commerce in full compliance with applicable laws and regulations.

    2. This rule supports section I, Electronic Commerce, of the World Wide Web Policy 4-003.

  2. Definitions

    The definitions provided in Policy 4-003: World Wide Web Resources Policy apply for purposes of this Rule.

  3. Rule

    1. Electronic Commerce. Web e-commerce services provided by Institutional Web Sites must be in support of the University's mission. Web Sites conducting Web e-commerce must comply with all of the following:

      1. Be registered with the University Webmaster disclosing their provision of Web e-commerce services in that registration

      2. Provide data security for Web e-commerce transactions:

        1. in the server-to-client connection

        2. in the processing, storage and use of transaction information

      3. Be certified as a secure Web e-commerce site by the University Information Security Office prior to initiating e-commerce traffic. Recertification is required after any change in e-commerce infrastructure which may substantially affect Web e-commerce transaction security

      4. Be certified as having passed an audit for financial and operating practices by the University Internal Audit Department (Policy 3-019) prior to initiating Web e-commerce traffic

      5. Be subject periodically to audit by the University Internal Audit Department after Web e-commerce services have commenced and

      6. Be in full compliance with the rules and provisions of Policy 3-070: Payment Card Acceptance.

        [Note: Parts IV-VII of this Regulation (and all other University Regulations) are Regulations Resource Information – the contents of which are not approved by the Academic Senate or Board of Trustees, and are to be updated from time to time as determined appropriate by the cognizant Policy Officer and the Institutional Policy Committee, as per Policy 1-001 and Rule 1-001.]

  4. Rules, Procedures, Guidelines, Forms and other Related Resources

    1. Rules

      1. Rule 4-003D Web Site Registration

    2. Procedures [Reserved]

    3. Guidelines [Reserved]

    4. Forms [Reserved]

    5. Related Resources [Reserved]

  5. References

    1. Policy 3-051, Banking Policy

    2. Policy 3-070, Payment Card Acceptance

    3. Policy 4-002, Information Resources Policy

    4. Policy 4-004, University Information Technology Resource Security Policy

    5. PCI Security Standards Council,https://www.pcisecuritystandards.org/

  6. Contacts

    The designated contact officials for this Rule are

    1. Policy Owner (primary contact person for questions and advice): Deputy Chief Information Officer, 801-581-3100

    2. Policy Officer: Chief Information Officer, 801-581-3100

      These officials are designated by the University President or delegee, with assistance of the Institutional Policy Committee, to have the following roles and authority, as provide in University Rule 1-001:

      “A ‘Policy Officer’ will be assigned by the President for each University Policy, and will typically be someone at the executive level of the University (i.e., the President and his/her Cabinet Officers). The assigned Policy Officer is authorized to allow exceptions to the Policy in appropriate cases…”

      “The Policy Officer will identify an ‘Owner’ for each Policy. The Policy Owner is an expert on the Policy topic who may respond to questions about, and provide interpretation of the policy; and will typically be someone reporting to an executive level position (as defined above), but may be any other person to who the President or a Vice President has delegated such authority for a specified area of University operations. The Owner has primary responsibility for maintaining the relevant portions of the Regulations Library… [and] bears the responsibility for determining –requirements of particular Policies….” University Rule 1-001-III-B & E

  7. History

A. Current version: Revision 1, effective date July 1, 2019

1. Approved by Academic Senate April 1, 2019

2. Approved by Board of Trustees April 9, 2019

Rule: 4-003I
Date: July 1, 2019
 
Last Updated: 8/4/21