Rustici Software's
SCORM Blog

Subscribe

Archive


Tweets by Rustici Software



Topics

Authors

At Rustici Software, the General Data Protection Regulation (GDPR) came at an ideal time for us to complete a self-review of our data privacy (see our official description of what we’ve done here). Our tools can be many things to many people, with each product having its own set of data privacy scenarios to think through. GDPR pushed us to take a close look at each of our tools, improving them as we found things that could be better. We began this process thinking we were doing everything already, only to discover ways to build better tools.

Of course we went through the normal process of evaluating our company-wide privacy policy and made some small changes. We were proud that we already valued our customers’ data as their own, never shared it out with a third-party for commercial gain and took every reasonable step to keep data secure. We’ve participated in Safe Harbor and Privacy Shield certifications in the past, which guided our existing policies. Nevertheless, we tweaked some internal policies and improved our stance. We also put some GDPR-required Data Processing Addendums in place for all the tools we use and with customers who rely on our hosted tools.

SCORM Cloud:

Our SCORM Cloud product was one of the first places we looked. Since its creation, SCORM Cloud has grown to launching over a million new courses each month. SCORM Cloud offers four ways to invite a learner to take a course, so we thought through GDPR implications for each. We’re grateful for our SCORM Cloud user base, who carefully considered our platform’s impact on their GDPR obligations and worked with us to get the right tools in place. The GDPR had an impact on each of these invitation methods.

Public Invites:

These invites provide a simple link that allows easy entry to a course. We needed to provide ways to delete the information that this method creates. While SCORM Cloud does not capture much, we do capture First Name, Last Name, Email Address, Quiz and Assessment Data, as well as xAPI Statements. We determined that it was too hard to delete this data, when requested to do so. We built tools to make this data management and deletion much easier; we wanted to make it easier for our SCORM Cloud customers to manage the GDPR data deletion requirements. You can review these PII deletion tools here.

Private Invites:

These invites provide a direct email to allow a learner to take a course. We also needed to provide ways to delete the information that this method creates. Again, while SCORM Cloud doesn’t capture much, we do capture First Name, Last Name, Email Address, Quiz and Assessment Data, as well as xAPI Statements. We determined that it was too hard to delete this data, when requested to do so and we built tools to make this data management and deletion much easier. You can also review these PII deletion tools here.

SCORM Cloud Dispatch:

SCORM Cloud Dispatch is a popular way to help content creators control their courses inside a third-party LMS. Dispatch provides six benefits to a course owner, who needs their content to play nicely inside nearly any third-party LMS. Since Dispatch has the potential to capture some learner’s personally identifiable information (PII) we have added a tool that can anonymize the PII learning data. This tool can help meet a content owner’s desire to control courses, without giving up their GDPR obligations. We’ve also added in an optional tool that will display a privacy policy at the bottom of the SCORM player window. Now using Dispatch can still be possible in an GDPR compliant environment. Dispatch users can learn more about our PII blocker here.

SCORM Cloud API:

Many of our SCORM Cloud’s integrations are purely API based. In order to support these customers, a new API has been added that makes the data delete operations available, in order to help our customers meet their GDPR obligations. Using the API, you can identify a learner ID (or xAPI Actor) and request SCORM Cloud delete all data about that learner from our system. The developer’s documentation for our PII and GDPR learner deletion tools can be found here.

SCORM Engine:

The cornerstone of our ability to help the eLearning industry “play nice” with one another has been our SCORM Engine. This application is relied on by hundreds of learning platforms and LMSs throughout the world. It was critically important that we provide tools within the SCORM Engine to help our customers more easily meet their platform’s GDPR obligations.

Engine now features the ability to delete learner data, via new API calls. We released this API enhancement as an Engine 2017.1 maintenance release. Additionally, we’ll be introducing a user interface for performing the same ‘learner delete’ operations as part of our Rustici Engine 2018.1 release. Existing Engine customers are encouraged to simply upgrade their Engine application to enable the latest GDPR data management tools. We’ve also added the ability for customers to have a privacy policy optionally displayed at the bottom of the SCORM Player window.

Content Controller:

Much like SCORM Cloud Dispatch, Content Controller needed some tools to make managing GDPR obligations easier. Upgrades were done to make sure Content Controller users aren’t tracking personal data for training when utilizing Content Controller to launch training through other LMSs. Content Controller customers now have the ability to enable one-way hashing of learner identifying data captured through various learning standards. When this option is enabled Learner Identifiers and Learner Names will be hashed (SHA-256) in the learner’s browser before that data is transmitted to the application providing the dispatch package. We’ve also added the ability for Content Controller customers to have a privacy policy optionally displayed at the bottom of the SCORM Player window. This guide provides more about PII inside Content Controller.

To sum it up

Nothing with privacy and software is final. Here at Rustici Software, we view data privacy and protection as a goal to continually strive for. The GDPR will most certainly evolve and we intend on doing whatever is reasonable to continue to support customers all over the world, while protecting their valuable data. If you have concerns about our existing tools, GDPR posture, or data privacy policy, please let us know. We’re always willing to take a closer look at our solutions and try to evolve them in new ways.

No Comments | Post a comment »



We know our customers have been spending a lot of time thinking through how GDPR affects their business and the learning data they maintain on behalf of their customers. So have we.

We’ve been working hard to make sure our customers have the tools necessary to accommodate any GDPR-related requests they may receive, while also auditing our internal systems and procedures to make sure we’re following industry best practices related to privacy and security.

As we get closer to releasing these new tools, we want to make sure our customers know what they are and how to make use of them. GDPR impacts each of our products differently.

Below is a sneak peek of what’s to come in each. More details can be found on our GDPR home page, which will always have the most up to date information on our support and product updates related to GDPR.

SCORM Cloud and SCORM Engine

We are adding the ability to delete learner data within both SCORM Cloud and SCORM Engine.

There will be different methods for accessing this function in SCORM Cloud depending on how you interface with the application.

We will include additional API methods in an upcoming maintenance release for Engine 2017 to support deleting learner data. Engine 2018 will include a user interface that can facilitate deleting learner data.

Dispatch and Content Controller

Based on collaboration with some of our customers, we’ll be helping you ensure you aren’t tracking personal data when utilizing Dispatch or Content Controller to launch training through other LMSs. We are adding the ability to enable one-way hashing of learner identifying data captured through various learning standards. When this option is enabled Learner Identifiers and Learner Names will be hashed (SHA-256) in the learner’s browser before that data is transmitted to the application that is providing the dispatch package.

What Now?

If you have more questions about how these features work, when they’ll be available, how you use them, or believe you need a Rustici Software Data Processor Agreement (DPA), please contact us at GDPR@scorm.com.

Remember, we’ll be continually updating our GDPR and Rustici Software Products webpage with the most up to date information.

No Comments | Post a comment »



Content Controller v2.0 updated UI

We’ve gotten a lot of feedback about Content Controller since we started working on it back in 2015: feature requests, bug reports, criticisms and praise. We also have conversations with customers and potential customers about what problems Content Controller solves for them and where it falls short. This feedback is valuable because it tells us where we should focus our efforts to improve our software. There is one criticism that we’ve heard very frequently: performing routine tasks in the UI requires too much clicking. So with Content Controller v2.0, we’ve tried to do something about it.

Consider a common scenario: You’ve just signed on a new client who needs access to your entire course library under your popular “10,000 learners per course, per year” plan, and now you need to add all of those courses to the new client’s Content Controller account. This is a daunting endeavor with Content Controller v1.2, because you’d need to add each course individually, clicking through the same dialog and selecting the same options for each. With two license limits (a learner limit of 10,000 and an expiration date one year in the future), that works out to about 13 clicks per course. With library of hundreds of courses, you’d be in for a long, boring day of clicking. Content Controller has long had an API that can be used to automate this sort of task, but clearly some improvements were needed for our UI users.

So what’s changed in Content Controller v2.0? For one, we’ve added license templates so you can define a set of limits with a descriptive name, and then quickly apply the template when adding courses to an account. We’ve also added autocompletions and tag support to Content Controller’s search bars, so you can more easily find the courses you’re looking for.

But most importantly, we’ve replaced the UI for adding courses to an account with an entirely new UI that allows you select your entire course library, or just a subset, and add all of the selected courses at once while applying the same license limits to each. Populating an account with your entire course library, no matter how large, takes as few as nine clicks with the new UI in Content Controller v2.0. If you have 100 courses in your library, that’s a 99% reduction compared to Content Controller v1.2.

This isn’t the only improvement we’ve made in Content Controller v2.0 (see the release notes for a full list), but if I had to guess, I’d say it’s the one that will have the biggest impact for day-to-day use. But we can’t know that for sure until we start getting feedback from users. If you’ve tried out Content Controller v2.0, and think of ways we could make it better, let us know! We want to hear from you.

No Comments | Post a comment »



Most eLearning content providers send their courses off into the world with no ability to manage them once released. Content Controller lets you centrally host your content so you can automatically make updates, gain insight into usage and enforce licenses. And in Content Controller v2.0, we’ve updated the user interface so that managing your licenses, courses and accounts is even easier.

Latest features like tagging and search help you efficiently organize content and manage your growing course catalog. Our updates to licenses let you seamlessly assign license types, view history and renew licenses to reflect your growing client list.

So, without any further ado, here are the highlights.

New Features in Content Controller v2.0

 

Licenses

Course Bundles

Combine courses into a bundle that is licensed as a single unit in order to save time setting up licenses. For example, create a “Gold” bundle that includes every course in your catalog. Or create a “Golf” bundle that includes golf-related courses. Then, associate bundles with licenses to quickly apply license terms and easily deliver the bundle to customers in a single file.

License Templates

Use license templates to create and save licenses you enforce across multiple accounts and content. If you consistently sell a “One Year or 10,000 Learners” license, you can create a license type that allows access for up to one year or 10,000 learners. Create the license type once and assign it to multiple accounts, saving you the trouble of having to create those same limits every time you set up an account. Any licenses you created in v1.0 will still apply.

License Renewals

Use renewals to ensure your client always maintains access and never experiences down time. Set accounts and content to automatically or manually renew into existing license terms or into new license terms. Easily view license history to see how a client’s usage has evolved over time.

License Extensions

Access license settings in order to edit individual license limits within an account or content. Support client extensions by simply increasing access granted within an existing license.

Alert Emails

Set up your internal team with alert emails that notify you of accounts that are approaching or have exceeded license limits. Use alerts to inspire client conversations supporting renewals or up-sells.

Tagging and Search

Manage your content library quickly and efficiently. Tag courses to reflect your internal organizational structure. Then, search content by user-applied tags or course name. Content search makes search simple by including auto-completions for tags and course names.

Bulk Operations

Select tens or hundreds of courses, equivalents and licensing bundles at once using Content Controller’s improved UI flow along with tagging and search. Then, assign selections to an account with just one click.

cmi5

Support cmi5, using Content Controller’s latest cmi5 import feature. Then, make it available to LMSs that support SCORM or AICC.

Learn More

Interested in learning more about the benefits of Content Controller or upgrading your version to 2.0? Get in touch! We’d love to talk about how you can more effectively manage your content.

Want to learn more about how each feature works? Check out our Knowledge Base. While you’re there, you can also check out a full list of what is included in Content Controller v2.0.

 

 

 

No Comments | Post a comment »



Rustici Software awarded CLO Award

We are thrilled to share that Chief Learning Officer (CLO) magazine announced the winners of the 2017 Learning in Practice Awards and Rustici Software won a Bronze Award for Excellence in Technology Innovation! Our submission recognized the work the SANS Institute has done using Content Controller to update their content distribution strategy. We are very thankful they allowed us to highlight their story and thrilled to consider these industry leaders our clients.

The SANS story

SANS’s use of Content Controller is an interesting story in and of its own, which we have explored in the SANS Content Controller case study. But to submit the award we also dug into the overall landscape. The difference between what SANS is doing to distribute content and what the industry has historically done is pretty staggering.

The Learning Management System (LMS) marketplace is expected to be valued at $7B/year by 2018 and is primarily split into two deployment models: on-premise and SaaS. LMSs have been supporting off-the-shelf eLearning content via third-party content providers since 1997. The model may appear simple: content providers license (for a certain number of users usually) courses to client who then access content via their own LMS. But this twenty-year old model has inherent flaws: content creators have found a lack of license control, a risk of inaccurate content, multi-language pain and a lack of data regarding course engagement.

The SANS Institute has solved these traditional challenges by shifting their distribution model. Using Content Controller, SANS centrally hosts their content to easily deliver the latest, most accurate content to learners and streamline their license admin. They’ve seen a 90% reduction in time spent updating existing content, saving $100K in employee costs per year. If you want to learn more about their story, check out the SANS case study.

Celebrating other clients who won CLO awards

In addition to our win, we were pleased to see that a number of other Rustici clients were also CLO award winners. The Learning in Practice Awards celebrate those who have crafted new and innovative education initiatives. Booz Allen Hamilton won A Silver Business Partnership Award and their Director, David Sylvester, won a Gold Trailblazer Award. Our client Grovo won a Bronze Excellence in eLearning award. Hats off to them!

No Comments | Post a comment »


Older Posts »

Browse Categories

Using the Standards

Tips, tricks and solutions for using SCORM and AICC.

Standards Evolution

Our chronicling and opinion of the evolution of SCORM.

Rustici Software

Stories about who we are and what we're up to.

Products

News about our products. Notifications of new releases and new features.

Ideas and Thoughts

Miscellaneous thoughts and ideas about e-learning, entrepreneurship and whatever else is on our minds.

Software Development

Ideas about software development and how we manage things internally.