Departments often need to develop applications to meet University needs. Whether these applications are developed in-house or outsourced to vendors, it is important that developers use programming practices that can help to keep the websites secure and avoid any loss of data, especially confidential material.
Project Managers and / or Third party vendors are responsible to maintain a healthy level of cyber security by meeting Minimum Security Standard and adopting suggested good practices, etc. The following should be referred to :
- Security Guidelines for Building Websites or Web Applications for Project Owners and Vendors
- Minimum Security Standard for Application Systems
- Minimum Security Standard for Servers
- Application Development Guidelines
- CAS Authentication Guide
- Web Applications Health Check
- Application Security
Any transfer, handling and use of personal data in all respects should comply with Personal Data (Privacy) Ordinance, Personal Data Privacy Policy, University Data Privacy Policy Statement, Personal Information Collection Statement as well as the mandate stipulated by the University schools / departments / units / offices.
For University schools / departments / units / offices recruiting students to develop web applications which involves handling sensitive data or confidential material are strongly not recommended. All web applications should be conformed to the above policies, standard and guidelines.