Working with External Vendors
If you need to work with an external vendor on a web project please factor the following requirements into your selection of vendor and contract.
All websites built by vendors must comply with the University’s Accessibility Procedures and Guidelines.
The minimum accessibility requirements for public websites are WCAG 2.0 AA compliance, with the exception of audio captioning and live streaming. The website will not be able to launch until it has passed an accessibility review and we have verified its compliance.
All contracts should follow the the Accessibility Procedures and Guidelines for EIT Procurement. This includes standard language that must be included in all contracts:
“[Contractor] acknowledges and warrants that its Programs and Services during the Term of this Agreement shall provide equal and effective access to all individuals in accordance with federal and state laws and regulations, including, but not limited to the Americans with Disabilities Act (ADA), and Section 504 of the Rehabilitation Act of 1973. Any website or application functionality and content provided by [Contractor] shall meet the accessibility standards of the Web Content Accessibility Guidelines (WCAG) 2.0 Level AA for web-based technology.
[Contractor] agrees to promptly respond to, resolve and remediate any complaint regarding accessibility of its products or services in a timely manner and provide an updated version to Georgetown at no cost. [Contractor] further agrees to indemnify and hold harmless Georgetown from any claims arising out of its failure to comply with the requirements of this section. Failure to comply with these requirements shall constitute a material breach of this Agreement and shall be grounds for termination of this Agreement by Georgetown.”
Pantheon is the approved hosting provider for all WordPress and Drupal sites. Pantheon hosting costs vary by site traffic and features, and you will be responsible for paying for your Pantheon plan. See the pricing for different plans and contact firstname.lastname@example.org if you have any questions.
It is also preferable that your vendor be familiar with Pantheon since smaller vendors can be unfamiliar with the dev/test/live devops workflows.
As a standard GU security will require invasive/noninvasive scanning for the detection of potential vulnerabilities. Any vulnerabilities will need to be addressed prior to site launch.
All sites need ongoing maintenance for security updates and patches. There are three options here:
- Pantheon can offer professional services for ongoing maintenance for $9,000 per site per year.
- You can contract with the vendor who built the site for ongoing maintenance. The contract will need something like the following language:
“All patches will be applied as they are released but not to exceed 30 days after release to allow for proper testing. Any vulnerabilities that can be exploited remotely, have a Common Vulnerability Scoring System (CVSS) score of greater than 8, or are labeled as “critical” will be patched within 48 hours.”
- If you have a permanent staff member with the skills to do your own maintenance you need to let Web Services know who that staff member is. If the staff member leaves, you will need to contract out the work or replace them with no break in maintenance.
The creation or redesign of a website will need to follow the University’s Visual Identity Guidelines and its Web Supplement. The Web Supplement provides requirements and best practices that relate to visual design, accessibility, user experience, and user interface design on the web.
Departments using an external vendor must contact the Visual Identity committee (email@example.com) at the start of the project. All web design work must be reviewed by the Visual Identity committee, and sufficient time will be needed for review and feedback. All contracts must also include the following language:
“[Contractor] acknowledges that all web design work will follow the University’s Visual Identity Guidelines and its Web Supplement.
[Contractor] will add an additional two-week review period to the timeline prior to the development phase for the Visual Identity committee to review the proposed web designs and propose any web design changes needed based on required guidelines found in the main Visual Identity Guidelines and its Web Supplement.”
Digital Pulp is the preferred vendor for Georgetown web projects. There is already a master contract and Digital Pulp worked on the new Top Tier and SFS sites: https://www.georgetown.edu/, https://sfs.georgetown.edu/, https://ccas.georgetown.edu/
The following vendors are also familiar with our accessibility and visual identity guidelines and have worked with Pantheon: