Texas A&M University Division of Marketing &
Communications
Texas A&M University
Texas A&M University Division of Marketing &
Communications

Social Media Operating Procedure

For the purpose of this standard operating procedure, “social media” is a term for user-driven content technologies that allow people to create, share and exchange information and content, which may include photos and videos. Examples include, but are not limited to, Facebook, Instagram, LinkedIn, Twitter and YouTube.

Account Setup, Access and Settings

All social media platforms utilized by a division, college, school, etc. should use an email address linked to their uppermost parent organizations. For example, department social media accounts should be tied to an email address owned by the MarComm team in their school/college. Only designated staff should have complete access to social media accounts and their associated email inboxes. Other university employees can be granted account access to certain platforms and the inbox at the discretion of the MarComm team in their school/college.

Account settings on each social media platform should be reviewed annually at the start of each fall semester, OR when a platform updates its user agreements or terms of service. Account settings must accurately reflect any and all social media policies enacted by The Texas A&M University System and Texas A&M University.

Requirements for Access on Personal Devices

If employees are using their personal devices to access university social media accounts (examples include mobile phones, tablets, and other such computing devices), those devices must have a passcode or password enabled. In the event that a personal device with university account access is lost or compromised, all active sessions on all university social media platforms will be terminated, and all passwords will immediately be changed.

Password Protection and Updates

Passwords to all Texas A&M social media platforms must meet university password requirements, as outlined in Security Control 1A-5. Passwords are updated*:

  • Annually at the start of each fall semester; or
  • When an account becomes compromised; or
  • When an employee with access to the accounts leaves the organization.

When possible, account credentials for all social media platforms shall be stored in a password manager application approved by the Chief Information Security Officer. When feasible, multi-factor authentication will be enabled on social media platforms.

*Note for Facebook: Employees who have Page Roles on a Facebook page representing the university are required to 1) have a personal Facebook password that meets university password requirements and 2) have two-factor authentication enabled on their Facebook profile.