Working with External Vendors
If you need to work with an external vendor on a web project please factor the following requirements into your selection of vendor and contract.
All websites built by vendors must comply with the University’s Accessibility Procedures and Guidelines.
The minimum accessibility requirements for public websites are WCAG 2.1 AA compliance, with the exception of audio captioning and live streaming. The website will not be able to launch until it has passed an accessibility review and we have verified its compliance.
In accordance with the Accessibility Procedures and Guidelines for EIT Procurement, all contracts must include an accessibility addendum that is signed by the vendor. You will need to make sure your vendor will sign the addendum before submitting a contract through procurement.
Pantheon is the approved hosting provider for all WordPress and Drupal sites. Pantheon hosting costs vary by site traffic and features, and you will be responsible for paying for your Pantheon plan. See the pricing for different plans and contact email@example.com if you have any questions.
It is also preferable that your vendor be familiar with Pantheon since smaller vendors can be unfamiliar with the dev/test/live devops workflows.
As a standard GU security will require invasive/noninvasive scanning for the detection of potential vulnerabilities. Any vulnerabilities will need to be addressed prior to site launch.
All sites need ongoing maintenance for security updates and patches. There are three options here:
- Pantheon can offer professional services for ongoing maintenance for $9,000 per site per year.
- You can contract with the vendor who built the site for ongoing maintenance. The contract will need something like the following language:
“All patches will be applied as they are released but not to exceed 30 days after release to allow for proper testing. Any vulnerabilities that can be exploited remotely, have a Common Vulnerability Scoring System (CVSS) score of greater than 8, or are labeled as “critical” will be patched within 48 hours.”
- If you have a permanent staff member with the skills to do your own maintenance you need to let Web Services know who that staff member is. If the staff member leaves, you will need to contract out the work or replace them with no break in maintenance.
The creation or redesign of a website will need to follow the University’s Visual Identity Guidelines and its Web Supplement. The Web Supplement provides requirements and best practices that relate to visual design, accessibility, user experience, and user interface design on the web.
Departments using an external vendor must contact the Visual Identity committee (firstname.lastname@example.org) at the start of the project. All web design work must be reviewed by the Visual Identity committee, and sufficient time will be needed for review and feedback. All contracts must also include the following language:
“[Contractor] acknowledges that all web design work will follow the University’s Visual Identity Guidelines and its Web Supplement.
[Contractor] will add an additional two-week review period to the timeline prior to the development phase for the Visual Identity committee to review the proposed web designs and propose any web design changes needed based on required guidelines found in the main Visual Identity Guidelines and its Web Supplement.”
For website builds the best vendor can be one that builds sites wth the functionality and design you need. The following vendors have worked on various Georgetown websites, are familiar with our accessibility and visual identity guidelines, and have worked with Pantheon: