The Open Berkeley managed website program includes website security for all individual websites, as well as the overall platform. The Web Platform Services team follows best practices for website security, which includes diligent monitoring of Drupal security releases and timely deployment of security updates. 

Website Security and the Open Berkeley Platform

Any new feature is carefully evaluated for security, and additional embedding (beyond built-in widget types) of iframes, scripts, and third-party products is not allowed, in order to prevent any inclusion of insecure code. 

Additionally, all Open Berkeley websites are hosted on Pantheon, an external hosting partner that provides enterprise-grade security

If you have any questions about the security of your website and/or the Open Berkeley platform, please email