Skip to content
Guidelines for Using External Web 2.0 Services for University Purposes

Message from Information Technology Services

Dear colleagues,

There are many useful web services on the Internet, such as PBworks, Facebook, Second Life, Socrative and Basecamp, which are commonly referred to as Web 2.0 services. Some departments and staff members are using, or have expressed interest in adopting, these services for academic-related activities and/or engaging existing and prospective students.

While there may be perfect reasons for using external web services, it is important that, when making the decision to use such services, the individual and the department concerned also recognize the risks involved. The document “Guidelines for Using External Web 2.0 Services” provides guidance on the issues that need to be considered before adopting external web services for university purposes. Annexed to the document is a template for risk assessment.

The document can be found at or by following the path: HKU ITS Homepage ( > About Us > Policies and Guidelines.

The Guidelines document was put together jointly by the e-learning Pedagogical Support Unit of CETL and IT Services based on a similar document made available by the University of Edinburgh under the Creative Commons Attribution 3.0 Unported License. The document has incorporated inputs from our University’s Data Protection Officer, and feedback received from academic and administrative staff at two separate workshops on 15 January 2014. Based on the feedback, two scenarios of using Web 2.0 services – one on Facebook and the other on Dropbox – have also been developed to illustrate the use of the risk assessment template. At its meeting on 27 May 2014, the IT Committee endorsed the Guidelines for release.

Any staff member who considers using an external Web 2.0 service should study the Guidelines document carefully and conduct a risk assessment using the template. In case there is any change to the usage Terms and Conditions of a Web 2.0 service in use, the staff concerned should reassess the risk involved. Each department should also maintain a Register of all external web services adopted.

If you have any query on the subject, please contact me ( or Dr. MC Pong (

Danny Tang
Director of IT Services