Sites are complex digitals spaces with evolving digital standards that can have very steep learning curves. It takes multiple teams of people to keep sites running securely and smoothly. Accessibility, security, design, and development are areas that most communicators must have a basic understanding of in order to produce an effective digital product.

Building a site at Duke may seem a little daunting but the guide below can act as a starting point for building secure, accessible, on-brand sites for your organization.

Domains – What is the url?


  • Third-level domains: (require University Communications approval)
  • Fourth-level domains:,
    does not require UComms approval and are managed through system administrators


Web Accessibility – Who can see it?

Everyone. Everyone should be able to access a public site at Duke. Duke’s Web Accessibility Initiative exists to ensure people with a wide range of abilities have equal access to Duke’s web content. It is the central resource for information, guidelines, and Duke’s official web accessibility guidelines.

Common Integration Areas – Can it work with…?

Integration with enterprise systems depends on the application and format. Please contact the applications support teams directly for more integration.

Web Security – Is it safe?

Security is CRITICAL. If a site is deemed to be a security risk (through a breach or lack of appropriate security or versioning upgrades) the IT Security Office reserves the right to take a site offline until that site is cleared to be restored.

You should be aware of the following security policies and guidelines:

  • Data Classification Standard. Duke has defined three classes of information: Sensitive, Restricted and Public.
  • Web Hosting Policy. Guidance and options for those managing websites at Duke.
  • Acceptable Use. Establish and promote the ethical, legal, and secure use of computing and electronic communications for all members of Duke University and its affiliated entities.

Service Level Agreements – How can I keep it up?

–What does maintenance really mean?

Once a site is launched and past its QA period, sites typically move into a “maintenance” phase. Maintenance can refer to the general updates of the site but the most critical component is the upkeep needed to keep the environment (infrastructure) up-to-date. Restated: the platform (Drupal/WordPress), as well as the hosting space, require regular attention and updates to keep them from becoming a security risk.

If you’re working with a vendor: Any work being done through a contract organization – internal or external – requires a minimum service-level agreement of 10 hours per year. Due to the changing nature of the web and the need for version and security upgrades on our preferred platforms, site owners need to identify some portion of their budget and calendar for updates and patching. Without this, sites are subject to vulnerability and attacks. Should a security breach occur, the security office may remove the affected site until it can be confirmed as no longer a risk. IT organizations such as OIT and DHTS cannot be held responsible for sites and actions that they did not create nor participate in.

Web Site Development – How do I make it?

Self Service Site Options – Sites@Duke

Duke Sites@Duke platform is WordPress build that offers a robust set of easy-to-use tools, including Duke-related themes and a Duke URL. The service also provides user and group management through the Duke NetID authentication system.

Duke’s WordPress service provides an easy way for Duke faculty, staff and students to set up a website or blog using predefined design templates (themes) and plugins that users can choose to enable within their sites as they see fit. There is no charge to users.

Semi-custom Using Existing Themes

There are several administrative themes or templates available as a base for Duke sites. The semi-custom options are offered through the Central Web Services group and through some preferred vendors. The use of an existing theme will ensure compliance with the Duke brand and is usually a more cost-effective solution for groups with limited budgets.

Custom internal – Duke Web Services, Trinity Technology Services, and the other web development groups across campus

Custom websites can be developed using internal and external resources. With custom site development a bidding process is required. (See Working with Vendors) After obtaining 3 bids (one of which MUST be from an internal service provider if the service is offered within Duke) you will also need to coordinate hosting and domains. (see below). Any custom work still has an expectation to meet technical and branding requirements. We encourage you to invite the Marketing office into your project as a liaison with your project, the service provider, and the broader Duke.

External Vendors

The abundance of work across Duke can’t be met by the in-house resources alone. We utilize vendors from around the area including some in other areas of the country and abroad. The following guidelines have been developed to streamline the process of working with external vendors. (See Working with Vendors)

Hosting – Where Does it Live?

Providers within Duke

  • OIT maintains a centralized web hosting environment that provides virtual servers (VMs) to both OIT supported services as well as applications and services supported by the departments and schools across Duke University. To meet the needs of a majority of OIT’s VM requests and to provide a consistent offering, a set of standard offerings and processes has been created and details can be found at the following links:
  • DHTS Centralized frameworks are based on the following technologies and platforms:
    • External Web Sites: DRUPAL Content Management Platform (Linux, Apache, MySQL and PHP based). Some of our old sites are in Xoops CMS until we migrate away to DRUPAL
    • Intranet Sites: Mocrosoft Sharepoint 2010 (Windows Server, IIS, MS SQL Server and .NET based)
    • Contact the DHTS web services group for more information.
  • Your school/dept/unit
  • External (requires Web Governance Group approval)
  • External vendors need to host through Duke

Types of Hosting

  • Sites@Duke: free
  • Virtual Machine: custom
    • Compliance with Duke’s security standards
    • Automatic OS updates/upgrade
    • Help with Shib and site set up
    • Backups and monitoring
    • DNS assistance
  • External (requires WGG review): really custom