eCommunications Policy

Original Effective Date

March 1, 2024

Approved By

Philip P. DiStefano, Chancellor

Policy Owner

Co-Owner Vice Chancellor and Chief Communications Officer, Strategic Relations and Communcations

Co-Owner Vice Chancellor and Chief Information Officer, Office of Information Technology

I. Purpose

This eCommunications Policy (“Policy”) defines the governance roles and responsibilities of organizational units to enable the 鶹Ѱ (“university”) to exercise proactive technology, method, and process controls for electronic communications (“eCommunications”), including the data and audiences associated with eCommunications. Electronic communications services include but are not limited to: email, text messaging, and authenticated web environments.

The university provides eCommunications services to campus community members to support the university’s work of teaching, scholarly research, and public service. eCommunications are coordinated by programs, departments, colleges, schools, and other organizational units to provide relevant and timely information to the appropriate audiences.

This Policy and its accompanying procedures (“Procedures”) apply to all 鶹Ѱ organizational units that create and distribute eCommunications related to the university’s work, including for teaching, research, university administration, university advancement, or any other university business.

II. Definitions

  1. Audience:the data query identifying individuals who comprise an eCommunication’s recipients, groups that receive communications related to a university business need or affiliation.
  2. Authenticated web environment:a website that requires a username and password to verify the identity of the user and to personalize the content that is provided, e.g., Buff Portal.
  3. 䴡-ʴ:Controlling the Assault of Non-Solicited Pornography and Marketing, a federal law that provides relief from unwanted spam email messages. Non-compliance with CAN-SPAM may constitute “unfair or deceptive acts or practices” that may result in criminal and civil penalties for the violating sender. More information about CAN-SPAM is available here:.  
  4. Communications authority:the authority to communicate on behalf of the university.
  5. Designated authorities:technology users or communications professionals who have privileges to access constituent audiences
  6. Constituent audience:a group of individuals who share common characteristics defined by their organizational functions -- e.g., members of a class, department, college, or school.
  7. eCommunications:messages sent by organizational units facilitated through technology: primarily email, text messaging, and authenticated web environments.
  8. Electronic communications services:digital platforms facilitating communications through email, event registration, and other one-to-many or personalized mass communications.
  9. Organizational function:specific responsibilities or processes tasked to an organizational unit.
  10. Organizational unit:A subset of University operations. An organizational unit may be a college?, center?,department or any other distinct operational entity with the following characteristics: 1) organizational permanency; 2) programmatic autonomy; and 3) an annual operating budget that is fiscally independent.
  11. Preferences:options presented to audience members allowing them to indicate their choices in communications experiences, at a minimum including subscribe and unsubscribe indicators, and often including options such as frequency, modality, and interests.
  12. Promotional communication:communications that do not include university business information that must be acted on in a timely manner. Communication that contains the promotion of a product or service, event, or general information.
  13. Text messaging:the act of composing and sending short electronic messages between two or more users of mobile devices, tablets, desktops, and/or laptops. Encompasses both MMS (multimedia) and SMS (short) protocols. In the Policy and procedural context, this focuses on text messaging facilitated by a software platform, sending one message from an organizational unit to many recipients. This includes registration window reminders, emergency alert notifications, application deadline messages, etc. Does not include business communications from faculty or academic advisors to individuals in their rosters, i.e., notifications of class cancelation, critical deadlines, office hour changes, etc.
  14. Transactional communication:communications related to business information that must be acted upon in a timely manner or facilitates, completes, or confirms a commercial transaction. Can consist of information pertaining to the delivery of a good or service, information directly related to an employer or educator relationship, and legally mandated notices.

III. Policy Statement

The university provides approved eCommunications platforms and electronic communications services to organizational units to protect the operational integrity and value of university communications, as well as university data and the availability and security of campus networks. Accordingly, per this Policy:

  1. Communications authority ultimately rests with the Chancellor and the Chancellor’s designated authorities.
  2. Organizational units engaging in eCommunications must either:
    1. use approved eCommunications services
    2. receive an exception from using an approved eCommunications service.
  3. Organizational units must follow this Policy and accompanying Procedures to support standard eCommunications operations for organizational functions and reduce the number of eCommunications sent to campus community members regarding business outside of their organizational unit.
  4. The university does not grant access to eCommunications resources (approved platforms, email addresses, mobile numbers, or data) to third parties, including for commercial use or research. As outlined in the accompanying Procedures, limited exceptions may be granted for university business use.

IV. Procedures

  1. Designated Authority
    “Designated authorities” refers to technology users or communications professionals who have privileges to access constituent audiences, facilitating communications related to organizational functions and reducing the number of communications outside of organizational units.
    1. Communications authority ultimately rests with the Chancellor and the Chancellor’s designated authorities.
    2. These procedures do not apply to one-to-one communications for the purpose of university business.
    3. Communications with select audiences may require coordination with, or execution by, specific designated authorities due to special legal or procedural conditions (e.g., FERPA-protected data points). These audiences, when referred to as a whole, and their designated authorities, include but are not limited to the following:
      1. Athletic recruits: Department of Intercollegiate Athletics
      2. Prospective students, their parents/guardians, and the pre-collegiate counseling team: Enrollment Management
      3. Admitted and confirmed students: Division of Student Affairs; Enrollment Management
      4. The enrolled student body: Student Affairs; Office of the Registrar; Strategic Relations and Communications
      5. The campus faculty, or campus staff: Office of the Provost; Faculty Affairs; Human Resources; Strategic Relations and Communications
      6. Emergency communications: Strategic Relations and Communications; Integrity, Safety, and Compliance
      7. Audiences defined by protected classes: Office of the Registrar; Strategic Relations and Communications; Office of Institutional Equity and Compliance
      8. Alumni and Donors: Office of Advancement
    4. Access to student, faculty, or staff’s personally identifiable biographic-demographic data for communications purposes is not granted to third parties, including for commercial use or research.
      1. Exceptions to the approved technology platforms may be made for university business or to meet federal or state legal requirements in accordance with the exception process articulated in section B.3.
  2. Technology and Digital Communcation Channels
    ​Organizational units engaging in eCommunications on the Boulder campus must eitheruse approved technology platforms and digital communications channels as outlined in this section, orreceive exceptions from the requirement per the process outlined in this section.

    1. Approved technology platforms are:
      1. Canvas, Coursera, and other learning management systems and their integrated platforms, provided in partnership with the Office of Information Technology
      2. Oracle CommGen and StarRez (supporting student services)
      3. Slate CRM prospective student communications platforms (supporting Admissions, Graduate School, and Continuing Education)
      4. Salesforce CRM Buff Advising
      5. eComm service (Salesforce, Marketing Cloud, and Cvent) provided by the University of Colorado University Information Systems (UIS), Strategic Relations and Communications, and 鶹ѰBoulder Advancement
      6. Salesforce CRM Boulder campus electronic communications support provided by the Office of Information Technology and Strategic Relations and Communications
      7. Google Groups, Grouper, Exchange Distribution Lists, and other mailing list services provided by the Office of Information Technology
      8. RAVE and Alertus services for 鶹ѰBoulder Alerts, provided by Integrity, Safety and Compliance and Strategic Relations and Communications
      9. Vendini and Paciolan for event ticketing and ticket management, provided by 鶹ѰPresents, Athletics, and the Colorado Shakespeare Festival
      10. Cision PR for news releases and news management, provided by Strategic Relations and Communications
      11. Qualtrics survey management for 鶹ѰBoulder, provided by the Office of Information Technology
      12. Medicat, Maxient, DocuSign, Concur, and Avature business process platforms, provided by Student Affairs, Office of Information Technology, University Information Systems, and Human Resources
      13. Handshake career management platform, provided by Career Services, the Leeds School of Business and the College of Media, Communication and Information
      14. ServiceNow for service management, provided by the Office of Information Technology
    2. Approved campuswide digital commucations channels
      1. Enrollment Management/Academic Affairs (Office of Admissions, Bursar, Financial Aid, and Office of the Registrar)
      2. 鶹ѰBoulder Today and Administrative eMemo service provided by Strategic Relations and Communications
      3. Buff Portal and Buff Portal Advising, provided by the Office of Information Technology
    3. Exception Process
      1. When an organizational unit determines a unique need to use a technology platform or digital communications channel outside of the approved technology and channels listed in Section II.1 and II.2, the organizational unit may request an exception through either the Chief Communications Officer or Chief Information Officer (or their designee) who will initiate a discussion with the Provost and COO.

        To initiate the exception process, the requesting organizational unit contacts the Chief Communications Officer or Chief Information Officer.

        To be eligible for an exception, the requesting organizational unit must meet at least one of the following criteria:

    4. Necessary data integrations cannot be completed in the time period required to meet communication objectives.

    5. Because of privacy and/or confidentiality implications, information security cannot be maintained solely through managed permissions.

    6. Communications are directed towards a small, highly specialized audience that does not substantively overlap with larger campus audiences.

      1. If the requesting unit can demonstrate sufficient eligibility criteria, SRC and OIT will grant an exception for an agreed-upon time period (dependent on the exception review) and exemption from flagging as an external sender, along with a signed acknowledgment by the organizational unit head agreeing to the following:

    7. A scope of work and functional requirements for integrating the organizational unit into an approved eCommunications technology platform by the end of the time period for which the exception has been granted.

    8. The technology platform approved for exception will be able to send communications preferences (opt-out, opt-in, interests) and data back to the appropriate university system of record, as determined through a mutual discovery process.

    9. The technology platform approved for exception will meet the following required electronic communications controls:

      1. Documentation (including originating IP range, domains, and other related information) must be provided to the Office of Information Technology to be recognized as an official sender of the university.
      2. Messages coming from a third-party vendor or shared service must have a unique identifier in the return-path attribute.
      3. Messages must pass authentication (SPF and/or DKIM) or they will be subject to the recipient’s SPAM filtering rules, which may include messages dropping, quarantining or junk mail routing.
      4. Messages to audiences containing over 15,000 university email addresses may not be sent during business hours.
      5. Messages must not directly include attachments. Documents, images, and other media should reside on other services (for example, a web server), and messages should include links and/or references to the content.
      6. Sending rates must not exceed thirty messages per minute.
      7. The ability to throttle sending rate to balance server loads
  3. eCommuncations Standards
    When organizational units send eCommunications, either via approved technology platforms or digital communications channels under Sections II.1 and II.2, or for which the unit received an exception under Section II.3, the organizational unit must adhere to the following standards:
    1. Privacy
      1. Only eCommunications related to the university’s official business may be sent without an unsubscribe link (transactional communication, as defined by CAN-SPAM legislation).
      2. FERPA privacy flags are respected above all – students with these flags only receive messages related to educational business.
    2. Use of text messaging
      1. Shall only be used to relay time-sensitive and actionable information that immediately benefits the audience receiving the information.
      2. Shall not be used by university personnel solely for promotional communications.
      3. Shall not be used as the sole means of communication.
    3. Accessiblity and Brand
      1. Communications respect accessibility best practices and meetAccessibility of Information and Communication Technologypolicy stipulations.
      2. Communications follow 鶹Ѱ brand identity standards.
    4. Building Audiences
      1. Do Not Email and Do Not Contact flags (as set by university Advancement offices) are respected in audience definitions for external communications.
      2. Preferences, as kept in communications preference centers or other systems of record, are honored in audience definitions.
      3. Communicators are supported with platforms to communicate with audiences defined by their organizational function, also known as a constituent audience.
      4. Technology platforms will provide functionality for audiences to indicate preferences.
      5. Audience definitions can include audience members outside of an organizational unit when the audience members have indicated it as a preference.
      6. When audience definitions contain recipients beyond an organizational unit (e.g., cross-campus program promotions), they will be assessed and approved or denied by Strategic Relations and Communications.
    5. Technology Enforced Controls
      1. Only organizational units with privileges to access constituent audiences may view constituent data and send eCommunications.
      2. Preferences for communications must be maintained and honored as appropriate to the communication.