skip to content

IT Help and Support

University Information Services


The Web (the World Wide Web) is a system for providing information in a flexible manner via the Internet computer network. Much displayed information consists of hypertext, which is plain text formatted by the use of a "mark-up" language called HTML (hypertext markup language). As well as hypertext, web information may consist of images, animated pictures or movies and sound. Programs may be included to which run on the displaying machine in order to achieve special effects or programmatic tools.

The web is an international system so, unless special steps are taken, information "put on the web" might be seen anywhere in the world. The provision of information via the web therefore constitutes publishing the material and the laws and regulations that govern traditional publishing are likely to be applicable.

University Information Services (UIS) and the UAS use the web for provision of University information services. It is Information Services Committee (ISC) policy that institutions should maintain their own information rather than rely on material provided centrally. The idea is that information should be managed close to home. Departments and Colleges run their own web servers and/or maintain their information using the managed web server service provided by the UIS. Some institutions include only institutional information, others allow individuals to publish information too.

Individuals have a number of routes for publishing information: some publish material on their private machines, others publish via the MCS and some use the student-run computing facility (SRCF).

This document has three main sections:

  • the first discusses the mechanics of web information provision, facilities available to Cambridge information providers, and some general guidelines;
  • the second gives examples of different types of server and how they may be linked with associated systems;
  • the third concentrates on the requirements for web servers to operate within a regulatory framework consisting of University and College rules, the conditions for the use of academic networks and the relevant laws of the land;

The mechanics of information provision

There are five activities involved in the provision of information via the web. In the case of an individual publishing his own material, all four may be carried out by the same person; for institutions it is usually the case that several people are involved. The five activities are:

  • Design
  • Authoring
  • Publishing
  • Adaptation for the web
  • Administration of the server


Before information can be published the website needs to be designed - you need to think about the organization of the information you want to publish and how it will appear on the page and be interlinked. If you are in a position to use them,  departmental web templates preclude you having to do much of this work and so will save you time, effort and money - the accompanying guidelines indicate how to use them ( Further guidance is available from UIS training courses and on a one-to-one basis (

It is emphasised that the maintenance of web information involves an ongoing commitment; it is not a one-off activity which then requires only minimal effort.


The authors are the people who provide the raw information. They may be experts in a particular field providing research information, lecturers making their notes available, Departmental secretaries providing general information about their Departments, Chairmen of Examiners giving details of topics in particular papers, College staff with collections of photographs of buildings etc. Adding the HTML "markup" to the plain text may or (usually) may not be done by the author of the original material.


The publisher of information is the person authorised to make it publicly available. The author may be the publisher as well, but in a Department there may well be just one or two people who are authorised to publish official information about the institution in order to ensure some degree of quality control.

While authors should, of course, be aware of the legal restraints imposed by publishing laws, it is the publishers who have the ultimate responsibility. The publishers also need to manage those people responsible for each item of information (e.g. for ensuring its accuracy and for carrying out updates).

All web information should have an indication of the publisher, their affiliation and when the material was last updated; the publisher is normally the point of contact for reader comments. A contact email address should be provided.

Adaptation for the Web

The home page requires regular monitoring and checking to ensure that links are not erroneous or out of date and maintaining regular topical information keeps the page fresh. The home page should also have clear links to some legally required information, such as the privacy policy for the web server and information about the use of cookies, the Freedom of Information schedule and contact for the institution, and accessibility information (see later section for full explanation of these).

Larger documents need to be broken down into units both to avoid the transfer of excessively massive amounts of data in one go and so that users can read the pages more comfortably. Such breaking down requires some thought about how the information is to be used; for example, where users might wish to save or print an entire document, it may be appropriate to provide both subdivided and entire versions.

Care needs to be taken in use of images, video and audio. The number and size of images should be limited and images should be optimized to make the pages they are featured on as quick to download as possible. Within the University, staff may use the streaming media service (see below) for upload and hosting of video and audio, and thereby take the load off their web server.

Server Administration

The computer serving the web data needs to be managed. The software that serves the information, once installed, will require maintenance as will the operating system. The filing system in which the data resides needs to be appropriately structured into directories to ensure a logical way for administrators to find things and help with efficient running. All the usual system management tasks associated with system security, regular backups, maintenance contracts etc. have to be looked after. If constant availability of the information is important, perhaps some hardware spares need to be carried on site.

In order to avoid the work involved in managing their own web server machine, smaller institutions or cross-institutional groups may prefer to use the managed web server service (see offered by the UIS. The use of this facility is restricted to departments, research groups and similar organisations; it is not available to individuals, societies etc. However, registered University societies have their own mechanism for publishing web pages. See further details at the end of this document.

Facilities available to Cambridge information providers

There are several UIS-run facilities available to information providers in the University and colleges.

Site-wide search engine

The UIS runs a site-wide search engine that creates an index of the content of all more-or-less official web servers within the University. You can use the search engine to search just your site, and we can provide you with a 'packaged' search which makes this easier. Although the search engine will find named web servers by itself, it is a better plan to let know when you plan to make a new web server available. The data used is also used in the maintenance of the a-z, map and department directory files, so keeping it up to date is essential.

Web servers that have addresses outside the University network but are Cambridge based can usually be indexed by the search engines, but we will have to add them to the indexing schedule explicitly, so you will have to let us know about them.

More information about the search engine is at

The Raven/Shibboleth web authentication service

Raven is a service used by some University of Cambridge web sites to identify people so that decisions (such as granting or denying access) can be made based on who that person is. Raven is provided by the UIS, and uses standard UIS user identifiers (CRSid) and 'Raven passwords' to identify people. See Information for Webmasters to find out how web servers in the University can be configured to use Raven and Shibboleth services.

The streaming media service

The streaming media service ( is available for automatic encoding of video and audio into multiple formats, and then hosting and serving the resultant files. It is free of charge but requires registration to use the upload facilities.

Guidelines on web content

  • It is inadvisable to publish in detail the specification and whereabouts of all the equipment in the institution. Such information could be a boon to thieves and thefts from Departments in the past may have been facilitated by web material.
  • Accessibility of information: Legislation demands that information published on University web pages must be available to anyone regardless of disability. The University web page templates have been created to provide information in an accessible way, but any information you publish, either within the templates or using your own page designs must conform to the University's accessibility guidelines (see and associated pages). In summary you should keep information relevant and try to ensure that what is displayed makes sense even if any style sheets are turned off or a user is listening to it rather than reading it. Test that the information displays correctly using as many different browsers as possible; do not assume that, because a page looks beautiful on your own PC, that it will look as good on another PC and another browser. You must advise users that if they are unable to access information you have provided you will make it available in another form.
  • Commercial information: The ISC Rules restrict use of the CUDN for commercial advertising and similar activities unless specific permission is obtained. Deciding what is and is not commercial can be problematic. For example, an author who is a member of a Department may include his publications as part of a CV on a personal or Departmental web server, but a straightforward advertisement for such publications would not be appropriate. Similarly, a Department which has produced a teaching package might well include details on its web server, but would be well advised to provide a pointer to a commercial outlet elsewhere rather than offer it for sale directly. Similarly, web information must not be provided on behalf of third parties (i.e. outside the University and Colleges) without specific authorisation. Whence permissions and authorisations should be sought depends upon how widely the web information is readable; if only within the institution, then local rules apply; if the material is accessible via the CUDN, then the ISC is the appropriate authority; if non-University material is made available over JANET from a University or College web server, then a JANET proxy licence must be obtained via the UIS.

Web servers

Types of server

The simplest case is that of a private individual wishing to publish material about himself or herself. One way of doing this is to use a Mac or PC connected via a College or Departmental network. Such a machine may run other tasks besides the web and this may degrade performance from time to time (someone accessing the web information may notice delayed response while the machine is dealing with a spreadsheet, for example). Note that the machine should remain connected and switched on all the time. At least the last four of the activities associated with web publication are generally carried out by the one individual.

Alternatively, an individual might make "personal pages" available on a shared multi-user machine such as the MCS or a similar departmental service.

Another common instance is that of a research group in a department with a shared machine. Again the machine may have other tasks besides running the web site, but, in this case, the system is likely to have an administrator. The separate members of the group may all act as authors, and the tasks of publishing and adapting the material for the web may be handled by one particular member of the group or several people.

Once there is substantial material to present, a dedicated machine is generally the most efficient way to handle the web. Some of the larger departments have such web servers and the centralised University information run by the UIS also uses dedicated machines with back-up machines for failover. Alternatively, smaller departments may prefer to use the UIS managed web server service mentioned earlier, and University Societies may prefer to use the facilities specially set up for them; see further information at the end of this document.

Links to a new server

When setting up a new server or information for a new institution on the managed web server service, it is good practice to inform computer staff in your institution and the managers of any associated web servers so that links to your new information can be set up to help readers find it. For example, a server for a research group might be linked from the Department's home page; a Fellow's private web server might be mentioned in his or her College's web information.

Registration and naming

The UIS is responsible for allocating domain names within the domain under some fairly strict guidelines laid down by the ISC: such names may only be issued for institutions and for University-wide services - for example for Darwin College and for the University email system. Anyone setting up a server in a new domain or starting to use the managed web server service needs to consult the UIS about allocating a suitable name; this should be done through The choice of an appropriate name is particularly important for institutional information, but may be relevant in other cases too.

Cross-departmental or cross-institutional web servers and others requiring names other than in may be set up within the CUDN. Likewise web servers within the CUDN can be set up to have a address. Seek advice from

The Legal and Regulatory framework

There are various sets of relevant rules and regulations, all of which must be complied with.

University and College regulations

A consequence of the ISC policy that institutions should maintain their own web information is that it is up to individual institutions to decide upon their own supplementary regulations. Anyone setting up web pages for a University or College institution must first ensure that they are abiding by these locally-issued directives. The first contact for this purpose would normally be the local computer systems manager (who may well be running a server on behalf of the institution and so will have useful advice); failing that, try the Departmental Secretary or the College Bursar. Personal pages on the MCS and University Society pages are similarly covered by particular regulations.

Some institutions may forbid individual independent web servers on their networks altogether; others may impose conditions such as insisting that standard disclaimers must appear whenever private pages are accessed. Infringement of local regulations risks disconnection of the machine by the local network manager; infringement of University regulations on an institution's web server risks disconnection by the UIS of the whole institution's network, isolating the institution from the CUDN. However, such matters are more usually corrected by liaison rather than by imposition of these ultimate sanctions.

Publishing information about the University or a College

A general guideline is that no individual shall publish material which might bring the University or a College into disrepute or which could endanger its good name and reputation. Another general rule is that anything which is illegal in itself is also contrary to University and College regulations.

Individuals should beware of unintentionally and without authorisation publishing material that may appear (or be misread) as being on behalf of an institution. Restrictions on what may be published on behalf of the University appear in the Statutes and Ordinances and similar considerations may apply in the case of individual Colleges. In particular, there are likely to be restrictions and codes of practice regarding the use of shields and crests in published material (see Institutions may also impose restrictions of their own. Finally, even if material is specifically authorised to be published on behalf of an institution, there may be a need for an additional check that confidential material is not being inadvertently released.

Authorization for Use of the CUDN and JANET Acceptable Use Policy

Since a machine attached to a College or Departmental network usually achieves connection to the Internet via the CUDN and the Joint Academic Network (JANET), any web information comes within the scope of both the ISC Rules and the associated Guidelines, and the Rules governing the use of JANET.

The ISC's Rules are published in Ordinances and are also available in the UIS web pages. Note in particular that the use of IT facilities for private financial gain or for commercial purposes requires special authorisation.

The complete regulations governing the use of the CUDN and JANET are published in the documents "Authorization for Use of the CUDN" and "JANET Acceptable Use Policy" respectively. A summary of the main restrictions appears in the Guidelines which amplify the ISC Rules; both Rules and Guidelines are published online.

The main restrictions likely to be of interest to someone providing web information are as follows. Many of them are also covered by legal prohibitions.

The CUDN and JANET do not allow:

  • the creation or transmission (other than for properly supervised and lawful research purposes) of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into indecent images or material;
  • the creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety;
  • the creation or transmission of defamatory material.

Other forbidden activities are less directly relevant to web information providers, but one particular risk deserves mention. If a web server is used to distribute software, care must be exercised to avoid infringement of the regulation that forbids the promulgation of viruses and other such programs likely to cause disruption and inconvenience to others.

Relevant legislation

At the highest level there are legal considerations regarding publishing that include copyright, libel, official secrets, race relations, equal opportunities, data protection and freedom of information, protection of children, minors and vulnerable adults, accessibility to information by disabled persons, etc. Information about the main areas is provided here with links to applicable UK legislation for further reference.

Computer Misuse
The Computer Misuse Act 1990 and the Police and Justice Act 2006 make it a criminal offence to gain unauthorised access to any program or data held in a computer or network ('hacking') or intentionally impair the operation of any computer or program or data held in a computer or prevent or hinder access to any program or data held in any computer.
The Telecommunications Act 1984 and Malicious Communications Act 1988 make it a criminal offence to send indecent or grossly offensive, threatening or obscene material over a public telecommunications network.
Computer Misuse Act 1990
Malicious Communications Act 1988
Police and Justice Act 2006
Telecommunications Act 1984

Contempt of Court

The Contempt of Court Act 1981 makes it a criminal offence to intentionally or inadvertently publish or distribute any material which may impede or prejudice active legal proceedings.

Contempt of Court Act 1981


Copyright law applies to online material as it does to traditional print publications. Websites are often a collection of legally protected copyright works: literary works such as text and tables and the typographical arrangement of published editions, html and program code, lyrics found in musical works and sound recordings; artistic works such as photographs and images of other copyright works, graphic works such as paintings, drawings, diagrams, maps, charts and plans; dramatic works, including plays; musical works; sound recordings, including those of musical works; films; and broadcasts.

The Copyright, Designs and Patents Act 1988 as amended provides the author/creator of an original literary, artistic, dramatic or musical work or sound recording or film or broadcast with certain economic rights in relation to that work and governs others' use of the work or extracts from it. In some instances, it provides the author of a work with certain moral rights, notably the right to be identified as the work's author.

Under the Act, it is an infringement of copyright to copy all or part of another person's or organisation's copyright work without a licence/permission from the copyright owner, unless the copying is allowed without permission under one of the Act's 'permitted acts', which include 'fair dealing for the purposes of criticism or review'.

Further information on complying with copyright law is available to those on the University network at . Further advice is available from the University Copyright Officer (

Copyright, Designs and Patents Act 1988 (as amended)


Defamation is the voicing in public or publication of an opinion or untrue statement in such a way that damages the reputation of a person or a group of persons. The law of defamation protects both individuals and companies. Legal proceedings brought for libel are concerned with the written word, those for slander with the spoken word. Data which might defame or damage reputations, even if expressed as an opinion in, for example a bulletin board or blog, could become the subject of a legal action for libel. If in doubt about publication, check first with an appropriate authority such as the University's Office of External Affairs and Communications.

Defamation Act 1996


The Race Relations Act 1976, Racial and Religious Hatred Act 2006, Sex Discrimination Act 1975, Employment Equality (Religion or Belief) Regulations 2003 and Employment Equality (Sexual Orientation) Regulations 2003 are guided by the principle of prevention of discrimination on the grounds of sex, sexual orientation, race and religious belief.

Under the Race Relations Act 1976, the Racial and Religious Hatred Act 2006 and Public Order Act 1986 it is forbidden to engage in conduct, including the publication of material, that discriminates against or harasses or stirs up hatred against another or others or encourages discrimination on the grounds of colour, race, nationality or ethnic or national origins. Similarly, the Sex Discrimination Act 1975 covers equal opportunities and forbids discrimination on the grounds of gender.

The Public Order Act 1986 also makes it a criminal offence to display any writing, sign or other visible representation which is threatening, abusive or insulting causing harassment, alarm or distress to a person who comes in contact with the representation.

The Protection from Harassment 1997 and Crime and Disorder Act 1998 make it a criminal offence for a person to pursue a course of conduct which s/he knows or ought to know amounts to harassment of another person.

Crime and Disorder Act 1998
Employment Equality (Religion or Belief) Regulations 2003
Employment Equality (Sexual Orientation) Regulations 2003
Human Rights Act 1998
Malicious Communications Act 1988
Race Relations Act 1976
Racial and Religious Hatred Act 2006
Sex Discrimination Act 1975
Protection from Harassment Act 1997
Public Order Act 1986

Data Protection and Freedom of information

The Data Protection Act 1998 is designed to ensure that the processing and storage of personal information about living individuals is registered and kept securely and used for defined purposes. Web publishers are advised to seek permission from individuals before obtaining their 'personal data', which may include their contact details and/or images of the individuals. The University's Privacy Policies, tailored for various services, are available at The collection of personal data from a University website requires an appropriate privacy policy to be made available to users, normally in its footer. If the intention is to use personal data collected for purposes in ways that differ from the privacy policy to which a link is provided, an appropriate policy should be put in place. In case of doubt, consult the University's Data Protection Office (

The Freedom of Information Act 2000 makes it possible for anyone to request recorded information held by public authorities. For the purposes of the Act, the University is classed as a public authority. The Act places certain obligations on public authorities, subject to limited exceptions, to disclose information upon receipt of a request made in accordance with the Act. Please see further information at about obligations in answering requests.

Data Protection Act 1998
Freedom of Information Act 2000
Privacy and Electronic Communications (EC Directive) Regulations 2003


Obscenity is concerned with the harmful effect of a publication on a likely readership or audience. The law governing obscene publications is found principally in the Obscene Publications Acts of 1959 and 1964. Under these Acts material is deemed to be obscene if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, to see or hear the matter contained or embodied in it. The Acts contain a defence that applies to publications: if it is proved that publication is justified as being for the public good on the ground that it is in the interests of science, literature, art or learning, or of other objects of general concern. A similar but narrower defence applies to films and soundtracks: if it is proved that publication is justified as being for the public good on the ground that it is in the interests of drama, opera, ballet or any other art, or of literature or learning.

The Protection of Children Act Acts of 1978 and 1999, the Criminal Justice Act 1988 and Criminal Justice Public Order Act 1994 each make it a criminal offence to take, or permit to take any indecent photograph of a child (a person under the age of 16) or to distribute or show such indecent photographs. The Sexual Offences Act 2003 makes it a criminal offence to befriend a child for the purpose of meeting or intending to meet the child with intent to abuse the child.

Any publication of photographs of children or vulnerable adults must only be published with the specific written consent of their parent or legal guardian. Providing the name and image of a child or vulnerable adult in any form of publication, especially on the publicly-accessed Internet, allows for the possibility that they might be identified, contacted and subjected to inappropriate and/or unsolicited attention.

When considering the use of images of children or vulnerable adults, general shots of group activities rather than close-up images should be used. If children or vulnerable adults need to be identified, captions that give the children's or vulnerable adult's full name or include personal details such as e-mail addresses, home addresses and telephone numbers should be avoided. The broad rule when using images of children or vulnerable adults: If the child or vulnerable person is named, avoid using their image. If the image is used, avoid naming the child or vulnerable adult.

Only images of children and vulnerable adults dressed appropriately should be used, keeping in mind that children can be identified through badges, logos or emblems on sweatshirts etc. Prior to use of these images it may be necessary to airbrush or fuzz out or pixellate such identifying features.

Criminal Justice Act 1988
Criminal Justice and Public Order Act 1994
Communications Act 2003
Obscene Publications Act 1959
Obscene Publications Act 1964
Protection of Children Act 1978
Protection of Children Act 1999
Sexual Offences Act 2003

Official Secrets

The protection of government secrets is governed by the Official Secrets Acts of 1911 and 1989. Regarding publications, the 1911 Act makes it a criminal offence for any person to obtain, collect, record or publish or communicate to any other person any secret official code word or password or any sketch, plan, model, article or note or other document or information which is calculated to be or might be or is intended to be directly or indirectly useful to an enemy. The 1989 Act provides for a series of offences prohibiting unauthorised disclosure of information related to security and intelligence, defence, international relations, assisting criminals, information resulting from unauthorised disclosures or from information entrusted in confidence, and information entrusted in confidence to other states or international organisations.

Some research material from government and commercial agreements may come within the remit of the Official Secrets Acts, particularly when associated with defence matters. Certain information provided by suppliers under government contracts may also be deemed classified under the Acts.

Official Secrets Act 1911
Official Secrets Act 1989


The Terrorism Act 2006 prohibits the publishing of statements that would be likely to be understood by some or all members of the public to whom they are published as a direct or indirect encouragement or other inducement to them to the commission, preparation or instigation of acts of terrorism. The Act prohibits the dissemination of a publication which intends members of the public to be directly or indirectly encouraged or otherwise induced by the publication to commit, prepare or instigate acts of terrorism.

Terrorism Act 2006

Accessibilty information

The Disability Discrimination Acts of 1995 and 2005 and Special Educational Needs and Disability Act of 2001 require that information published or made available on the web must be accessible by disabled students, staff or the public.

The University Web Accessibility Policy gives information on the obligations to be met to ensure full compliance:

Disability Discrimination Act 1995
Disability Discrimination Act 2005
Special Educational Needs and Disability Act 2001

Further information

Last updated (links): June 2014