10 Summit Park Drive
Pittsburgh, PA 15275-1103
412-788-6505
www.ats.edu

3624 Market Street
Philadelphia, PA 19104
267-284–5000
www.msche.org 

1. Institutional Information: Beth Bidlack, Associate Dean of Academic Affairs (bbidlack@utsnyc.edu)
2. Financial Aid Information (Title IV): Melissa Desravines (finaid@utsnyc.edu)
3. Financial Aid Information (scholarships): Vanessa Hutchinson (vhutchinson@uts.columbia.edu)

1. Mission and Vision 
2. Academic Programs
3. Financial Aid Information
4. FERPA
5. Services for Students with Disabilities: Services are handled via the Associate Dean for Student Affairs’ office, Student Handbook, pp. 19-22
6. Student Diversity: Student Handbook, Policy of Non-Discrimination, p. 80 Also, our College Navigator entry
7. Price of Attendance
8. Refund Policy for Financial Aid: See R2T4 policy and Student Handbook, pp. 14-15
9. Textbook Information: Union does not have a bookstore and encourages students to find textbooks at a low cost via a local bookstore or via Amazon.com. Required readings for courses are found on course reserve at the Burke Library, which is part of the Columbia University Libraries system
10. Educational Programs
11. Faculty
12. Transfer of Credit Policy (no articulation agreements)
13. Accreditation
14. Plagiarism Policy (Copyright Infringement): Student Handbook, pp. 11-12
15. Computer Use and File Sharing: Student Handbook, Community Expectations, pp. 80-90
16. Privacy Policy
17. Student Activities (Student Senate): Student Handbook, pp. 91-101
18. Career and Job Placement Services: Coordinated via the Field Education Office and Associate Dean for Student Affairs’ Office. Student newsletter with job openings sent weekly during academic year and monthly in summer.

1. Assistance Available from Federal, State, Local, and Institutional Programs:

Institutional and other types of aid

Student Handbook, pp. 31-36

2. Federal Student Financial Aid Penalties for Drug Law Violations: Student Handbook, pp. 24-30

3. Student Loan Information

• Initial Loan Counseling for Student Borrowers
• Exit Counseling for Student Borrowers
• Institutional Code of Conduct for Educational Loans: Student Handbook, pp. 31-36

1. Drug and Alcohol Abuse Prevention Program: Student Handbook, pp. 24-30
2. Vaccination Policies: part of orientation
3. Campus Security Policies, Crime Statistics and Crime Log: Student Handbook, pp. 45-76
4. Annual security and fire safety reports
5. Fire Safety Policies, Fire Statistics and Fire Log (On-Campus Housing Facilities): Student Handbook, pp. 45-76 Student Handbook

1. Graduation Rates:
   • Graduation Rate by Degree Program 2017
   • MDiv (degree completed within 6 years): 93.75%
   • MA (degree completed within 4 years): 75% (some of our MA students change to the MDiv degree)
   • STM (degree completed within 2 years): 83.33%
   • PhD (degree completed within 8 years): 33.33% (some of our PhD students need more than 8 years to complete their degree)
2. Years to Completion for 2017 graduates

3. Job Placement Rates for Graduates 2015/2016

M.Div.

M.A.

STM

Key

1=insufficient evidence
2=minimal degree
3=moderate degree
4=high degree
5=very high degree

1. Voter Registration: In New York, voter registration is completed through the New York Board of Elections and the New York Department of Motor Vehicles

Throughout our Web pages, we provide links to other servers which may contain information of interest to our readers. We take no responsibility for, and exercise no control over, the organizations, views, or accuracy of the information contained on other servers.

If you would like to publish information that you find on our Web site, please send your request to comms@uts.columbia.edu. Where text or images are posted on our site with the permission of the original copyright holder, a copyright statement appears at the bottom of the page.

This Web site is designed to be accessible to visitors with disabilities, and to comply with federal guidelines concerning accessibility. We welcome your comments. If you have suggestions on how to make the site more accessible, please contact us at comms@uts.columbia.edu.

We have created this statement in order to demonstrate our firm commitment to your privacy. We do not collect personally identifying information about you when you visit our site, unless you choose to provide such information to us. Providing such information is strictly voluntary. This policy is your guide to how we will handle information we learn about you from your visit to our Web site.

We collect and store only the following information about you: the name of the domain from which you access the Internet (for example, aol.com, if you are connecting from an America Online account, or princeton.edu if you are connecting from Princeton University’s domain); the date and time you access our site; and the Internet address of the Web site from which you linked to our site.

We use the information we collect to measure the number of visitors to the different sections of our site, and to help us make our site more useful to visitors.

If you complete the Profile update form and share your personally identifying information, this information will be use only to provide you with more target content. We may use your contact information to send further information about our organization or to contact you when necessary. You may opt-out of receiving future mailings; see the “Opt Out” section below.

You also may decide to send us personally identifying information, for example, in an electronic mail message containing a question or comment, or by filling out a Web form that provides us this information. We use personally identifying information from email primarily to respond to your requests. We may forward your e-mail to other employees who are better able to answer you questions. We may also use your email to contact you in the future about our programs that may be of interest.

We want to be very clear: We will not obtain personally identifying information about you when you visit our site, unless you choose to provide such information to us. Providing such information is strictly voluntary. Except as might be required by law, we do not share any information we receive with any outside parties.

If you sign up for one of our email lists, we’ll only send you the kinds of information you’ve requested. We won’t share your name or email address with any outside parties.

For children who visit our site, special rules apply. We do not request personal information about children, such as first and last name or street address and city. When kids send email to us, their online contact information (email address) is not used to re-contact them and is not maintained in retrievable form.

Our site provides users the opportunity to opt-out of receiving communications from through a special online form. You may choose to receive only specific communications or none at all. You may also update your contact information previously provided to us through another online form. You can not remove yourself from our database, but you can prevent unwanted communication.

If you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site, you can contact us at comms@uts.columbia.edu.

Purpose

The purpose of this Guideline is to establish a framework for classifying institutional data based on its level of sensitivity, value and criticality to the University as required by the University’s Information Security Policy. Classification of data will aid in determining baseline security controls for the protection of data.

Applies To

This Policy applies to all faculty, staff and third-party Agents of the University as well as any other University affiliate who is authorized to access Institutional Data. In particular, this Guideline applies to those who are responsible for classifying and protecting Institutional Data.

Definitions

Confidential Data is a generalized term that typically represents data classified as Restricted, according to the data classification scheme defined in this Guideline. This term is often used interchangeably with sensitive data.

A Data Steward is a senior-level employee of the Seminary who oversees the lifecycle of one or more sets of Institutional Data.

Institutional Data is defined as all data owned or licensed by the University.

Non-public Information is defined as any information that is classified as Private or Restricted Information according to the data classification scheme defined in this Guideline.

Sensitive Data is a generalized term that typically represents data classified as Restricted, according to the data classification scheme defined in this Guideline. This term is often used interchangeably with confidential data.

Data Classification

Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the Seminary should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. All institutional data should be classified into one of three sensitivity levels, or classifications:

Classification of data should be performed by an appropriate Data Steward. Data Stewards are senior-level employees of the Seminary who oversee the lifecycle of one or more sets of Institutional Data. See Information Security Roles and Responsibilities for more information on the Data Steward role and associated responsibilities.

Data Collections

Data Stewards may wish to assign a single classification to a collection of data that is common in purpose or function. When classifying a collection of data, the most restrictive classification of any of the individual data elements should be used. For example, if a data collection consists of a student’s name, address and social security number, the data collection should be classified as Restricted even though the student’s name and address may be considered Public information.

Reclassification

On a periodic basis, it is important to reevaluate the classification of Institutional Data to ensure the assigned classification is still appropriate based on changes to legal and contractual obligations as well as changes in the use of the data or its value to the University. This evaluation should be conducted by the appropriate Data Steward. Conducting an evaluation on an annual basis is encouraged; however, the Data Steward should determine what frequency is most appropriate based on available resources. If a Data Steward determines that the classification of a certain data set has changed, an analysis of security controls should be performed to determine whether existing controls are consistent with the new classification. If gaps are found in existing security controls, they should be corrected in a timely manner, commensurate with the level of risk presented by the gaps.

Calculating Classification

The goal of information security is to protect the confidentiality, integrity and availability of Institutional Data. Data classification reflects the level of impact to the University if confidentiality, integrity or availability is compromised.

There is no perfect quantitative system for calculating the classification of a particular data element. In some situations, the appropriate classification may be more obvious, such as when federal laws require the University to protect certain types of data (e.g. personally identifiable information). If the appropriate classification is not inherently obvious, consider the security objective as it pertains to each data set.

Policy Statement

Computers and other information technology resources are essential tools in accomplishing the Union Theological Seminary’s mission. Information technology resources are valuable assets to be used and managed responsibly to ensure their integrity, confidentiality, and availability for appropriate research, education, outreach and administrative objectives of the institution. Community members are granted access to these resources in support of accomplishing the stated mission.

All users of information technology resources, whether or not affiliated with the Seminary, are responsible for their appropriate use, and by their use, agree to comply with all applicable Seminary policies; federal, state and local laws; and contractual obligations. These include but are not limited to information security, data privacy, commercial use, and those that prohibit harassment, theft, copyright and licensing infringement, and unlawful intrusion and unethical conduct.

Union Theological Seminary accepts no responsibility or liability for any personal or unauthorized use of its resources by users.

Acceptable Use

Acceptable use includes, but is not limited to, respecting the rights of other users, avoiding actions that jeopardize the integrity and security of information technology resources, and complying with all pertinent licensing and legal requirements.  Users with access to Union Theological Seminary’s information technology resources must agree to and accept the following:

• Only use information technology resources they are authorized to use and only in the manner and to the extent authorized. Ability to access information technology resources does not, by itself, imply authorization to do so.
• Only use accounts, passwords, and/or authentication credentials that they have been authorized to use for their role at the Seminary.
• Protect their assigned accounts and authentication (e.g., password, and/or authentication credentials) from unauthorized use.
• Only share data with others as allowed by applicable policies and procedures, and dependent on their assigned role.
• Comply with the security controls on all information technology resources used for school business, including but not limited to mobile and computing devices, whether seminary or personally owned.
• Comply with licensing and contractual agreements related to information technology resources.
• Comply with intellectual property rights (e.g., as reflected in licenses and copyrights).
• Accept responsibility for the content of their personal communications and may be subject to any personal liability resulting from that use.

Unacceptable Use

Unacceptable use includes and is not limited to the following list.  Users are not permitted to

• Share authentication details or provide access to their seminary accounts with anyone else (e.g., sharing the password).
• Circumvent, attempt to circumvent, or assist another in circumventing the security controls in place to protect information technology resources and data.
• Knowingly download or install software onto seminary’s information technology resources, or use software applications, which do not meet University security requirement, or may interfere or disrupt service, or do not have a clear business or academic use.
• Engage in activities that interfere with or disrupt users, equipment or service; intentionally distribute viruses or other malicious code; or install software, applications, or hardware that permits unauthorized access to information technology resources.
• Access information technology resources for which authorization may be erroneous or inadvertent.
• Conduct unauthorized scanning of information technology resources.
• Engage in inappropriate use, including but not limited to:
  • Activities that violate state or federal laws, regulations, or University policies.
  • Harassment
  • Widespread dissemination of unsolicited and unauthorized electronic communications.
• Engage in excessive use of system information technology, including but not limited to network capacity. Excessive use means use that is disproportionate to that of other users, or is unrelated to academic or employment-related needs, or that interferes with other authorized uses. Units may require users to limit or refrain from certain activities in accordance with this provision.

Privacy and Security Measures

Users must not violate the privacy of other users. Technical ability to access others’ accounts does not, by itself, imply authorization to do so.

Users play an important role in the protection of their personal information. All faculty, staff and students are required to use all available user specific security controls provided by the Seminary as available (including multi-/two-factor authentication) and meet the user specific controls in Administrative Policy: to assist in the protection of assets and the protection of their personal information and assets. Failure on the part of faculty, staff or students to employ in good faith the available security controls and to secure their personal information appropriately will mean that the seminary will not reimburse the faculty, staff or student for the loss of misdirected salary, expense reimbursements, financial aid or any other assets.

Employees must understand that any records and communications they create related to seminary business, electronic or otherwise, on an assigned or personally owned device, may be subject to disclosure under New York State’s Data Practices laws.

The Seminary takes reasonable measures to protect the privacy of its information technology resources and accounts assigned to individuals. However, the University does not guarantee absolute security and privacy. Users should be aware that any activity on information technology resources may be monitored, logged and reviewed by Seminary-approved personnel or may be discovered in legal proceedings. The Seminary assigns responsibility for protecting its resources and data to technical staff, data owners, and data custodians, who treat the contents of individual assigned accounts and personal communications as private and do not examine or disclose the content except:

• as required for system maintenance including security measures;
• when there exists reason to believe an individual is violating the law or Seminary policy; and/or
• as permitted by applicable policy or law.

The Seminary reserves the right to employ security measures. When it becomes aware of violations, either through routine system administration activities or from a complaint, it is the Seminary’s responsibility to investigate as needed or directed, and to take necessary actions to protect its resources and/or to provide information relevant to an investigation.

Enforcement

Individuals who use information technology resources that violate a Seminary policy, law(s), regulations, contractual agreement(s), or violate an individual’s rights, may be subject to limitation or termination of user privileges and appropriate disciplinary action, legal action, or both. Alleged violations will be referred to the appropriate office or law enforcement agency.

The Seminary may temporarily deny access to information technology resources if it appears necessary to protect the integrity, security, or continued operation of these resources or to protect itself from liability.

Individuals or units should report non-compliance with this policy to a member of the senior staff in the organization.

Exceptions

Departments within the Seminary may define additional conditions of use for information technology resources or facilities under their control. Such additional conditions must be consistent with or at least as restrictive as any governing Board or Administrative policy, and may contain additional details or guidelines.

November 2020

Union Theological Seminary is required by the Gramm-Leach-Bliley Act (“GLBA”) and its implementing regulations at 16 CFR Part 314, to implement and maintain a comprehensive written Information Security Program (“ISP”) and to appoint a coordinator for the program. The objectives of the ISP are to (1) insure the security and confidentiality of covered information; (2) protect against anticipated threats or hazards to the security and integrity of such information; and (3) protect against unauthorized access or use of such information that could result in substantial harm or inconvenience to customers.

Related Policies

This ISP is in addition to existing Union Theological Seminary policies and procedures that address various aspects of information privacy and security, including but not limited to, the Student Privacy Rights Policy (Family Educational Rights and Privacy Act Policy), the Information Security Policy, and the Computing Policy.

ISP Coordinator

Union Theological Seminary has designated the Director of Information Technology as its ISP Coordinator. The ISP Coordinator may designate other individuals to oversee and/or coordinate particular elements of the ISP.

Covered Information

“Covered information” means nonpublic personal information about a student or other third party who has a continuing relationship with UTS, where such information is obtained in connection with the provision of a financial service or product by UTS, and that is maintained by UTS or on UTS’s behalf. Nonpublic personal information includes students’ names, addresses and social security numbers as well as students’ and parents’ financial information. Covered information does not include records obtained in connection with single or isolated financial transactions such as ATM transactions or credit card purchases.

Elements of the ISP

1. Risk Identification and Assessment.UTS’s ISP identifies and assesses external and internal risks to the security, confidentiality, and integrity of covered information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information. The ISP Coordinator will provide guidance to appropriate personnel in the central administration, academic units, and other university units in evaluating their current practices and procedures and in assessing reasonably anticipated risks to covered information in their respective areas. The ISP Coordinator will work with appropriate personnel to establish procedures for identifying and assessing risks in the following areas:

• Employee Training and Management. The ISP Coordinator will coordinate with the appropriate personnel to evaluate the effectiveness of current employee training and management procedures relating to the access and use of covered information.
• Information Systems.The ISP Coordinator will coordinate with the appropriate personnel to assess the risks to covered information associated with the university’s information systems, including network and software design as well as information processing, storage, transmission and disposal.
• Detecting, Preventing and Responding to Attacksand System Failures The ISP Coordinator will coordinate with the appropriate personnel or consulting group to evaluate procedures for and methods of detecting, preventing and responding to attacks, intrusions or other system failures.

2. Designing and Implementing Safeguards.  The ISP Coordinator will coordinate with appropriate personnel to design and implement safeguards, as needed, to control the risks identified in assessments and will develop a plan to regularly test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures.
3. Overseeing Service Providers. The ISP Coordinator, in conjunction with Vice President for Finance and Operations, and appropriate contractors, will assist in instituting methods for selecting and retaining service providers that are capable of maintaining appropriate safeguards for covered information. These standards will apply to all existing and future contracts entered into with service providers to the extent required under GLBA.
4. Adjustments to Program.The ISP Coordinator will evaluate and adjust the ISP as needed, based on the risk identification and assessment activities undertaken pursuant to the ISP, as well as any material changes to UTS’s operations or other circumstances that may have a material impact on the ISP.