Acceptable Use Policy

When does the Acceptable Use Policy apply?

All NIHR websites are expected to comply with the NIHR Acceptable Use Policy (AUP). This policy supports the aim to build better connections between websites and establish a more unified online presence for NIHR. 

This policy applies to (but is not limited to):

• websites on the nihr.ac.uk subdomain

• externally published Google Sites

• websites or pages created on any host institution’s web domain

It does not apply to websites that are only accessible internally within NIHR, e.g Google Sites that are restricted to Hub users.

This policy must also be considered prior to:

• establishing any new NIHR website that is published for an external audience and can be found via a search engine. This includes published Google Sites and websites created on any host institution’s web domain

• requesting a subdomain, ensuring all criteria are met and justified

In the event that an NIHR website is found not to be compliant with the following policy, then the named owner will be contacted in the first instance by a member of the NIHR Communications team with details of how to resolve this.

Website owners should regularly refer to this policy to ensure their website is compliant.

All NIHR websites

1. All NIHR websites must:

1.1 be recorded on the NIHR website register

1.2 provide a named contact as website owner, who will be accountable for:

1.2.1 ensuring continued compliance with this policy and the NIHR security policy 

1.2.2 in the event of NIHR funding coming to an end, archiving the website

1.2.3 completing an annual accessibility check and adhering to any updated guidance or policy changes

1.3 if different to the above, provide a named website manager responsible for managing the website e.g. updating content

1.4 carry an NIHR logo or sub-logo (where one has been issued)

1.5 follow NIHR visual identity guidelines

1.5.1 In addition, website owners and managers should consult NIHR web design advice in order to provide a consistent style and approach, supporting users moving between NIHR websites. 

1.6 contain a relationship statement and a standard description (1.6.1) of NIHR on its ‘About us’ page. The standard description is as follows and must include a link to the corporate website. 

1.6.1 “The NIHR funds, enables and delivers world-leading health and social care research that improves people’s health and wellbeing and promotes economic growth.”

1.7 actively meet NIHR GDPR criteria in line with NIHR policy, outlined in the NIHR Privacy Policy

1.8 meet the Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018 legislation (as required by law for public sector organisations).  

1.8.1 Note, the NIHR corporate site aims for WCAG 2.0 AA accessibility, as stated in our accessibility statement.  

1.8.2 The NIHR Communications website should be consulted for further support on accessibility, and separate advice is available on writing an accessibility statement

1.9 be scanned by the NIHR using the National Cyber Security Centre (NCSC) web check service to identify any unintended web vulnerabilities and misconfigurations

All NIHR subdomain websites

1. Websites on the nihr.ac.uk subdomain must also comply with the following requirements:

1.1 All sites on the NIHR subdomain will be crawled and searchable as part of the NIHR's federated search project, i.e. they will be accessible when desired via the search function

1.2 A subdomain owner must be specified and will be accountable for:

1.2.1 continued compliance to the AUP criteria listed in this document

1.2.2 when requested, sharing web analytics with the central NIHR web team, ideally through Google Analytics, to facilitate ad-hoc reporting and usability assessment

1.2.3 responding to other reasonable requests in support of an annual review of NIHR websites

What has changed since the last update

Policy scope

The scope of this policy has been broadened to include all NIHR websites regardless of domain. 

 An NIHR website is any website:

• branded as NIHR, i.e. using the logo or sub-logo as part of its visual identity AND

• published externally i.e. can be found via a search engine. 

Additional requirements

The following requirements have been added to the policy:

• NIHR websites and their owners must be registered on a central NIHR register (1.1)

• NIHR websites must include an updated NIHR description, web link and new relationship statements on all websites (1.6)

• NIHR websites must adhere to new security policy (1.2.3)