Navigate

Finance Policies

Academic Affairs
Board of Trustees
Finance
  Financial Aid
  Office of Information Technology
Institution Wide
Institutional Advancement
Student Services
Admission
Student Life

 

 

 

 

Back to the Policies Page

Finance Policies

F 01 Scholarship Forfeiture
F 02 Purchasing
F 03 Cashiering
F 04 Health Insurance Self Insurance Program
F 05 Payment of Student Accounts
F 06 Annual Employee Packages
F 07 Use of University Vehicles
F 08 Rental of Facilities
F 09 On Campus Apt Rental
F 10 Document Rentention and Destruction
F 11 Whistleblower
F 12 Process For Determining Compensation
F 13 Conflict of Interest
F 14 Lobbying Certification
F 15 Electronic Signatures
F 16 Check Signing
F 17 Capitalization
F 18 Classification of Students as Revenue Share with Comcourse
F 19 Billing of Students as On-ground or Online

Finacial Aid
F FA-1 Scholarships for Spouses of Students
F FA-2 Scholarships for Dependent Children of Faculty _ Staff at Sister Restoration Colleges
F FA-3 Scholarships for Faculty, their Spouses and Dependents
F FA-4 Scholarships for Staff, their Spouses and Dependents

Office of Information Technology
F-IT 1 ACCEPTABLE USE
F-IT 2 INFORMATION SECURITY
F-IT 3 NETWORK INFRASTRUCTURE
F-IT 4 SOFTWARE REGULATIONS
F-IT 5 GLBA COMPLIANCE
F-IT 6 STUDENT COMPUTING LABS
F-IT 7 Email
F-IT 8 HEOA Compliance

Mid-Atlantic Christian University - Finance Policy #1

SUBJECT: Scholarship Forfeiture for Withdrawing Students

DATE: 11/30/1994
REVISED: 02/26/2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Students
Procedure for: Financial Aid Administrator and Account Services
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

To explain the process on how scholarships are forfeited when students withdraw.

II. Policy

A student who receives a Mid-Atlantic Christian University (“The University”, “MACU”) scholarship and withdraws during the semester will forfeit a percentage of that scholarship. This policy applies to all institutional and foundation scholarships.

III. Procedure

  1. The percentage to be subtracted from a tuition scholarship/grant will be the same formula used to compute federal tuition refunds at the date of withdrawal. 
  2. Similarly, the percentage to be subtracted from a room and board scholarship will be the same percentage used to compute a room and board refund at the date of withdrawal. 
  3. The forfeited portion of the scholarship/grant will be subtracted from the student’s account and returned to MACU before any refunds will be made to the student.
  4. For all scholarships except MACU Institutional scholarships the Financial Aid Office will be informed that the funds have been released so they may take appropriate action to re-award such funds during the same school year.

IV. Published: College Catalog

V. Reason for Revision: Revised for bi-annual review.

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #2

SUBJECT: Purchasing

DATE: April 22, 1994
REVISED: 2/26/2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Vice Presidents and President
Procedure for: Vice Presidents and President
Authorized by: VP Finance
Issued by: Board of Trustees

I. Purpose

To ensure that purchases do not exceed the approved budget.

II. Policy

Purchasing:

All departmental purchases must be approved by the Departmental Head and cannot exceed the approved budget for the department without approval from the President and VP Finance.

University credit cards will be provided for leadership team members and other individuals that are expected to purchase and maintain equipment, and for those that travel on behalf of the school. Credit limits on cards will be approved by the President or departmental Vice President. Credit card purchases are to be included in the department’s budget.

Contractual agreements and purchases exceeding $3,000 per year should be reviewed by the VPF in advance, and a formal copy of the contract placed on file in the Business Office. Contractual agreements are part of the department’s approved budget. Contracts and purchases exceeding $25,000 also require approval of the President.

Major improvements, construction projects, major renovations will not require additional approval if the improvement was part of the current year’s budget. Unbudgeted emergency improvements will need approval by the VP Finance and/or President.

Conflict of Interest:

No employee of Mid-Atlantic Christian University (“The University” or “MACU”), having purchasing approval authority may have any financial interest in vendor firms.
Employees of MACU may not receive gifts or favors, whether immediate or potential, having a value in excess of $100.00 from any vendor. This prohibition does not include meals offered in conjunction with business discussions.

III. Procedure

The approvals required in this policy will be accomplished through the use of a written documentation requisition/purchase order form, or an online version.

IV. Published

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #3

SUBJECT: Cashiering

DATE: April 22, 1994
REVISED: 2/26/2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Finance Office, Institutional Advancement
Procedure for: Finance Office, Institutional Advancement
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

The purpose of this policy is to ensure that funds received are handled efficiently. The policy protects the employer and the employee.

II. Policy

Incoming cash and negotiable financial instruments will be sorted into three (3) categories: (1) General Income; (2) Gift Income and (3) Student Accounts Income.

III. Procedure

General Income and Student Income will be receipted by the Accounts Manager.

  • General Income will be processed through the Finance Office. When money is collected by other departments it is to be forwarded to the finance office with supporting documentation.
  • Student Income will be posted to the student's account through the Finance Office.
  • All deposits, not containing cash will be scanned and uploaded to the bank. Cash will be carried to the bank by the receptionist.

Gift Income will be forwarded to the Development Office to record gifts to Donor Accounts by the Development Secretary.

The Development Secretary will have all mail opened by two unrelated people, and a daily summary of gift income will be completed. Receipts will be forwarded to donors.

  • All deposits, not containing cash will be scanned and uploaded to the bank. Cash will be carried to the bank by the receptionist.
  • The Daily Summary and the Gift Income will be returned to the Finance Office to be receipted to the General Ledger by the Receptionist. 
  • Copies of deposits will be maintained in the Cash Receipts file.

IV. Published: Policies Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #04

SUBJECT: Health Insurance, Self-Insurance Program

DATE: August 30, 1999
REVISED: August 23, 2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Full Time Staff and Faculty
Procedure for: Finance Office
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

To identify employees who are eligible to receive health insurance.

II. Policy

Mid-Atlantic Christian University (“The University”, “MACU”) will provide health, prescription medicine, and term life insurance to employees working three-quarter time or more. The insurance will be a partially self-funded and will use a third party administrator. Staff & Faculty may add their spouse and children to the program on a self-pay basis.

III. Procedure

  1. To fund the University’s co-pay account, each month of the policy year the Finance office will charge an expense to each activity center with full-time employees participating in the program. 
  2. As eligible co-pay claims occur, the third party administrator will bill the University for the specific amount to be paid.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #05

SUBJECT: Payment Of Student Accounts

DATE: July 01, 2002
REVISED: February 08, 2010; March 31, 2013
NEXT SCHEDULED REVIEW: Odd number years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Students
Procedure for: Finance Office
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

It is the responsibility of the university to inform students of their responsibilities in fulfilling their financial obligations; and the consequences for failing to meet them.

II. Policy

Tuition, fees, and other educational expenses are to be paid when the student registers each semester. In some instances, a church or other organization may be named as offering support to a student. Such support will be honored as payment (prior to payment) only if the award is verified in writing to Mid-Atlantic Christian University (“The University”, “MACU”) on or before registration day.

Semester grades, a degree, or transcript will not be given until the student's financial obligations at MACU are paid in full.

Payment account procedures and guidelines are detailed in the university catalog.

III. Procedure

  1. “Other educational expenses” will include, but not be limited to, the cost of books, meal plans, housing rentals – whether in dormitories, or in other University owned property, and utilities if living in University owned property other than a dormitory. 
  2. The verification of church support to a student is usually done in writing to the University. The Vice President for Finance may accept other forms of verification from churches known to have supported students in the past. 
  3. Students unable to pay the balance due on registration day, after all forms of confirmed financial aid are considered, must be enrolled in a third party tuition payment plan, such as Tuition Management Systems, or elect to use the MACU Deferred Payment Plan. 
  4. Students who elect to use the deferred payment plan, will pay fifty percent (50%) of outstanding tuition, fees, and other educational expenses on registration day. Then, three monthly payments will be made to pay the balance. A scheduled deferment fee will be added to first installment.
  5. Students unable to pay the required fifty percent under the deferred plan within fourteen days following registration day, following what is known as “drop/add”, will be administratively withdrawn from the University.
  6. Students who fail to make two successive payments, either under the deferred payment plan or by means of a third party payment system, will be subject to administrative withdrawal from the University on the seventh day following the second default. The Leadership Team will enact any such needed withdrawals. 
  7. All unpaid items for a student (library fines, and other outstanding items) will be totaled on the Tuesday preceding final exam week. Any student owing more than $75 on that day will be blocked from taking semester exams until the account is settled. Such period may not extend beyond two weeks following Final Exam week.
  8. In exceptional cases the VPF may grant the student permission to take exams as scheduled. This will be done upon a student’s promise to satisfy these financial obligations within a month of the Final Exam week. 
  9. All outstanding items from a prior semester must be paid in full before registration day for a succeeding semester. With the exception of Federal financial aid, financial aid for a new semester may not be applied to a prior semester’s account. Federal guidelines will allow $200 to be used on prior year expenditures.

IV. Published: Catalog

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #06

SUBJECT: Annual Employee Packages and Contracts

DATE: Unknown
REVISED: February 2010, March 2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: All employees (excluding students)
Procedure for: Department Heads
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

For employees to be notified of the hourly or salary they are expected to receive along with applicable benefits.

II. Policy

Every full-time faculty member at Mid-Atlantic Christian University (“The University”, “MACU”) will work under a contract, signed each year along with an affirmation of the institutional statement of faith. Special circumstances may cause a change to this practice, but that will be communicated to affected parties by the appropriate Departmental Head. All other personnel will be given a statement of estimated annual pay and benefits, in keeping with the Wage and Hour law.

III. Procedure

Procedure for Faculty Contracts:

  1. By May 15, V.P. for Academic Affairs (VPAA) affirms full-time faculty positions
  2. VPAA establishes pay scale for coming school year
  3. VPAA office uses contract template to create contract
  4. By July 15 VPAA office issues contract
  5. Faculty member has 14 days to return signed contract

Procedure for Staff and for remaining Faculty documents:

  1. By May 31, Finance Office ascertains information from each division head as to changes that need to be made in salary packages in that division before the next year.
  2. By June 15, the President, VPF, and AVPF will make any needed revisions to the individual salary package sheets; the AVPF will distribute revised copies to division heads. (Raises will be implemented on the first pay period in January, contingent on the University's financial position.)
  3. By June 30, the AVPF will deliver to each division head a contract, an individual salary package sheet, a Statement of Faith sheet for each employee in the division.
  4. By July 15, each division head will return the documents to the business office, having been dated and signed by the employee and, where appropriate, the division head.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #07

SUBJECT: Use of University Vehicles

DATE: November 2, 1993
REVISED: 04/13/2011; 3/31/2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Faculty and Staff Mid-Atlantic Christian University
Procedure for: Faculty and Staff Mid-Atlantic Christian University
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

University vehicles are for the purpose of conducting University business and the promoting of the University. The policy will allow the prioritizing of the vehicles use and assist in "extending" the life of the vehicle.

II. Policy

Mid- Atlantic Christian University (“The University”, “MACU”) vehicles are for official university use; vans and pickup may be used by Staff & Faculty for personal business under certain conditions. Licensing and insurance is required for all vehicles.

III. Procedure

University vans:

  1. First priority on use of vehicles is for University business.
  2. Vehicles may also be used in other ways as to promote MACU (field trips by professors, official sports trips, and other events relating to the University.
  3. Vehicles are not available for use by individual students or non-school sponsored student groups.

Rental of University vehicles:
Full time, and part time staff, and faculty may rent the vehicles for special occasions with the following stipulations:

  1. Local use--within Elizabeth City--no charge.
  2. Although many short trips add up to one long trip, frequent long ones would put a lot of miles on the vehicles. Therefore, no one trip should be more than 300 miles round trip. (By like token, no one staff member should be using university vehicles for many small trips that add up.)
  3. In case of an accident, employees who use a vehicle will be responsible for paying the deductible amount stated in the insurance policy.
  4. Any repairs necessitated by negligence on the part of the employee will be paid by him.
  5. Use is restricted to MACU employees. Someone else may drive the vehicle, but only if he is working for the employee and the employee assumes the responsibility.
  6. When you rent a vehicle, it should be filled with gas by the University before you take it; you should return it filled. 
  7. Vehicles should be clean (at least on the interior) when you return them. That may entail both picking up and sweeping.
  8. Charges: Bus, .60 cents per mile; all other vehicles .30 cents per mile (in addition to gas)
  9. Provide all information requested by the Finance Office regarding your rental, such as mileage. Payment for use is due when you return the vehicle.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #08

SUBJECT: Rental of Facilities

DATE: August 12, 1997
REVISED: 4/13/2011; 3/31/2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: All individuals wanting to rent/use University property
Procedure for: All individuals wanting to rent/use University property.
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

Allowing individuals and businesses to rent MACU's facilities promotes public relations and affords an opportunity for additional revenues.

II. Policy

Mid-Atlantic Christian University will make some of its property and facilities available for use for non-official events. There are guidelines for such rentals.

III. Procedure

North Campus, East Campus and West Campus open spaces : Open to users who will schedule the use in the Finance Office. There may be a charge by the Vice President for Finance or his assignees. It is expected that the property will be left at least as clean as it was before use and any damage repaired.

Gazebos: There will be a minimal charge (up to 4 hours) for the use of the gazebos.

Use of buildings:

  1. Each individual use must be approved by the VPF or his assignee.
  2. A refundable security deposit of $100.00 will be charged in addition to any other fees required by the contract.
  3. All fees and deposits are to be paid at least 10 days before use.

Buildings/Facilities:

A. Blanton Center

The primary purpose of this building is for MACU students and faculty/staff/associates. Hence, first consideration must always be given to on- campus events. The building may be rented for various activities as approved by the VPF. Rentals will be handled through the Finance Office.

1. Chapel

a. May be rented for, but not limited to, functions such as weddings, church gatherings, and civic clubs.
b. Sound system--If sound system is to be used, The Finance Office will arrange for a sound technician to cover the event. An approved technician must be at the controls whenever sound system is used.

2. Gymnasium

a. May be used for wedding receptions and other events as approved by the VPF.
b. Sound system-same as under chapel

B. Other Buildings available for rental

1. Classrooms
2. PAP Lobby
3. Wilkinson Conference Room
4. HCT
5. VPF will use his discretion in renting of any other rooms.
6. VPF will be responsible for setting all rental prices.
7. The kitchen is under contract and is not be available for rental.

All facilities are to be left in tidy condition. Any cost for cleaning or repair, due to use, may be deducted from the deposit.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices: Rates are maintained in the finance office.

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #09

SUBJECT: On Campus Apartment Rental

DATE: November 30, 2007
REVISED: May 11, 2008, March 2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Students
Procedure for: Finance Office
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

By providing rental properties, MACU is able to offer affordable housing to adult learners and families attending MACU.

II. Policy

Mid-Atlantic Christian University (“The University” or “MACU”) strives to make available to married students in particular, but other adult learners as well, a certain number of rental dwelling units.

III. Procedure

The VPF, or assignee, may rent the on campus apartments on a first come, first served basis.

All leases are to be for the period of one year. Renewals will be at the discretion of the VPF (or assignee). Any variance to the one year time period must come from the VPF.

The University will provide certain appliances as listed in the rental agreement.

Apartments are available:

a. For students, at less than fair market value with the following conditions:

1) One bedroom apartments are available to adult learners over the age of 23 or a married couple.
2) Two bedroom apartments are available for a family with up to two children or three to four single, same gendered students if not needed by said families.
3) Three bedroom apartments are available for families with up to four children or five to six single, same gendered students if not needed by said families.

b. For individuals that are not students of the University for Fair Market Value, if there are units not needed or rented by students.

Preference is to be given:

a. To accommodate a full-time student in good standing with the University. The University reserves the right to terminate leases at the beginning of each semester if there is a need for student housing.
b. To housing families whose numbers match the North Carolina code requirements for a dwelling space.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #10

SUBJECT: Document Retention & Destruction Policy

DATE: Mary 22, 2003
REVISED: February 2010; March 2013
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: All Departments
Procedure for: All Departments
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

The policy is designed to ensure compliance with federal and state laws and regulations, to eliminate accidental or innocent destruction of records and to facilitate the University’s operations by promoting efficiency and freeing up valuable storage space.

II. Policy

In accordance with the Sarbanes-Oxley Act, which makes it a crime to alter, cover up, falsify, or destroy any document with the intent of impeding or obstructing any official proceeding, this policy provides for the systematic review, retention and destruction of documents received or created by Mid-Atlantic Christian University (“MACU”, “The University”) in connection with the transaction of University business. This policy covers all records and documents, regardless of physical form, contains guidelines for how long certain documents should be kept and how records should be destroyed.

III. Procedure

A. Document Retention

The University follows the document retention procedures outlined below. Documents that are not listed, but are substantially similar to those listed in the schedule will be retained for the same length of time.

B. Corporate Records

Annual Reports to Secretary of State/Attorney General - Permanent
Articles of Incorporation - Permanent
Board Meeting and Board Committee Minutes - Permanent
Board Policies/Resolutions - Permanent
By-laws - Permanent
IRS Application for Tax-Exempt Status (Form 1023) - Permanent
IRS Determination Letter - Permanent
State Sales Tax Exemption Letter - Permanent
Contracts (after expiration) - 7 years
Correspondence (general) - 3 years

Accounting and Corporate Tax Records

Annual Audits and Financial Statements - Permanent
Fixed Asset/Depreciation Records - Permanent
IRS 990 Tax Returns - Permanent
Business Expense Records - 7 years
IRS 1099s - 7 years
Journal Entries - 7 years
Invoices - 7 years
Membership Records - 5 years
Petty Cash Vouchers - 3 years
Cash Receipts - 3 years
Credit Card Receipts - 3 years

Bank Records

Check Registers - 7 years
Bank Deposit Slips - 7 years
Bank Statements and Reconciliation - 7 years
Electronic Fund Transfer Documents - 7 years

Payroll and Employment Tax Records

Payroll Registers - Permanent
State Unemployment Tax Records - Permanent
Earnings Records - 7 years
Garnishment Records - 7 years
Payroll Tax returns - 7 years
W-2 Statements - 7 years

Employee Records

Employment and Termination Agreements - Permanent
Retirement and Pension Plan Documents - Permanent
Records Relating to Promotion, Demotion or Discharge - 7 years after termination
Accident Reports and Worker’s Compensation Records - 5 years
Salary Schedules - 5 years
Employment Applications - 3 years
I-9 Forms - 3 years after termination
Time Cards - 2 years

Legal, Insurance and Safety Records

Appraisal - Permanent
Copyright Registrations - Permanent
Donor Records and Acknowledgement Letters - 7 years
Environmental Studies - Permanent
Grant Applications and Contracts - 5 years after completion
Insurance Policies - Permanent
Real Estate Documents - Permanent
Stock and Bond Records - Permanent
Trademark Registrations - Permanent
Leases - 6 years after expiration
OSHA Documents - 5 years
General Contracts - 3 years after termination

C. Electronic Documents and Records

Electronic documents will be retained as if they were paper documents. Therefore, any electronic files, including records of donations made online, that fall into one of the document types on the above schedule will be maintained for the appropriate amount of time. If a user has sufficient reason to keep an email message, the message should be printed in hard copy and kept in the appropriate file or moved to an “archive” computer file folder.

D. Emergency Planning

The University’s records will be stored in a safe, secure and accessible manner. Documents and financial files that are essential to keeping MACU operating in an emergency will be duplicated or backed up at least every week.

E. Document Destruction

The University’s VPF is responsible for the ongoing process of identifying its records, which have met the required retention period and overseeing their destruction. Destruction of financial and personnel-related documents will be accomplished by shredding.

Document destruction will be suspended immediately, upon any indication of an official investigation or when a lawsuit is filed or appears imminent. Destruction will be reinstated upon conclusion of the investigation.

F. Compliance

Failure on the part of employees to follow this policy can result in possible civil and criminal sanctions against the University and its employees and possible disciplinary action against responsible individuals. The VPF and Finance & Audit Committee of the Trustees will periodically review these procedures with legal counsel or the organization’s certified public accountant to ensure that they are in compliance with new or revised regulations.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #11

SUBJECT: Whistleblower Policy

DATE: May 08, 2009
REVISED: May, 2009
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: All Employees of MACU
Procedure for: All employees of MACU
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose:

As employees and representatives of MACU, we must practice honesty and integrity in fulfilling our responsibilities and complying with all applicable laws and regulations.

II. Policy:

Mid-Atlantic Christian University’s (“The University” or “MACU”) Code of Ethics and Conduct (“Code”) requires trustees, officers, and employees to observe high standards of business and personal ethics in the conduct of their duties and responsibilities. This policy is intended to encourage Board members, staff (paid and volunteer) and others to report suspected or actual occurrence(s) of illegal, unethical or inappropriate events (behaviors or practices) without retribution.

III. Procedure

Reporting Responsibility:
It is the responsibility of all trustees, officers and employees to comply with the Code and to report violations or suspected violations in accordance with this Whistleblower Policy.

No Retaliation:
No trustee, officer, or employee who in good faith reports a violation of the Code shall suffer harassment, retaliation, or adverse employment consequence. An employee who retaliates against someone who has reported a violation in good faith is subject to discipline up to and including termination of employment. This Whistleblower Policy is intended to encourage and enable employees and others to raise serious concerns within Mid-Atlantic Christian University prior to seeking resolution outside MACU.

Reporting Violations:
The Code addresses Mid-Atlantic Christian University’s open door policy and suggests that employees share their questions, concerns, suggestions or complaints with someone who can address them properly. In most cases, an employee’s immediate supervisor is in the best position to address an area of concern. However, if one is not comfortable speaking with his/her supervisor or he/she is not satisfied with one’s supervisor’s response, he/she is encouraged to speak with anyone in management whom the employee is comfortable in approaching. Supervisors and managers are required to report suspected violations of the Code of Conduct to MACU’s Compliance Officer, currently the Vice President for Finance (“VPF”), who has specific and exclusive responsibility to investigate all reported violations. For suspected fraud, or when you are not satisfied or uncomfortable with following MACU’s open door policy, individuals should contact MACU’s VPF directly.

Compliance Officer:
Mid-Atlantic Christian University’s Vice President for Finance is responsible for investigating and resolving all reported complaints and allegations concerning violations of the Code and, at his discretion, shall advise senior management and the audit committee. The VPF has direct access to the audit committee of the board of trustees and is required to report to the audit committee at least annually on compliance activity.

Accounting and Auditing Matters:
The Finance & Audit committee of the board of trustees shall address all reported concerns or complaints regarding corporate accounting practices, internal controls or auditing. The VPF shall immediately notify the audit committee of any such complaint and work with the committee until the matter is resolved.

Acting In Good Faith:
Anyone filing a complaint concerning a violation or suspected violation of the Code must be acting in good faith and have reasonable grounds for believing the information disclosed indicates a violation of the Code. Any allegations that prove not to be substantiated and which prove to have been made maliciously or knowingly to be false will be viewed as a serious disciplinary offense.

Confidentiality:
Violations or suspected violations may be submitted on a confidential basis by the complainant or may be submitted anonymously. Reports of violations or suspected violations will be kept confidential to the extent possible, consistent with the need to conduct an adequate investigation.

Handling of Reported Violations:
The Vice President for Financer will notify the sender and acknowledge receipt of the reported violation or suspected violation within five business days. All reports will be promptly investigated and appropriate corrective action will be taken if warranted by the investigation.

Specific of Reporting Violations:

  1. The Whistleblower should promptly report the suspected or actual event to his/her supervisor.
  2. If the Whistleblower would be uncomfortable or otherwise reluctant to report to his/her supervisor, then the Whistleblower could report the event to the next highest or another level of management, including to an appropriate Board committee or member.
  3. The Whistleblower can report the event with his/her identity or anonymously.
  4. The Whistle blower shall receive no retaliation or retribution for a report that was provided in good faith – that was not done primarily with malice to damage another or the organization.
  5. A Whistleblower who makes a report that is not done in good faith is subject to discipline, including termination of the Board or employee relationship, or other legal means to protect the reputation of the organization and members of its Board and staff.
  6. Anyone who retaliates against the Whistleblower (who reported an event in good faith) will be subject to discipline, including termination of Board or employee status.
  7. Crimes against person or property, such as assault, rape, burglary, etc., should immediately be reported to local law enforcement personnel.
  8. Supervisors, managers and/or Board members who receive the reports must promptly act to investigate and/or resolve the issue.
  9. The Whistleblower shall receive a report within thirty days of the initial report, regarding the investigation, disposition or resolution of the issue.
  10. If the investigation of a report, that was done in good faith and investigated internal personnel, is not to the Whistleblower’s satisfaction, then he/she has the right to report the event to the appropriate legal or investigative agency.
  11. The identity of the Whistleblower, if known, shall remain confidential to those persons directly involved in applying this policy, unless the issue requires investigation by law enforcement, in which case members of the organization are subject to subpoena.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #12

SUBJECT: Process for Determining Compensation Policy

DATE: May 8, 2009
REVISED:
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for: Chief Employed Executive
Procedure for: Vice President for Finance
Authorized by: Vice President for Finance and Audit Committee
Issued by: Board of Trustees

I. Purpose

The purpose of the "Compensation Policy" is to provide oversight for determining The Chief Employed Executive's salary.

II. Policy

This Policy on the Process for Determining Compensation of any employee making over $100,000 or the highest paid employee approaching that amount, applies to the compensation of the following person(s) employed by Mid-Atlantic Christian University: The Chief Employed Executive, as defined below. As of this time there are no other Officers or Key Employees receiving compensation at that level.

III. Procedure

The process includes all of these elements: (1) review and approval by the board of trustees or executive committee of the Organization; (2) use of data as to comparable compensation; and (3) contemporaneous documentation and recordkeeping.

  1. Review and approval. The compensation of the person(s) is reviewed and approved by the board of trustees or executive committee of the University, provided that persons with conflicts of interest with respect to the compensation arrangement at issue are not involved in this review and approval.
  2. Use of data as to comparable compensation. The compensation of the person(s) is reviewed and approved using data as to comparable compensation for similarly qualified persons in functionally comparable positions at similarly situated organizations.
  3. Contemporaneous documentation and recordkeeping. There is contemporaneous documentation and recordkeeping with respect to the deliberations and decisions regarding the compensation arrangement.

Chief employed executive – The CEO, executive director, or top management official (i.e., a person who has ultimate responsibility for implementing the decisions of the Organization’s governing body or for supervising the management, administration, or operations of the Organization). At Mid-Atlantic Christian University this person is called the President.

Officer – A person elected or appointed to manage the Organization’s daily operations, such as a president, vice-president, secretary or treasurer. The officers of the Organization are determined by reference to its organizing document, bylaws, or resolutions of its governing body, or as otherwise designated consistent with state law, but at a minimum include those officers required by applicable state law. Include as officers the Organization’s top management official and top financial official (the person who has ultimate responsibility for managing the Organization’s finances).

Key Employee – An employee of the Organization who meets all three of the following tests:
 

(a) $150,000 Test: receives reportable compensation from the Organization and all related organizations in excess of $150,000 for the year;
(b) Responsibility Test: the employee: (i) has responsibility, powers, or influence over the Organization as a whole that is similar to those of officers, directors, or trustees; (ii) manages a discrete segment or activity of the Organization that represents 10% or more of the activities, assets, income, or expenses of the Organization, as compared to the Organization as a whole; or (iii) has or shares authority to control or determine 10% or more of the Organization’s capital expenditures, operating budget, or compensation for employees; and
(c) Top 20 Test: is one of the 20 employees (that satisfy the $150,000 Test and Responsibility Test) with the highest reportable compensation from the Organization and related organizations for the year.

IV. Published: Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #13

SUBJECT: Conflict of Interest

DATE:  May 8, 2009 
REVISED
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES: October 18, 2013

Policy for:  All employees of MACU
Procedure for:  All employees of MACU
Authorized by:  Vice President for Finance and Audit Committee
Issued by:  Board of Trustees

I. Purpose

The purpose of the conflict of interest policy is to prevent the professional and personal interests of employees from influencing the performance of their duties on behalf of the University.

II. Policy

This Conflict of Interest Policy of Mid-Atlantic Christian University: (1) defines conflicts of interest; (2) identifies classes of individuals within the University covered by this policy and; (3) facilitates disclosure of information that may help identify conflicts of interest.

  1. Definition of conflicts of interest.   A conflict of interest arises when a person in a position of authority over the University may benefit financially from a decision he or she could make in that capacity, including indirect benefits such as to family members or businesses with which the person is closely associated.  This policy is focused upon material financial interest of, or benefit to, such persons.
  2. Individuals covered.  Persons covered by this policy are the University’s officers, trustees, chief employed executive and chief employed finance executive.
  3. Facilitation of disclosure.  Persons covered by this policy will annually disclose or update to the Chairman of the Board of Trustees in writing their interests that could give rise to conflicts of interest, such as a list of family members, substantial business or investment holdings, and other transactions or affiliations with businesses and other organizations or those of family members.

III. Procedure

Procedures to manage conflicts.  For each interest disclosed to the Chairman of the Board of Trustees, the Chairman will determine whether to: (a) take no action; (b) assure full disclosure to the Board of Trustees and other individuals covered by this policy; (c) ask the person to recuse from participation in related discussions or decisions within the University; or (d) ask the person to resign from his or her position in the University or, if the person refuses to resign, become subject to possible removal in accordance with the University’s removal procedures.  The University’s chief employed executive and Vice President for Finance will monitor proposed or ongoing transactions for conflicts of interest and disclose them to the Chairman of the Board of Trustees in order to deal with potential or actual conflicts, whether discovered before or after the transaction has occurred.

IV. Published:  Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #14

SUBJECT: Lobbying Certification

DATE:  August, 2009
REVISED:
NEXT SCHEDULED REVIEW:  Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES:  October 18, 2013

Policy for:  Financial Aid Department
Procedure for:  Finance and Financial Aid
Authorized by:  VP Finance
Issued by:  Board of Trustees

I. Purpose

The purpose of this policy is to implement the provisions of the Higher Education Opportunity Act, and to define the responsibilities of MACU employees who represent the needs of the college to the federal and state government.

II. Policy

The Higher Education Opportunity Act of 2008 prohibits the use of federal funds received under the Higher Education Act of 1965 from being used by any institution of higher education to pay any person for influencing or attempting to influence an officer or employee of any agency, or Member of Congress in connection with the awarding of any  Federal funds, the making, entering into, or extension, continuation, renewal, amendment or modification of any Federal grant or loan.

III. Procedure

Mid-Atlantic Christian University will:

1. Annually “demonstrate and certify” to the Secretary of Education that it has not
used any funds under the Higher Education Act to attempt to influence a member of
Congress in connection with any federal grant, contract, loan, or cooperative
agreement.

2. Not use student aid funding under HEA to hire a registered lobbyist or to pay for
securing an earmark. 

IV. Published:  Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #15

SUBJECT: Use of Electronic Signatures

DATE:  September 10, 2009
REVISED
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES:  October 18, 2013

Policy for:  Faculty and Staff Employees
Procedure for:  Finance Department
Authorized by: Vice President for Finance
Issued by:  Board of Trustees

I. Purpose

The purpose of this policy is to allow employees to authorize changes in their employee files by electronic correspondence.

II. Policy

Employees will be asked to physically sign a document confirming that the employee’s signature is on file. This will result in not having to physically sign every document.

III. Procedure

An employee’s electronic affirmation of signature may be used to file attendance reports, annual reviews or documents associated with salary agreements, changes in benefits and deductions, and all other paperwork required by MACU in relationship to an employee’s reporting of attendance and payment of hourly or salary wage.   

Change requests related to payroll must be made using the “Payroll Change Request” form that is available on the staff drive.

Employee electronic signatures will not be used for the initial “New Hire” documents.

IV. Published:  Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #16

SUBJECT:  Check Signing

DATE:  September 23, 1997
REVISED:   February 2010
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES:  October 18, 2013

Policy for:  Finance
Procedure for:  Finance
Authorized by: Vice President for Finance
Issued by:  Board of Trustees

I. Purpose

Multiple signatures are part of MACU's internal control.    When more than one person signs           a check, each person is verifying that the check has been approved for payment.

II. Policy

All checks and other bank withdrawals must be signed by two MACU employees.

III. Procedure

The President or VPF can designate employees as is deemed appropriate, however no more rights, privileges, or authority will be granted beyond the banking functions mentioned above.

IV. Published:  Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #17

SUBJECT:  Capitalization

DATE:  February, 2010
REVISED:  March, 2010
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OR TRUSTEES:  October 18, 2013

Policy for:  Finance
Procedure for:  Finance
Authorized by:  Vice President for Finance
Issued by:  Board of Trustees

I. Purpose

When acquiring new assets with a long-term lifespan, the cost can be spread over a specified period of time, reducing an immediate negative affect against current revenues.

II. Policy

Unless specifically determined otherwise by the VPF and documented as to the reason for deviation, any paid out items under $3,000 are “expensed” in the current operating year, even if it might be reasonable to think they could be considered fixed assets. If item are components of larger capital items, those components may be considered for capitalizing, but this would not be common practice. For items over $3,000 that are fixed assets or improvements to a fixed asset then such items would be capitalized as assets and proper depreciation will be figured. Again, unless reasonably specifically determined otherwise by the VPF, all technology items will be “expensed” in the current operating year since technology becomes obsolete so quickly, regardless of whether or not it is over $3,000.

III. Procedure

Enter the acquisition of the Fixed Asset into the University's Accounting Software, with an     attached depreciation schedule.

IV. Published:  Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #18

SUBJECT: Classification of students as revenue share with Comcourse

DATE: July 1, 2013
REVISED:
NEXT SCHEDULED REVIEW: Odd numbered years in February

APPROVED BY BOARD OF TRUSTEES: October 18, 2013

Policy for: Finance
Procedure for: Finance, Student Services-Admissions, Academic Affairs
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

The University will correctly classify students for the purpose  of carrying out the provisions of a contract with Comcourse, Inc.

II. Policy

A. Students recruited and matriculated through the efforts of employees hired by Comcourse, representing MACU, will be considered Comcourse students, subjecting the university to revenue sharing requirements as stipulated in the contract.

B. The university will not be subject to revenue sharing requirements for students who were recruited and matriculated through the efforts of employees hired by the university, until

1. a student finishes 30% of their course work (credit hour) toward their declared degree program via online courses.  (I.e., after a student completes 30% of the total degree program credit hours via online/distance education courses, then the university will classify the student as a revenue share student.)

C. In the case of students who fall under provision II.B.1., the university will only share revenue with Comcourse on those courses that are taken beyond 30% of the total degree and are taken via online/distance education.

III. Procedure

A.   Comcourse, Inc. will inform the university of which students were recruited under II.A.
B.   Admissions will inform the finance of which students were recruited under II.B.
C.   Faculty advisors and the registrar’s office will monitor II.B.1. and the registrar will notify the finance office once a student passes the threshold.

IV. Published:  Policy Manual

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Finance Policy #19

SUBJECT: Billing of Students as On-ground or Online

DATE: July 1, 2013
REVISED:
NEXT SCHEDULED REVIEW: Every 2 years, February 2015

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: Academic Affairs, Finance, Student Services
Procedure for: Academic Affairs - Registrar
Authorized by: Vice President for Academic Affairs
Issued by:
  Board of Trustees

I. Purpose

The University has decided to employ different tuition rates dependent upon the modality of instruction.  This policy sets forth the criteria that are to be employed in determining whether a student is classified as an on-ground student or as an online student.

II. Policy

Students will be classified as an on-campus student:

(a)  if in a given semester students take 3 or more credit hours in seat on the Elizabeth City campus, and have not accumulated more than 30% of their total degree requirements via online courses (for 4-year degree students that is approximately 41 credit hours).  
(b) if they have declared a program of study that is not approved by the university for online delivery, regardless of the amount of credit hours taken during any individual semester. However, total credits earned via online delivery may not exceed 30%.

III. Procedure

The registrar's office will be responsible for the classification of students.  This determination will be made when a student registers for each semester.

IV. Published:  University Academic Catalogs

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Financial Aid

F FA-1 Scholarships for Spouses of Students
F FA-2 Scholarships for Dependent Children of Faculty _ Staff at Sister Restoration Colleges
F FA-3 Scholarships for Faculty, their Spouses and Dependents
F FA-4 Scholarships for Staff, their Spouses and Dependents

Mid-Atlantic Christian University - Financial Aid Policy #1

SUBJECT: Scholarships for Spouses of Students

DATE:  Historical
REVISED: 2/4/2014
NEXT SCHEDULED REVIEW: Odd-number years in February

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: Student Spouses
Procedure for: Financial Aid Office
Authorized by: Vice President for Finance, Financial Aid Administrator, Scholarship Committee
Issued by: Board of Trustees

I. Purpose
The scholarship is an incentive for spouses of students to continue to enrich their education and encourages spouses to attend Mid-Atlantic Christian University. 

Historical perspective:
A policy was established many years ago of tuition discounting to the wives of men enrolled in MACU. A number of older married men were coming to college to prepare for ministry, and the college wished to encourage the wives of these men to take as many classes as possible in order to be of maximum benefit to their husbands in their ministries.

As time has progressed, application of this policy broadened. It grew to include:

1.     Husbands as well as wives.
2.     Persons who had never been MACU students before they became spouses of current MACU students.

II. Policy

A half tuition scholarship will be granted to one member of a married couple attending MACU concurrently, if the couple was married before either spouse enrolled.

III. Procedure

1. Half tuition will be granted to the spouse taking the fewer hours, to be designated the secondary spouse. The one taking the more hours is the primary spouse. If both are taking same hours for a given semester, either may receive the half tuition. In addition, the following fees will not be charged to the secondary spouse: application, audit, and library.
2. The scholarship recipient must maintain a minimum semester or cumulative GPA of 2.5.  If the recipient's semester and cumulative GPA fall below 2.5, the recipient will be placed on scholarship probation and allowed to continue receiving funds. Any subsequent semester where the recipient's semester and cumulative GPA fall below 2.5 will result in scholarship suspension.
3. The number of hours paid per semester should be limited to 9 with an average of 8 per semester for the life of the award. In addition, recipients must not exceed a four-year cap of 64 hours of half tuition.

IV.   Published: On the administration drive under policies.

V.   Reason for Revision

VI.   Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Financial Aid Policy #2

SUBJECT: Scholarships for Dependent Children of Faculty & Staff at Sister Restoration Colleges

DATE: March 21, 2001
REVISED: 2/13/2004, 2/13/2013
NEXT SCHEDULED REVIEW: Odd-number years in February

APPROVED BY BOARD OF TRUSTEES: October 18, 2013

Policy for: Dependent Children of Faculty and Staff
Procedure for: Financial Aid Office
Authorized by: Vice President for Finance, Financial Aid Administrator, Scholarship Committee
Issued by: Board of Trustees

I. Purpose

The scholarship is offered to faculty and staff dependents from sister Restoration Colleges to promote the value of attending a faith-based institution. 

II. Policy

Mid-Atlantic Christian University will make available up to 5 scholarships at any one time to       dependents of faculty and staff of sister Restoration colleges. These scholarships have the same stipulations as scholarships of the dependents of MACU's faculty and staff. It is the administration's desire that any college that would request such a scholarship from MACU would reciprocate in kind.

III. Procedure
Dependent children under the age of 23 of full-time faculty or staff members will be granted a scholarship equal to one-half their credit hour charges and one-half their room and board. In addition, the following fees will not be charged: application and audit. (There is no grant for dependents of part-time faculty and staff.)

  1. Dependents must maintain a minimum semester or cumulative 2.5 GPA. Students falling below a semester and cumulative 2.5 GPA will be placed on scholarship probation and allowed to continue receiving funds. Any subsequent semester where the student's semester and cumulative GPA fall below 2.5 will result in scholarship suspension.
  2. The number of credit hours paid per semester for dependents should be limited to 9, with an average of 8 per semester for the life of the award. In addition, recipients must not exceed a four-year cap of 64 hours of free tuition.
  3. A student qualifying for the Tuition Exchange Scholarship would be awarded under that program instead of this scholarship program. (See details under the Tuition Exchange Scholarship.)

IV. Published: On the administration drive under policies.

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Financial Aid Policy #3

SUBJECT: Scholarships for Faculty, their Spouses and Dependents

DATE:  August, 2010
REVISED:    
NEXT SCHEDULED REVIEW: Odd-number years in February

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: Faculty and their families
Procedure for: Financial Aid Office
Authorized by: Vice President for Finance, Financial Aid Administrator
Issued by: Board of Trustees

I. Purpose      

The scholarship is an incentive for faculty to continue to enrich their education and for their family members to attend Mid-Atlantic Christian University.                      

II. Policy

Mid-Atlantic Christian University will make scholarships available for members of the faculty and their families as stated below.

III. Procedure

University Tuition Personnel Grants
Full-time faculty and spouses may be granted a scholarship for three hours free tuition per semester (credit) for Mid-Atlantic Christian University courses.

Dependent children of full-time faculty are allowed a scholarship equal to one-half their credit tuition and one-half room and board.

These tuition grants are only available for tuition credit toward an individual's first bachelor's degree. A full-time employee and his/her spouse/children who wish to take courses beyond their initial bachelor's degree may receive partial grants of 25% of tuition charges.

University Personnel Tuition Grants do not cover class fees, mandatory fees or books. However, any other financial aid (church grants, outside scholarships, federal and state grants, etc,) may be applied toward charges not covered by the personnel tuition grant.  Any credit balances created on the student's account will be refunded upon the student's request.

Employees and spouses may audit courses at no charge as long as space is available in the course and placement in the course does not deny placement for a tuition-paying student registering for the course. The following restrictions apply to personnel grants.

Time Restrictions
No benefits are available in the first year of employment or re-employment. The benefit will be available for the first term following the employee's first work anniversary.
- If the employee comes directly from employment with another post-secondary educational institutional where he or she was eligible for tuition grant credit and provides documentation of eligibility, the employee is eligible for this grant upon employment. In this case only, the requirement for submission of an application by the March 1 deadline will be waived.
- After the first year of employment, the employee must apply to the Financial Aid office for the grant by the March 1 deadline established by the University.
- The benefit ends upon termination of employment.

Eligibility
Family members eligible for the grant are limited to the spouse and children of the employee.

Scholastic Requirements
To be eligible for tuition grant credit, the applicant must have a cumulative grade point average (GPA) of no less than 2.0.

Necessary Forms
Dependents of faculty, administrators or staff seeking the University Personnel Grant must complete and submit the Mid-Atlantic Christian University Financial Aid Application to the Office of Financial Aid. The grant is not available to those who fail to submit the necessary forms by March 1 for the next budget year. 

Federal Assistance
Applicants for the University Personnel Grant may also apply for federal assistance by completing a Free Application for Federal Student Aid (FAFSA). Mid-Atlantic Christian University (School Code 014101) should be listed in Section H for release of application information. Further specific instructions regarding this procedure can be obtained from the Financial Aid Office.

Tax Implications
When applied to undergraduate education, this benefit is available tax free, by virtue of the Internal Revenue Code, for employees and their dependents. A "dependent" must be as defined in the Code

Mid-Atlantic Christian University has adopted a more liberal definition by allowing any child of an employee to enjoy this benefit. By so doing, however, if the benefit is awarded to a non- "dependent" child, the value of the benefit must be included in the employee's W-2 as additional compensation, and the employee must pay the appropriate tax.

IV. Published:  Faculty Handbook

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Financial Aid Policy #4

SUBJECT: Scholarships for Staff, their Spouses and Dependents

DATE: Historical
REVISED: February 4, 2004
NEXT SCHEDULED REVIEW: Odd-number years in February

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for:  Staff and their families
Procedure for: Financial Aid Office
Authorized by: Vice President for Finance, Financial Aid Administrator
Issued by: Board of Trustees

I. Purpose

The scholarship is an incentive for staff to further their education and for their family members to attend Mid-Atlantic Christian University.                    

II. Policy

Mid-Atlantic Christian University will make scholarships available for members of the staff and their families as stated below.

III. Procedure

  1. Full-time staff members and their spouses will be granted three hours free tuition per semester. In addition, the following fees will not be charged: application, audit, and confirmation/tuition deposit. (If classes can be taken during off-duty hours, this may go to a maximum of six hours for them, but not for spouses.)
  2. Part-time-staff members will be granted three hours free tuition per semester. In addition, the following fees will not be charged: application, audit, and confirmation/tuition deposit. There is no free tuition for the spouse of a part-time staff member.
  3. All staff members must receive authorization from the vice president/director of their division before registering for either audit or credit courses. This is required to ensure proper use of division time management. Documentation of this authorization must be shown to Financial Aid before a scholarship may be granted.
  4. Dependent children under the age of 23 of full-time staff members will be granted a scholarship equal to one-half their credit hour charges and one-half their room and board. In addition, the following fees will not be charged: application and audit. (There is no grant for dependents of part-time staff.)
  5. Dependents must maintain a minimum semester or cumulative 2.5 GPA. Students falling below a semester and cumulative 2.5 GPA will be placed on scholarship probation and allowed to continue receiving funds. Any subsequent semester where the student's semester and cumulative GPA fall below 2.5 will result in scholarship suspension.
  6. The number of credit hours paid per semester for dependents should be limited to 9, with average of 8 per semester for the life of the award. In addition, recipients must not exceed a four-year cap of 64 hours of free tuition.

IV. Published:  Employee Handbook 

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Office of Information Technology

F-IT 1 ACCEPTABLE USE
F-IT 2 INFORMATION SECURITY
F-IT 3 NETWORK INFRASTRUCTURE
F-IT 4 SOFTWARE REGULATIONS
F-IT 5 GLBA COMPLIANCE
F-IT 6 STUDENT COMPUTING LABS
F-IT 7 Email
F-IT 8 HEOA Compliance

Mid-Atlantic Christian University - Office of Information Technology Policy #1

SUBJECT: Acceptable Usage of Information Technology Resources

DATE: April 08 2013
REVISED: April 08 2013
NEXT SCHEDULED REVIEW: Yearly, January 2014

APPROVED BY BOARD OF TRUSTEES:   October 18, 2013

Policy for: All authorized users of Mid-Atlantic Christian Networking Resources
Procedure for: All authorized users of Mid-Atlantic Christian Networking Resources
Authorized by: Vice President for Finance
Issued by:   Board of Trustees

I. Purpose

This policy is intended to protect the wide array of information technology resources (Resources) as defined in this Policy provided by Mid-Atlantic Christian University (University) and to provide guidelines for the use of those Resources. 

II. Policy

Access to and use of Resources imposes certain responsibilities and is granted subject to University policies and procedures and federal, North Carolina, and all other applicable laws. Appropriate use is legal and ethical, coincides with the University mission, reflects academic honesty, reflects community standards, and shows restraint in the consumption of shared resources. Appropriate use demonstrates respect for intellectual property; ownership of data; system security mechanisms; and individual rights to privacy and to freedom from intimidation, harassment, and unwarranted annoyance. Appropriate use includes instruction; independent study; research; communications; and official work of Authorized Users as defined below.

A. Resources and Authorized Use

1. Resources means the University's computing, network and, information technology Resources, including without limitation all data and information in electronic format or any hardware or software that makes possible, in the broadest possible sense, the processing, transmission, storage or use of such information.

2. The University may, in its sole and exclusive discretion, allocate, authorize use of, and control access to Resources in differential ways in order to achieve its overall mission. This policy does not prohibit use of tools and techniques by systems administration personnel, Authorized Users, or faculty for research or instructional purposes, as long as those activities do not interfere with appropriate use by others.

3. Authorized Use of Resources is use that the University determines, in its sole and exclusive discretion, is consistent with the education, research, and mission of the University, consistent with effective departmental or divisional operations, and consistent with this policy.

4. The University may control access to Resources in accordance with federal, North Carolina, all other applicable laws, and University policies and procedures limiting use to Authorized Users. Authorized Users may include:

a. Current faculty, staff, and students of the University;

b. Anyone connecting to a public information service through the use of University Resources;

c. Others whose access furthers the mission of the University, and whose usage does not interfere with general access to Resources, as determined by the University in its sole and exclusive discretion.

B. Individual Privileges - The following individual privileges empower each of us to be productive members of the campus community. Privileges are conditioned upon acceptance of accompanying responsibilities.

1. Privacy - Technological methods must not be used to infringe upon privacy.

2. Freedom from harassment and undesired information - All constituents have the right to be free from harassment as defined in this policy by or via usage of Resources.

C. Individual Responsibilities - Authorized Users are held accountable for their actions as a condition of continued use of Resources.

1. Demonstrating common courtesy and respect for rights of others - Authorized Users must respect and value privacy rights, behave ethically, and comply with all legal restrictions regarding the use of information that is the property of others.

2. Abiding by laws, policies, contracts, and licenses - Authorized Users must comply with all federal, North Carolina, and other applicable laws; all generally applicable University rules and policies; and all applicable contracts and licenses. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.

3. Compliance with copyright laws - Authorized Users may not copy, distribute, modify, or display another’s work unless the copyright owner has given permission to do so; it is in the “public domain”; doing so would constitute “fair use”; or an “implied license” to do so was granted. Using Resources to download or share copyrighted music, movies, television shows or games without the permission of the copyright owner may result in sanctions.

4. Avoidance of harassment - No member of the community may use Resources to libel, slander, or harass any other person. Harassment includes, without limitation, the following:

a. Intentionally using Resources to annoy, harass, terrify, intimidate, threaten, offend or bother another person by conveying obscene language, pictures, or other materials or threats of bodily harm to the recipient or others;

b. Intentionally using Resources to contact another person repeatedly with the intent to annoy, harass, or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease;

c. Intentionally using Resources to contact another person repeatedly regarding a matter for which one does not have a legal right to communicate, once the recipient has provided reasonable notice that he or she desires such communication to cease;

d. Intentionally using Resources to disrupt or damage the academic, research, administrative, or related pursuits of another;

e. Intentionally using Resources to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.

f. Responsible use of Resources - Authorized Users are responsible for knowing what Resources are available, remembering that the members of the community share them, and for refraining from all acts that corrupt, interfere, waste or prevent others from using these Resources, or from using them in ways that have been proscribed by the University and by federal, North Carolina, and all other applicable laws.

g. Preserving information integrity - Authorized Users are responsible for awareness of the potential for and possible effects of manipulating information, especially in electronic form, to understand the changeable nature of electronically stored information, and to verify the integrity and completeness of information compiled or used. Unauthorized access to information contained in a user's Office of Information Technology (OIT)-maintained directory space is prohibited even if the files are readable and/or writable.  Modifying files anywhere on a OIT-managed device or directory without consent of the file's owner is prohibited.  This includes writing or modifying files which have file permissions set to allow modification or writing.  This also includes creating new files, renaming, or deleting existing files in directories which may have directory permissions set to allow creation or modification of files.

h. Use of personal computing systems or devices - Authorized Users are responsible for the security and integrity of information stored on Resources, including hardware and software. Particular care must be taken when using portable laptop or storage devices. This responsibility includes, but is not limited to:

i. Making regular backups

ii. Protecting backup media

iii. Safeguarding any portable media, such as laptops and thumb-drives

iv. Not storing passwords or other account access information

v. Protecting Confidential Data by use of encryption, password protection or other strategies

vi. Controlling physical and network access

vii. Installing and using operating system patches, virus protection, firewalls and other protective tools.

D. Network Drives and Storage of Data

1. Each department is assigned a network drive.  Departments and employees are expected to save all university-related files to appropriate network drives and maintain the structured integrity of each drive.  Files are not to be saved the root directly of each network drive.  An appropriate folder should be made and, if needed, make a permission request through OIT.  All permission and mapping requests should be made through OIT.  Upon request the “Staff” drive can be used as a repository for departments to interact.  Request for interdepartmental drives should be made through OIT.

2. All personal files should be saved to “H:” drives and not on local computers.  If an "H:" drive is unavailable a request should be made through OIT.

III. Procedures

A. ACCESS TO RESOURCES

1. Access - An Authorized User must be specifically authorized to use particular Resources by the campus unit responsible for operating the Resources.  Departmental managers  and systems administrators are authorized to inspect, use, or assign for use Resources in their area of responsibility.

2. Computer accounts, passwords, and other types of authorization are assigned to individual users and must not be shared with others.  No third-party access to any accounts with access to Resources is permitted without advance, written authorization.  An Authorized User is responsible for any use of the individual account. Authorized Users may not run or otherwise configure software or hardware to intentionally allow access by unauthorized users.

3. Expectation of Privacy - University network users should have no expectation of privacy when transmitting information across the University network.

4. Use of privileged access - Special access to information or other special computing, network or information technology privileges or job responsibilities are to be used in performance of official duties only. Information obtained through special privileges is to be treated as confidential, except as otherwise provided in any University policy, procedure or ordinance or as required or permitted by applicable law.

5. Termination of access - When an Authorized User ceases to be a member of the campus community through graduation, failure to enroll, change of guest status or termination of employment, or if an employee is assigned a new position and/or responsibilities within the University, access and authorization must be reviewed and the University reserves the right to terminate the account.   An individual must not use facilities, accounts, access codes, privileges, or information without authorization appropriate to the new situation.

6. Attempts to circumvent security - Authorized Users are prohibited from attempting to circumvent or subvert any security measures.  Authorized Users may not obtain unauthorized Resources, deprive another Authorized User of Resources, or gain unauthorized access to Resources by using knowledge of an unauthorized password or loophole in a computer security system.

7. Denial of service and other harmful activities - Deliberate attempts to degrade the performance of Resources, or to deprive Authorized Users use of or access to Resources, is prohibited. Harmful activities that are prohibited include without limitation: creating or propagating viruses; disrupting services; damaging files; intentional destruction or damage to Resources.

8. Academic dishonesty - Use of Resources in accordance with the high ethical standards of the University community is required. Academic dishonesty is a violation of those standards.

9. Use of copyrighted information and materials - The University does not condone unauthorized copying of copyrighted material.  Authorized Users are expected to adhere to the rights granted to copyright owners under Section 106 of the Copyright Act (Title 17.)  The Digital Millennium Copyright Act establishes the liability for infringement of copyright laws by users of computing resources at institutions of higher education.  More information can be found at:  the official University copyright information site http://www.macuniversity.edu/technology/support-and-guides/copyright-and-p2p Additional information can also be found at http://www.copyright.gov/ and http://www.copyright.gov/help/faq/

10. Use of licensed software - No software may be installed, copied, or used on Resources except as permitted by the owner of the software and the approval of OIT. Software subject to licensing must be properly licensed and all license provisions (installation, use, copying, number of simultaneous users, term of license, etc.) must be strictly followed.

11. E-mail - By opening and using an e-mail account, Authorized Users agree and consent that the University may access the account for administrative and all other purposes permitted or required by law and/or the University's policies, procedures and ordinances, which may require the University or its e-mail provider to access and disclose to the University any information stored within the account. The University does not centrally retain or archive e-mail sent, processed or received by the University e-mail system. E-mail may be retained, stored or archived by external providers of e-mail services.  Email is considered an official method for communication at Mid-Atlantic Christian University. Official email communications are intended to meet the academic and administrative needs of the University.  The University has the right to expect that such communications will be received and read in a timely fashion.  To enable this process, the University ensures that all Authorized users can be accessed through a standardized, University-issued email account.  For more information see OIT Policy #7 Email.

12. Web sites, blogs, political campaigning, and other public information uses -The use of Resources in political campaigns or for commercial purposes is prohibited unless authorized by the President of the University.

13. Game playing, web surfing and other recreational activities - Limited recreational game playing, web surfing, or other recreational activity that is not part of an authorized and assigned research or instructional activity is tolerated (within the parameters of each department's or division’s rules). Resources are not to be used for excessive recreation, as determined by the University in its sole and exclusive discretion, outside residential and recreational areas. Individuals engaged in recreational activities while occupying a seat in a public computing facility must give up that seat when others who need to use the facility for academic or research purposes are waiting.

14. Unrelated business - Resources may not be used in connection with compensated outside work, business unrelated to the University, or for the benefit of organizations not related to the University except in connection with scholarly pursuits (such as faculty publishing activities or work for professional societies) or other activities authorized by the President of the University. This and any other incidental use must not interfere with other users' access to Resources and must not be excessive.

15. Prurient interest - Use of Resources must not violate any federal, North Carolina or any other applicable laws. The use of Resources should adhere to the University's standards and overall mission.

16. Issues of Safety and well-being - The University may suspend an individual’s access to and use of Resources for reasons relating to his/her physical or emotional safety and well-being, or for reasons relating to the safety and well- being of others, or the safety and well-being of University property. Access will be promptly restored when safety and well-being can be reasonably assured, unless access is to remain suspended as a result of formal disciplinary action.

17. Investigative contact - If contacted by a representative from an external organization/(FBI, Homeland Security, police department, etc.) or a representative from an internal investigating body conducting an investigation of an alleged violation involving Resources, inform the Office of the President immediately.

18. Reporting security and abuse incidents - Report any discovered unauthorized access attempts or other improper usage of Resources to OIT (itsupport@macuniversity.edu)

B. Monitoring and Inspection of Logs and Files

1. The University seeks to maintain a secure computing system, but cannot and does not guarantee security or confidentiality. In addition to accidental and intentional breaches of security, the University may be compelled to disclose electronic information as required by law.

2. As part of necessary routine operations, OIT occasionally gains access to Resources. Suspected policy violations discovered during such routine operations will be reported as noted in the Procedures and Sanctions section. All other information accessed during such routine operations will be treated as confidential, except as otherwise provided in any University policy, procedure or ordinance or as required or permitted by applicable law.

3. When the University has a good faith belief of suspected violations of this policy or unlawful activity, it may access Resources necessary to investigate such suspected violations.

4. The University may access Resources and/or accounts for any other reason as permitted or required by law.

5. If required by law or this policy, the Authorized User will be notified that his/her Resources have been accessed.

6. Using Resources for unauthorized monitoring is prohibited.

C. SANCTIONS

1. Imposition of sanctions - The University may, in its sole and exclusive discretion, impose sanctions and/or disciplinary action for violations of this policy including without limitation the sanctions described in this policy.

2. Sanctions - In all cases of an actual or suspected violation of this policy, access to Resources will be suspended until final resolution as noted below.

a. Student Violations - Reports of violations will be forwarded to the Vice President of Enrollment Services.

b. Employee Violations - Reports of violations will be forwarded the appropriate vice president.  The OIT will first seek to educate those found to be in violation of this policy

3. University Employees – Staff violations will be forwarded to the appropriate vice-president.

4. University Employees – Faculty violations will be forwarded to the Vice -President for Academic Affairs.

5. Violations by other Authorized Users - Reports of violations will be forwarded to the appropriate University official.

6. Subsequent and/or major violations - Subsequent and/or major violations, as determined by a representative of OIT in his or her sole and exclusive discretion, will be forwarded to Office of the President.

7. Range of disciplinary sanctions - Persons in violation of this policy are subject to the full range of sanctions, including without limitation the loss of access privileges to Resources, disciplinary action, dismissal from the University, and legal action. Some violations may constitute criminal offenses, as outlined by federal, North Carolina, and all other applicable laws; the University will carry out its responsibility to report such violations to the appropriate authorities.

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Office of Information Technology Policy #2

SUBJECT: Information Security

DATE: May 1, 2013
REVISED:
NEXT SCHEDULED REVIEW: Yearly, January 2014

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: University staff, faculty, and students
Procedure for: University staff, faculty, and students
Authorized by: Vice-President for Finance
Issued by:    Board of Trustees 

I. Purpose

To provide guidelines with regard to the responsibility of every Mid-Atlantic Christian University (University or MACU) employee who accesses data and information in electronic formats to provide for the security of that data. The use of Mobile Computing Devices such as laptops, tablets, smart phones, electronic file exchanges, and the growing use of application service providers increase the vulnerability of University Electronic Data and information assets. As new technologies are developed and implemented, and as new laws covering data security emerge, issues multiply around data management and security.

II. Policy

This policy defines the required Electronic Data management environment and classifications of data, and assigns responsibility for ensuring data and information privacy and security at each level of access and control.

A. Data Maintenance and Control Method 

1. If the system is a University Provided Data System, the Office of Information Technology (OIT) will provide guidance and services for the tasks identified in the Data Maintenance and Control Method.

2. Systems that transmit or provide access to confidential student data must follow FERPA and GLBA guidelines.

3. Systems that transmit or provide access to confidential financial information must follow GLBA guidelines and the University Information Security Program.

4. If the system is provided by a Hosted Solution, OIT must still verify that the Data Maintenance and Control Method used by the Hosted Solution provider meets current University technology standards. Further, ongoing provisions for meeting current University technology and security standards must be included in the service contract.   Contracts with service providers that will have access to confidential data must be reviewed and contain safeguards in accordance with GLBA.

5. Review of Hosted Solutions must include OIT prior to final solution selection and purchase.

B. Data Usage and Access

1. Data will be released in accordance with University policies (such as MACU Release of Educational Records). Requests for information from external agencies (such as Freedom of Information Act requests, subpoenas, law enforcement agency requests, or any other request for data from an external source) must be directed to the Office of the President and processed in accordance with existing policies, particularly OIT Policy #1  Acceptable Usage Policy.

2. You may only access information needed to perform your legitimate duties as a University employee. No one may access information that has been classified as confidential without authorization by the appropriate administrator.  Authorization must be documented.

3. You must safeguard any physical key, ID card or computer/network account that allows you to access University information.

4. Workstations, laptops, and offices with access to confidential information must be locked when not in use or unattended.

5. You may not in any way divulge, copy, release, sell, loan, alter or destroy any confidential or protected information except as without prior approval from a vice president.

6. Standards for secure file transmissions, or data exchanges, must be evaluated by when a system other than a University Provided Data System is selected, and certain contract language must be included. Unencrypted authorization and data transmission are not acceptable. 

7. Users who access or transmit University date from outside of the University network must use the MACU VPN service. 

8. Data Used in the pursuit of teaching, learning, research and administration must be managed to preserve integrity and trust. This is the responsibility of all who use data. 

9. Communications of Confidential Data via email, instant messaging, or other communication methods should be avoided altogether.

C. Storing data

1. Data cannot be stored on a system other than a University Provided Data System without the advance permission of OIT and demonstrated legitimate need. 

2. Data must be stored on devices and at locations approved by OIT. If information technology resources (computers, printers and other items defined in OIT Policy #1  Acceptable Use) are stored at an off-campus location, the location must be approved by OIT prior to using such resources to store University data. 

3. Cloud services like dropbox.com do not meet HIPAA, FERPA, SAS 70, ISO 9001, ISO 27001, or PCI certifications and must not be used to store confidential University Data.

4. Student data protected by FERPA is permitted in Google Apps MACU services. It is subject to access by school officials who have a legitimate educational interest as well as by other identified officials, as defined and identified by the university’s FERPA privacy regulation.
To the extent that Google has access to student educational records as a contractor for the university, it is deemed a “school official,” as defined by FERPA, under the Google Apps for Education Agreement (http://www.google.com/apps/intl/en/terms/education_terms.html) and will comply with its obligations under FERPA. Personally identifiable student data  should never be made publicly accessible without the student’s signed, written consent. For more information, see REG 11.00.01 - Family Educational Rights and Privacy (FERPA).

5. New technology sometimes enables the storage of data on fax machines, copiers, smart phones, point-of-sale devices and other electronic equipment. OIT and associated supervisors are responsible for discovery of stored data and removal of the data prior to release of the equipment. 

6. Data should be stored in encrypted formats whenever possible. Encryption strategies should be reviewed with OIT in advance to avoid accidental data lockouts. 

7. When approving Mobile Computing Device usage, OIT must verify that those using Mobile Computing Devices can provide information about what data were stored on the device (such as a copy of the last backup) in the event the device is lost or stolen. 

8. In all cases, data storage must comply with University retention policies. Data Usage in a Hosted Solution system must have specific retention standards written in the service contract.

9. Provisions for the return of all University data in the event of contract termination must be included in the contract, when data are stored on a Hosted Solution.  Current security standards (such as controlled access, personal firewalls, antivirus, fully updated and patched operating systems, etc.) will be evaluated when a system other than a University Provided Data System is selected and must be covered in contract language. 

10. Data stored on Mobile Computing Devices must be protected by current security standard methods (such as controlled access, firewalls, antivirus, fully updated and patched operating systems, etc.). 

11. University standard procedures for the protection and safeguarding of Confidential Data and Operation Critical Data must be applied equally and without exception to University Provided Data Systems, Mobile Computing Devices and systems other than University Provided Data Systems, such as Hosted Solutions.

12. Tangible records (paper documents, microfilm, etc.) containing confidential  information must be: stored in a locked cabinet or drawer when not in use with access limited to authorized individuals, and physically shredded/destroyed when no longer needed.
 

D. Systems and network data
Systems and network data, generated through systems or network administration, logs or other system recording activities, cannot be used, or captured, gathered, analyzed or disseminated, without the advance permission of OIT.

E. Sanctions
Failure to follow the guidelines contained in this document will be considered inappropriate use of a University information technology resource and therefore a violation of OIT Policy #1  Acceptable Use of Information Technology Resources. Sanctions will follow the steps identified in that policy.

III. Procedures

Data Security Breach Review

1. If unauthorized access to Confidential Data is discovered, OIT must be contacted immediately. 

2. Examples of potential data security breaches that require notification include, but are not limited to:

3. Theft or loss of a laptop, desktop computer, or storage device used to store Confidential Data 

4. Unauthorized access to a database system or hack of a University system or website. 
OIT will:

1. Review the situation and assess the potential for data exposure. It is expected that the owner of the system in question will be able to identify the Confidential Data that were stored on that system. 

2. Assess the threat and take steps to limit the breach. 

3. Develop and implement a response plan to ensure the University’s compliance with all legal and other obligations in regards to the breach. 

IV. Published 

V. Reason for Revision

VI. Appendices

Appendix 1: Classifications of Data

Confidential/Protected Information -  Data that are specifically restricted from open disclosure to the public by law are classified as “Confidential Data”. Confidential Data require a high level of protection against unauthorized disclosure, modification, destruction, and use. Confidential Data include, but are not limited to: 

1. Student data protected by the Family Educational Rights and Privacy Act (FERPA), including personal identification data such as Social Security Number, student identification numbers, and other data not classified as directory information under FERPA.
2. Medical data, such as data protected by the Health Insurance Portability and Accountability Act (HIPAA)
3. Information access security, such as login passwords, logs with personally identifiable data, digitized signatures, and encryption keys
4. Credit card numbers, payment card information, banking information, employer or taxpayer identification number, demand deposit account number, savings account number, financial transaction device account number, account password, stock or other security certificate or account number
5. Personnel file, including Social Security Numbers
6. Library records (GENERAL STATUTES OF NORTH CAROLINA CHAPTER 125.  LIBRARIES ARTICLE 3.  LIBRARY RECORDS N.C. Gen. Stat. § 125-19)
7. Drivers license numbers, state personal identification card numbers, Social Security Numbers, employee identification numbers, government passport numbers, and other personal information that is protected from disclosure by state and federal identity theft laws and regulations including without limitation the North Carolina Identity Theft Protection Act of 2005.
 

Electronic Data:  “Electronic Data” are distinct pieces of information, intentionally or unintentionally provided to the University in a variety of administrative, academic, and business processes. The Information Security policy covers all data stored on any electronic media, and within any computer systems defined as a University information technology resource under OIT Policy #2  Acceptable Use of Information Technology Resources. Within this document, “Electronic Data” and “data” are used interchangeably. This definition does not include course materials and intellectual property.
 

Hosted Solutions:  “Hosted Solutions” include hosting by a third-party, outsourced, and application service provider solutions. Hosted Solutions are technology solutions or systems where a third-party manages and distributes software-based services and systems, including data manipulation or storage, appropriate to that software solution, to customers across a wide area network from a central data center. These are usually web-based solutions where data are sent to off-campus systems and accessed via the Internet. Departments employing a hosted solution must consult with the Office of Information Technology (OIT) during the purchasing process and prior to contract.
 

Mobile Computing Devices:  Mobile Computing Devices” are information technology resources (as defined in OIT Policy #2  Acceptable Use of Information Technology Resources) that may leave the general campus location. Samples of such devices include, but are not limited to, laptops, personal digital assistants (PDAs), tablets, smart phones, CD/DVD R/W disks, USB devices, flash drives, etc.
 

Operation Critical Data:  Data determined to be critical and essential to the successful operation of the University as a whole, and whose loss or corruption would cause a severe detrimental impact to continued operations, are classified as “Operation Critical Data”. Data receiving this classification require a high level of protection against accidental distribution, exposure or destruction, and must be covered by high quality disaster recovery and business continuity measures. Data in this category include data stored on Enterprise Systems such as CampusAnyware/Blackbaud and data passed through networked communications systems. Such data may be released or shared under defined, specific procedures for disclosure, such as departmental guidelines, documented procedures, or policies. 
 

University Provided Data Systems:  “University Provided Data Systems” are information technology resources, as defined and described in OIT Policy #2  Acceptable Use of Information Technology Resources, owned by the University and used for the storage, maintenance and processing of University data.
 

Unrestricted Data:  “Unrestricted Data” are information that may be released or shared as needed. Examples are data files for the schedule of classes or other publicly available data such as a directory. 
 

Usage and Data Use:  “Usage” and “Data Use” are used interchangeably and are defined as gathering, viewing, storing, sharing, transferring, distributing, modifying, printing and otherwise acting to provide a data maintenance environment.

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Office of Information Technology Policy #3

SUBJECT Network Infrastructure

DATE: April 08, 2013
REVISED:
NEXT SCHEDULED REVIEW: Yearly, January 2014

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: All divisions of Mid-Atlantic Christian University
Procedure for: All divisions of Mid-Atlantic Christian University
Authorized by:
Issued by:
 Board of Trustees

I. Purpose

The purpose is to assign responsibility for all aspects of creating, using, integrating, designing, installing, managing and maintaining Mid-Atlantic Christian University’s (University or MACU) Network Infrastructure and its Core Network Services.

II. Policy

The University network infrastructure is centrally maintained by the Office of Information Technology (OIT).  OIT is responsible for the installation, management, support, and providing access to the University network. This policy describes the guidelines for the use and expansion of the University wired and wireless campus network.

A. Network Identity
 

1. Global naming and addressing – OIT is responsible for providing a consistent forum for the identification and allocation of Internet Protocol (IP) addressing and naming conventions. Dynamic Host Configuration Protocol (DHCP) is the preferred method for the assignment of IP addresses. Exceptions to DHCP address assignment must be requested from OIT.

2. Responsibility – OIT is responsible for the standards, design, implementation, performance and operation of the University Network Infrastructure. OIT is responsible for monitoring compliance with this policy, within the scope of the Policy for Acceptable Usage of Information Technology Resources.

3. Delegation of responsibility – OIT may delegate operational aspects of Network Infrastructure support to academic or administrative units where a defined Service Level Agreement can be developed.

B. Access

1. Access – Access to the Network Infrastructure is provided to University faculty, staff, students, affiliates and guests, in a classification labeled “network users”.

2. Authentication – Wireless Network interfaces and computing devices requires user authentication to access the Wireless Network. Implementing network access with the intent to bypass authentication will be considered a violation of this policy and a violation of the OIT Policy #1 Acceptable Use.

3. Authorization – Network users are authorized through their network access to utilize specific Network Resources based on need. Access to educational and research resources is supported with open authorized access. Access to administrative and business operations requires specific “need to know” attached to job requirements, and requires approval by an appropriate vice president. Network authorization will not define or create access where no need exists. Network authorization tools and strategies will implement and support the rules, guidelines and strategies defined by the OIT Policy #1 Acceptable Use and network resource owners.

4. Devices connecting to the network – OIT maintains a list of acceptable devices and supported devices, including devices identified in the Desktop Service Level Agreement. Functionality of any other device is the responsibility of the owner. Any device (wired or wireless) connected to the network is subject to all university policies, particularly the OIT Policy 1  Acceptable Use, regardless of ownership.

5. Third Party/Backdoor Attachments – Attachments to the network by non-university organizations or network users must be approved by OIT and adhere to  OIT Policy #1 Acceptable Use.

C. General Usage and Connectivity Guidelines

1. Network Usage and connectivity – Use of the Network Infrastructure must be in a manner consistent with the OIT Policy #1  Acceptable Use of Information Technology Resources. Equipment or network activity that violates this Network Policy will be subject to the disciplinary actions as outlined in the OIT Policy #1  Acceptable Use, which may include disconnecting or blocking such equipment or network activity.

2. Addressing – MAC and IP Addresses must be standardized in use and not altered or fraudulently presented. Alteration of addressing information is a violation of this policy and subject to sanction.

3. Planning – OIT must be involved in initial and ongoing planning and budgeting for all aspects of the University Network Infrastructure in existing structures, renovations, new structures, and remodeled areas including planning for connectivity of the University Network Infrastructure to remote of off-campus locations.

4. Compliance – Network Components, Wired Network and Wireless Network installations and implementations will be monitored for conformance to established University Network Infrastructure plans, as well as regulatory compliance and industry best practices.

5. Contracted network support – OIT  must pre-approve all contracted vendor work on the University Network Infrastructure. All contracted vendor support work will be monitored for compliance to current University technical standards, quality installation, and work completion in a timely manner. OIT may also choose to centrally sub-contract some operational and engineering network functions. Departments or Divisions will be assessed for the work and project management cost of tasks that require contracted network support.

6. Installation and removal of Network Components and Access Points – OIT must authorize the installation or removal of Network Components and Access Points prior to any work. Tampering with, altering, or moving Network Components or Access Points is prohibited unless prior approval is obtained through OIT. The location of all wireless Access Points must be coordinated with existing OIT plans.

7. Remote access services – Acceptable remote access to the Network Infrastructure, such as dial-up, or virtual private network, will be defined and maintained by OIT. OIT will seek to provide the most secure remote access connection appropriate to the security requirements defined by the affected network resource owners and managers. All external connections to the university network must first be reviewed and approved by OIT.

8. Mid-Atlantic Christian University is primarily a Windows-based environment.  Mid-Atlantic Christian University does not maintain a BYOD environment.  Staff and faculty are required to use OIT-provided networking and computing resources.

D. Additional Wireless Guidelines

1. Wireless Network legal restrictions – The special nature of Wireless Networks may be subject to legal restriction. Wireless Access Points must abide by all federal, state and local laws pertaining to Wireless Networks. OIT is responsible for review of current technologies and legal restrictions. OIT will authorize the installation or design of wireless access with full consideration to this limitation.

2. Interference resolution – Certain wireless devices exist that utilize the same wireless frequency as the data network. In the event that a wireless device interferes with other equipment, OIT shall work with key representatives of units and departments in the Coverage area to seek resolution.

3. Wireless Network cards – Wireless Network cards are to be configured in client only mode and are not to be used as bridges, base stations, Access Points, or as an ad hoc network.

4. WLAN Availability - Wireless access is available in the following locations:

a. Pearl A. Presley Hall
b. Heritage Hall
c. Student Life Center
d. Albert C. Blanton III Campus Life Center
e. Wilkinson Hall
f. Faith Hall
g. The Welcome Center

5. Only the IEEE 802.11g and/or 802.11n standard for WLANs will be supported. 

III. Procedures

A. Security and Firewalls

1. Security – OIT takes steps to preserve the security of the network and the security of devices connected to the network in line with the OIT Policy #1  Acceptable Use.

2. Protocols – OIT may take steps to preserve both security and quality of service by blocking or limiting Protocols identified as problem source areas.

3. Firewalls – OIT is responsible for installing Firewalls or other network security systems to protect university assets. Specific servers critical to University business and operations may be protected behind such Firewalls, and those servers may be accessed for specific purpose as defined by the server.

4. Security Reviews – OIT may periodically request to perform a security review of any device, system, or component connected to the University network. Such reviews are done for the purpose of maintaining network and information security, at the request of a device, system or component client user, at the request of an authorized university representative or in response to a legal or regulatory matter.

5. Web Filtering - Mid-Atlantic Christian University filters internet traffic to restrict access websites dedicated to prurient and illicit topics.  Contact OIT at itsupport@macuniversity.edu with questions about web filtering.

B. Peripheral and Auxiliary Networks
Campus cable TV, fire alarm systems, automation or control systems, alarm systems, AV systems, surveillance cameras, or any other networked electronic or computer system that utilize the campus backbone or building wiring or co-locate with campus network facilities or electronics must be developed, installed, and operated in cooperation and coordination with OIT oversight. Practices regarding the operation of each specific system will be maintained by the system administrator or owner. 

C. Resource Provisioning

1. Provisioning of Staff and Faculty Computers - Staff and faculty should make an appropriate request for information technology resources through their department vice president.  Staff and faculty have the option of using a University-owned desktop or laptop.

2. Provisioning of Student Computers - Student computers are not provided by the University.  Students are expected to provide for their personal computing needs.

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Office of Information Technology Policy #4

SUBJECT: Software Governance

DATE: April 08, 2013
REVISED:
NEXT SCHEDULED REVIEW: Yearly, January 2014

APPROVED BY BOARD OF TRUSTEES:   October 18, 2013

Policy for: All Mid-Atlantic Christian University staff, faculty, and students
Procedure for: All Mid-Atlantic Christian University staff, faculty, and students
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

This policy seeks to reduce University exposure in critical areas, improve vendor accountability, and assure Software use in compliance with license restrictions and copyright.

II. Policy

University Software must be procured and acquired using standard University purchasing procedures, purchased with University funds and must be licensed to the University and not to individual employees. All University employees and users of University-licensed Software shall use the Software only in accordance with the license agreement. The University does not allow the installation of any Software on University Information Technology Resources without a valid license.

III. Procedures

A. Software Acquisition
Software license acquisitions will be initiated using processes documented by Purchasing and the Office of Information Technology (OIT); Software purchased using personal funds will not be reimbursed.

1. The University will make every effort to centrally fund Software that will:

a. be adopted as a University-wide standard;
b. be integral to the University’s technology infrastructure;
c. be implemented as part of a University initiative; or
d. allow the University to realize economies of scale.

2. Every effort will be made to avoid duplicative Software purchases.

3. The standard University purchasing procedures include evaluations of the following conditions, which may result in detailed review by OIT and the Finance office:

a. Processing, storage, or transmittal of Confidential data as defined in OIT Policy #2 Information Security, including contracting with a third party to accept payment card processing on behalf of the University.
b. Data collection or integration is expected for systems that process, store, or transmit data (classified as Operation Critical in OIT Policy #3 Information Security.)
c. Transferral of data currently residing on a University-owned computer or server or other device to a device not owned by the University.
d. Login integration with the University’s identity management login structure is expected when applicable.
e. Intended installation on a server managed by OIT.
f. Specific or unusual network, storage or security requirements.
g. Requirements for remote systems access or virtual private network (VPN) access.
h. Intended for shared use in the University enterprise.
i. Intended to be widely accessed over the University network.
j. Requires regulatory or legal compliance or falls within the scope of a compliance program already managed by OIT.
k. Intended installation in a virtual or imaged environment.
l. Vendor acceptance of University standard terms and conditions.

B. Software License Use

1. University use of Software shall be in compliance with the license agreement. No University employee shall violate the terms of a license agreement. Transferring possession of any copy, modification or merged portion of any licensed Software, whether gratuitously or for gain, shall be a violation of this policy and is prohibited by the University, unless transfer is explicitly allowed in the license. Such conduct may also violate state and federal law and subject an employee to civil and/or criminal penalties.

2. University employees who make, acquire, or use unauthorized copies of computer Software, or otherwise violate Software license agreements, or otherwise violate this policy shall be subject to discipline in accordance with OIT Policy #2 Acceptable Use of Information Technology Resources and may also be subject to personal liability, including civil and/or criminal penalties as provided by state and federal law.

3. Personally licensed Software or Software that is free or purchased personally by an individual may be installed on University Information Technology Resources if the individual owner maintains a valid copy of the license with the device (i.e., a valid copy of the license must be kept with the computer). If an individual cannot produce a valid license upon request, the Software must be removed. Departments allow the installation of such Software at their own risk; Software must be removed if the employee who licensed the Software leaves the University.

4. Software may not be installed on any University server without a valid license that allows for server installation and shared use of the Software.

5. Software licensed by the University may not be installed on any device other than the device specified on the license.

C. Software Management

1. Software is intended for the use specifically authorized in the applicable Software license agreements and remains the intellectual property of the owner and is protected by copyright or patent.

2. Each Software license will have documented rules for appropriate installation and use, and metrics for payment for such use. Metrics may include seat count, named user list, installation count, processor count, University enrollment data, fixed monthly fee, site license or a variety of other metrics depending on the Software, the category of Software and the vendor. The University department or unit acquiring Software is responsible for verifying appropriate installation and use of the Software, for maintaining documented records in support of the required metrics, and for covering additional costs related to expanded or changed metrics.

D. Operations
Software installations cannot impair the operation of University network and servers. Software installations may also have risks for desktops, causing slow or unreliable performance. If found to be in conflict with University policies, or in conflict with educational, business, network or server operations, Software will be removed, or the hardware running the Software will be disconnected from or otherwise blocked from network connectivity, in compliance with  OIT Policy #3 Network Infrastructure and OIT Policy #1 Acceptable Use of Information Technology Resources.

E. Responsibility
The responsibility for complying with this policy rests with each employee. Employees shall report any violations to their unit supervisors. Unit supervisors shall report violators for appropriate investigation and discipline. The individual with signing authority for purchase of Software, or that individual’s designee, is responsible for understanding the license installation, license use metrics, vendor management, and the ongoing verification of license compliance. Violations will be sanctioned according to University policy, including without limitation, OIT Policy #1 Acceptable Use of Information Technology Resources.

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Office of Information Technology Policy #5

SUBJECT: Compliance with the federal Gramm–Leach–Bliley Act  

DATE:  September 17, 2013
REVISED:
NEXT SCHEDULED REVIEW: Yearly, January 2014

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: All Mid-Atlantic Christian University (MACU or the University) Employees
Procedure for: All MACU Employees
Authorized by: Vice President for Finance
Issued by:  Board of Trustees

I. Purpose

In order to continue to protect private information and data and to comply with the provisions of the Federal Trade Commission's safeguard rules implementing applicable provisions of the Gramm-Leach-Bliley Act (GLBA), the University has adopted the Information Security Program for private financial and related information. This security program applies to customer financial information (covered data) the University receives in the course of business as required by GLBA as well as other confidential financial information the University has voluntarily chosen as a matter of policy to include within its scope. This document describes many of the activities the University currently undertakes, and will undertake, to maintain covered data according to legal and University requirements. This Information Security Program is designed to provide an outline of the safeguards that apply to this information, specifically in compliance with GLBA. The practices set forth in this document will be carried out by and impact diverse areas of the University.

II. Policy & Procedure

GLBA mandates that the University appoint an Information Security Program Coordinator, conduct a risk assessment of likely security and privacy risks, institute a training program for all employees who have access to covered data and information, oversee service providers and contracts, and evaluate and adjust the Information Security Program periodically.

A. Information Security Plan Components
The Information Security Program will verify that information safeguards are designed and implemented to control the risks identified in the risk assessments set forth above. The Coordinator will ensure that reasonable safeguards and monitoring are implemented and cover each unit that has access to covered data.
This Information Security Program is overseen by the Security Program Coordinator (Coordinator) has five components:

1. Oversight:  The Systems Administrator was appointed to coordinate the Information Security Plan.
The GLBA Security Program Coordinator (Coordinator) will be responsible for implementing this Information Security Program. The Coordinator shall be appointed by the Vice President for Finance and Administration. The Coordinator will work closely with the all administrative units of the University that have interface with or control over covered data.

The Coordinator will consult with responsible offices to identify units and areas of the University with access to covered data. As part of this Information Security Program, the Coordinator has identified units and areas of the University with access to covered data. The Coordinator will conduct a survey, or utilize other reasonable measures, to confirm that all areas with covered information are included within the scope of this Information Security Program. The Coordinator will maintain a list of areas and units of the University with access to covered data.

The Coordinator will ensure that risk assessments and monitoring are carried out for each unit or area that has covered data and that appropriate controls are in place for the identified risks.

The Coordinator will work with responsible parties to ensure adequate training and education is developed and delivered for all employees with access to covered data. The Coordinator will, in consultation with other University offices, verify that existing policies, standards and guidelines that provide for the security of covered data are reviewed and adequate. The Coordinator will make recommendations for revisions to policy, or the development of new policy, as appropriate.
The Coordinator will update this Information Security Program, including this and related documents, from time to time. The Coordinator will maintain a written security plan and make the plan available to the University community.

2. Risk Assessment:  The Coordinator will meet annually with all administrative units to conduct a risk assessment and gap analysis on current practices and procedures pertaining to protected information.  The assessment will look at internal and external risk to the security, transmission, storage, integrity, access to, and the transmission of protected data.

3. Information Safeguards and Monitoring:  The risk assessment and analysis described above shall apply to all methods of handling or disposing of nonpublic financial information, whether in electronic, paper or other form.  The Coordinator will, on a regular basis, recommend or implement technical, administrative, and physical safeguards to control the risks identified through such assessments and to regularly test or otherwise monitor the effectiveness of such safeguards.  Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures. 

4. Training:  The Coordinator will provide training to individuals and departments with authorized access to covered data to evaluate the effectiveness of the University’s procedures and practices relating to access to and use of student records, including financial aid information. This evaluation will include assessing the effectiveness of the Institution’s current policies and procedures in this area.  Additionally, the Coordinator will educate authorized personnel with appropriate standards and practices for handling covered data.

5. Partner Oversight:  The coordinator shall coordinate with those administrators responsible for the third party service procurement activities related to the Office of Information Technology (OIT) and other affected departments to raise awareness of, and to institute methods for, selecting and retaining only those service providers that are capable of maintaining appropriate safeguards for nonpublic financial information of students and other third parties to which they will have access.  In addition, the Coordinator will work with the appropriate units to develop and incorporate standard, contractual protections applicable to third party service providers, which will require such providers to implement and maintain appropriate safeguards.  These standards shall apply to all existing and future contracts entered into with such third party service providers.

6. Evaluation:  The Coordinator  is responsible for evaluating and adjusting the GLBA Information Security Program based on the risk identification and assessment activities undertaken, as well as any material changes to the University's operations or other circumstances that may have a material impact it.

III. Published

IV. Reason for Revision

V. Appendices

A. Related Documents:
GLBA Section 501 16 CRF Part 314
(May 23 Federal Register, p. 346484)
http://www.ftc.gov/os/2002/05/67fr36585.pdf

B. Definitions

Customer - means any individual who receives a financial service from the University. Customers may include students, parents, spouses, faculty, staff, and third parties.

Non-public personal information - means any personally identifiable financial or other personal information, not otherwise publicly available, that the University has obtained from a customer in the process of offering a financial product or service; such information provided to the University by another financial institution; such information otherwise obtained by the University in connection with providing a financial product or service; or any list, description, or other grouping of customers (and publicly available information pertaining to them) that is derived using any information listed above that is not publicly available. Examples of personally identifiable financial information include names, addresses, telephone numbers, bank and credit card account numbers, income and credit histories, tax returns, asset statements, and social security numbers, both in paper and electronic form.
Financial product or service - includes student loans, employee loans, activities related to extending credit, financial and investment advisory activities, management consulting and counseling activities, community development activities, and other miscellaneous financial services as defined in 12 CFR § 225.28.

Covered data and information - for the purpose of this Program includes non-public personal information of customers required to be protected under GLBA. In addition to this required coverage, the University chooses as a matter of policy to also define covered data and information to include any bank and credit card account numbers, income and credit information, tax returns, asset statements, and social security numbers received in the course of business by the University, whether or not such financial information is covered by GLBA. Covered data and information includes both paper and electronic records.

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University Finance – Information Technology Policy #6

SUBJECT: STUDENT COMPUTING LABS

DATE:  APRIL 8, 2013
REVISED: 04/08/2013
NEXT SCHEDULED REVIEW: Yearly, January, 2014

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: All users of Mid-Atlantic Christian University Student Computing Labs
Procedure for: All users of Mid-Atlantic Christian University Student Computing Labs
Authorized by: Vice President for Finance
Issued by: Board of Trustees

I. Purpose

The Office of Information Technology maintains student computing labs.  Demand for lab resources, the upkeep of the computing labs, and the assurance of appropriate use of the student computer labs necessitates to the need for a policy to govern the use of labs.

II. Policy

The student computer labs are equipped with computers primarily for the academic work of our students. The University may, in its sole and exclusive discretion, allocate, authorize use of, and control access to the student computing labs in differential ways in order to achieve its overall mission.  All users of the student computing labs must adhere to this policy, as well as, OIT Policy #1 Acceptable Use of Information Technology Resources.

III. Procedures

A. General Usage - Altering the hardware/peripheral setup of lab computers is prohibited.  Altering operating system and software settings on lab computers is prohibited.

B. Any student working on a class assignment or student project has priority in the university computers labs.  Any student using a computer for recreational use (games, correspondence, social media, e-mail, etc…) is expected to relinquish the computer promptly in response to a request from another student.

C. Loud or disruptive behavior is not tolerated in the student computer labs.  Food and drink are not permitted in the computer labs.

D. The Heritage Hall Student Computer Lab is restricted to students by combination lock.  Circumventing this security measure by preventing the door to close in any way is against this Policy.  Contact MACU OIT at itsupport@macuniversity.edu to report lab issues.

E. Location of Computer Labs - There are two computer labs available to students:

1. Watson-Griffith Library Student Computer Lab

2. Heritage Hall Student Computer Lab

F. The hours for the Student Computer Labs are posted on the Computer Lab webpage.

G. Documents should not be saved to any lab computers.  Students should always save their work to their University-provisioned Google Drive or personal flash drive. Lab computers are wiped and re-imaged multiple times each day.  Any work saved to lab computers will be lost.  The University is not responsible for lost documents.  

H. Printers are available in both computer labs.  Printing is free in the Heritage Lab.  Printing in the library is done on a cost-per-sheet basis.  Students should only print one copy of a document using the laser printers. Students should make additional copies using a copier.  Students can make copies in the Library on a cost-per-sheet basis.

IV. Published
MACU website

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Office of Information Technology Policy #7

SUBJECTUniversity Email Services

DATE: April 08, 2013
REVISED:
NEXT SCHEDULED REVIEW: Yearly, January 2014

APPROVED BY BOARD OF TRUSTEES :  October 18, 2013

Policy for: University staff, faculty, and students
Procedure for: University staff, faculty, and students
Authorized by: Vice President for Finance
Issued by:  Board of Trustees

I. Purpose

Email is considered an official method for communication at Mid-Atlantic Christian University (University).

II. Policy

University email is an official form of communication for Mid-Atlantic Christian University.  Email communication between staff, faculty, and students should only take place via official University assigned email addresses.

A. Acceptable Use of University Email

1. Official email communications are intended to meet the academic and administrative needs of the university.  The university has the right to expect that such communications will be received and read in a timely fashion.  To enable this process, the college ensures that all students can be accessed through a standardized, university issued email account.

2. Instructors may set policies defining how students use email in their classes, including requiring students to check their email on a regular basis.  University staff, faculty, and students cannot use personal email accounts for University business.

3. University email may not be used in the following ways:

a. Unlawful Activities

b. Commercial purposes

c. Personal financial gain

d. False identity in email communications

e. Misrepresentation of Mid-Atlantic Christian University

f. Anything that goes against OIT Policy #1  Acceptable Use

g. Technology Resources

h. Unauthorized mass mailings

4. Distribution lists/University-maintained Google Groups are available for staff and faculty; students are prohibited from accessing University distribution lists directly.  Distribution lists are for University-related use only.

B. Email Privacy

1. By opening and using your e-mail account, Authorized Users agree and consent that the University may access the account for administrative and all other purposes permitted or required by law and/or the University's policies, procedures and ordinances, which may require the University or its e-mail provider (if applicable) to access and disclose to the University any information stored within the account.

2. The University does not centrally retain or archive e-mail sent, processed, or received by the University e-mail system. E-mail is retained, stored or archived by external providers of e-mail services.

C. Expectations Regarding Student Use of Email 

1. Students are expected to check their Mid-Atlantic Christian University official email on a frequent and consistent basis in order to remain informed of school-related communications.  

2. Students are responsible for the consequences of not reading University-related communications sent to their official University email account.  Students have the responsibility to recognize that certain communications may be time-critical.

III. Procedures

A. Assignment of Email Addresses

1. Faculty email addresses are assigned at the request of the Office of Academic Affairs.

2. Staff email addresses are assigned at the request from the associated department.  Staff and faculty will have an assigned password which will be distributed via written correspondence. 

3. Department and group email addresses can be requested, but they are assigned at the discretion of OIT.

4. Each student, upon enrolling, is issued an email account with an address on the macuniversity.edu domain.  The email account created by the University is the official email address to which the university will send electronic communications.  Students will be notified with their account information via written communication.

B. Account Suspension and Deletion of University Email

1. OIT periodically deletes Email/university computer accounts belonging to individuals no longer affiliated as Mid-Atlantic Christian University students, faculty, or staff.

2. "No longer affiliated" is defined as:

a. Students: Have graduated and do not wish to keep their MACU email account, or are no longer officially enrolled for at least 1 credit hour

b. Faculty/Staff: Have voluntarily left the University, or terminated employment

3. Student, staff, and faculty email accounts are not immediately deleted; all email accounts are moved to a suspended state. 

C. Approximate Account Suspension/Deletion Dates

1. Student email accounts (no longer affiliated; in good standing) are suspended on the last day of drop-add of the first semester that a student is not registered. When an account is deactivated, no one will be able to log in with that account information or have access to files stored under it. Accounts are deleted one year after account deactivation.      

2. Student email accounts  belonging to students that have been dismissed from the University  (no longer affiliated; not in good standing) are suspended 48 hours after the notice of dismissal. Accounts are deleted one year after account deactivation. 

3. Students that graduate from the University have the option of keeping their @macuniversity.edu email address.  Accounts for alumni that remain inactive for a period of one year will be removed--all emails, documents, calendars, and contacts associated with the account will be deleted. 

4. Staff and faculty email accounts are suspended when an employee leaves the University.  Staff and faculty email is archived for a period of at least three years after the last official University-related interaction.

5. 14 days before accounts are scheduled for deletion, each affected account owner will receive email notification from OIT that their account is scheduled for deletion. It is the account owner's responsibility to manage his/her account responsibly, and to retain any required files on backup media.

6. If the account owner suspects that he/she received the account deletion email notification in error, they should contact the party listed in the email message immediately.

IV. Published

V. Reason for Revision

VI. Appendices

Back to Top of Page

___________________________________________________________________________

Mid-Atlantic Christian University - Office of Information Technology Policy #8

SUBJECT: Compliance with the federal Higher Education Opportunity Act (HEOA) 

DATE:  September 13, 2013
REVISED:
NEXT SCHEDULED REVIEW: Yearly, January 2014

APPROVED BY BOARD OF TRUSTEES:  October 18, 2013

Policy for: All Mid-Atlantic Christian University (MACU or the University) Employees and Students
Procedure for: All MACU Employees and Students
Authorized by: Vice President for Finance
Issued by:  Board of Trustees

I. Purpose

Downloading, copying and sharing material, such as music, movies, games, and applications, for which the copyright holder has not given you rights is both against the law and against the University's Acceptable Usage Policy (Office of Information Technology (OIT) policy #1). 

II. Policy & Procedure

The University's is required to be in compliance with HEOA H.R. (4137) by making an annual disclosure to students describing copyright law and campus policies related to violating copyright law, developing and implementing a plan to effectively combat unauthorized distribution of copyrighted materials by users of MACU's network, including the use of one or more technology based deterrents, and providing a plan to offer alternatives to illegal downloading. 

A. The plan to effectively combat copyright infringement

1. Technology:  The University uses traffic shaping technologies and quality of service (QoS) to identify, suppress, and eliminate traffic associated with illegal file sharing activities.

2. Education:  The University maintains a comprehensive copyright website (http://www.macuniversity.edu/technology/support-and-guides/copyright-and-p2p) and peer-2-peer (p2p) education site to provide continual education on illegal activity.  Information is distributed to students on an annual basis.

3. Evaluation:  The HEOA compliance plan and procedures are reviewed annually by OIT and the Information Technology Advisory Council (ITAC).

B. Offering Alternatives
MACU's page for legal alternatives http://www.macuniversity.edu/technology/support-and-guides/p2p
In addition, EDUCAUSE maintains a comprehensive list of Legal Downloading Resources at their website http://www.educause.edu/legalcontent.

III. Published

IV. Reason for Revision

V. Appendices

Back to Top of Page

___________________________________________________________________________