Learn about the measures in place to protect sensitive data, including encryption, compliance with privacy laws, user role management, and secure data storage practices.
Answer
Moodle offers a centralized content repository with version control and role-based segmentation.
Segmentation: Segmentation occurs through role-based permissions, which can be manually assigned by administrators. Content can be segmented based on user roles, allowing different levels of access (e.g., instructor, learner, administrator). Content visibility and editing privileges are determined by the roles assigned to users.
Roles: Moodle provides several predefined roles, such as learner, teacher, administrator, and course creator. Each role has associated privileges:
Multiple roles can be assigned to a user (e.g., a user can be both a teacher and a learner in different courses). Roles can be assigned manually by administrators or auto-assigned through enrollment methods or authentication plugins.
Answer
Moodle provides robust permissions and access control options based on user characteristics such as role, location, and other custom user profile fields.
Assigning and restricting access: Administrators can assign or restrict access to content through Moodle’s role-based access control (RBAC). This allows for fine-grained control of who can view or edit specific content. Access is based on:
Role permissions: Administrators can configure permissions at the system, course, and activity level to control access to content, allowing for tailored access control for different user groups.
Answer
Moodle supports integration with other institutional data sources through its API and third-party plugins. This allows for the inclusion of demographic data, academic history, and other relevant institutional data into Moodle’s reporting features.
API Integration: Allows for the transfer of data from external systems into Moodle for use in reports.
Plugins: Several plugins exist to integrate Moodle with student information systems (SIS) and learning management systems (LMS), enabling data synchronization.
These integrations provide comprehensive reporting by combining Moodle data with institutional records.
Answer
Moodle includes a gradebook with grade comments, and trainee progress tracking as a built-in feature.
Answer
Moodle adheres to industry-specific regulatory requirements related to data protection and confidentiality, following applicable local, state, and federal laws. Key measures include:
No security breach incident has occurred in the last five years.
Answer
We perform daily SQL database backups and store them on our server for seven days. Data can also be exported via SFTP to your server, where you can retain it for as long as needed.
Answer
Our disaster recovery plans for cloud-based systems include:
Our main infrastructure vendor is FranTech, which is multi-homed across several global regions. They maintain an active Discord channel where staff and customers discuss system operations, promoting open and honest communication.
We’ve witnessed their successful recovery from incidents such as:
Answer
Yes, Moodle allows data archiving through backups. Course and user data can be archived manually or automatically using scheduled backups. The duration of data maintenance depends on your organization’s retention policies, as Moodle provides the flexibility to configure and manage data retention as per your needs.
Answer
Yes, Moodle offers comprehensive test and evaluation capabilities. It includes the Quiz module, which allows instructors to create a variety of question types, including multiple choice, true/false, short answer, and essay. Moodle also supports automated grading, time limits, random question selection, and question banks for creating reusable assessments. Additionally, teachers can set up feedback for students, generate detailed reports on test performance, and track progress over time.
Answer
Yes, learners can access and print their transcripts in Moodle. The Grades page provides a detailed view of their academic progress, including completed courses and grades, which can be printed or exported as a PDF.
Answer
Access to Moodle is controlled through user authentication methods like username/password, LDAP, OAuth, or social media logins. Users are identified by their credentials, and access to features is managed through roles and permissions set by administrators.
Answer
Yes, Moodle supports Single Sign-On (SSO) through integration with various protocols like SAML, OAuth, and OpenID Connect. This allows users to log in once and access Moodle without needing to re-enter credentials, streamlining the authentication process.
Answer
We use BuyVM.net for hosting, which provides robust security measures, including Tier IV certified data centers with 24/7 on-site security, DDoS protection, Full Disk Encryption (FDE) for data at rest, and private networking for secure internal data transfer. Regular backups and snapshot capabilities further ensure data integrity and recovery, protecting your data with comprehensive security at every level.
Answer
It depends on your definition of “device”.
Yes. Your client data is hosted on a dedicated and isolated virtual machine which is separate from any other clients’ data.
No. This virtual machine is on a virtualization server that runs other separation applications that you, and we, do not have access to which is managed by our cloud provider.
Answer
Our backup procedures include regular backups of course data, stored for 10 years, and virtualization snapshots to mitigate data loss. Backups are tested specifically for restore scenarios. Data is stored in a secure facility with multi-layer access controls, monitored by FranTech, our hosting provider.
Answer
Yes, our disaster recovery plan includes maintaining separate production and quality assurance servers, using virtualization snapshots to mitigate data loss, and testing for backup restoration scenarios. Our hosting provider, FranTech, ensures infrastructure resilience with multi-homed data centers, robust security measures, and a proven record of disaster recovery.
Taken this from Ferantech or buyvm.net.
Answer
Yes, our organization engages executive oversight for cybersecurity.
Answer
No, our organization does not have a designated Information Security Officer. The primary responsibility for our information security program rests with the Vice President and the Web Developer.
Answer
Yes, our organization uses Moodle and follows its defined information security standards, including SSL encryption via AWS, GDPR compliance, and privacy features. Additionally, AWS services used by Moodle comply with ISO certifications.
Answer
Yes, our organization conducts information security audits. We use third-party PCI audits for customer payment information, performed quarterly.
Answer
Yes, our organization outsources cybersecurity functions in part. PCI audits are performed by a third party, while all other cybersecurity functions are handled in-house.
Answer
No, our proposed service is not considered a medical device subject to regulation by the Food and Drug Administration.
Answer
No, our proposed service does not require access to or use of JPS confidential data, including Protected Health Information (HIPAA) or Cardholder Data (PCI).
Answer
Yes, our product has the capability to generate an audit trail of access and use. We utilize Moodle’s auditing and logging features, and we have a Moodle development server for trial access.
Answer
Yes, we follow a Secure Software Development Lifecycle (SDLC) that includes application security requirements.
Answer
Yes, security reviews and regression testing are performed on Moodle’s application source code. Regular security audits and automated regression tests are conducted to ensure security and functionality.
Answer
Yes, our proposed product Moodle complies with industry certifications like ISO/IEC 27001, SOC 2 (via AWS), and GDPR. While Moodle itself doesn’t hold all certifications, it relies on its hosting providers for compliance.
Answer
Yes, we follow a formal change management process based on ITIL (Information Technology Infrastructure Library). Changes to the production environment are tested, reviewed, approved, and monitored to ensure proper implementation and minimize risks.
Answer
Yes, we require all users to have unique user accounts on systems that store, access, or transmit customer data.
Answer
Yes, user accounts are assigned based on the principle of “least privilege” using Moodle’s role-based access policy.
Answer
Yes, we enforce strong password policies using Moodle’s default settings, which require passwords to be at least 8 characters long and include at least one digit, one lowercase letter, one uppercase letter, and one non-alphanumeric character.
Answer
Yes, our organization utilizes role-based security for provisioning user accounts. Roles are defined based on permissions assigned to various user types, such as students, teachers, and administrators. These roles are monitored and revised as needed through Moodle’s administrative interface to meet organizational needs and ensure appropriate access control.
Answer
We perform user access reviews for our team. Customers have their own administrators who manage access reviews according to their requirements.
Answer
Yes, cybersecurity training is provided to our workforce through the Coursera course “Introduction to Cybersecurity Fundamentals.” The training is delivered periodically as part of ongoing professional development.
Answer
Yes, the effectiveness of cybersecurity training is evaluated through the course exam.
Answer
No, two-factor authentication is not yet implemented, but we are currently looking into it.
Answer
We don’t allow remote access to server environments. Access is only permitted through the application interface.
Answer
Yes, we verify the deactivation of login credentials upon the end of employment or contract service. This is managed through Moodle’s role-based access system, ensuring that user accounts are promptly deactivated and access is revoked.
Answer
We handle everything in-house, except for our use of Moodle. The Moodle team ensures their staff undergo thorough vetting processes, following strict security and privacy protocols.
Answer
We use BuyVM as our data center provider. Their data centers are located in Las Vegas and New York.
Answer
No, all our data is stored within the United States, specifically in the data centers located in Las Vegas and New York.
Answer
No, all of our data centers are located within the United States. We do not utilize offshore data centers.
Answer
Yes, customer data is stored in a hosted cloud environment. We use BuyVM.net for our cloud hosting services, with data centers located in the United States, specifically in Las Vegas and New York.
Answer
The PCI audit is conducted by a third party on a quarterly basis. This includes vulnerability scans of our IT systems, networks, and supporting security systems to ensure compliance with PCI standards.
Answer
Penetration testing is part of the quarterly PCI audit and is conducted by a third party.
Answer
No, we have not experienced a data breach.
Answer
Yes, we maintain disaster recovery and business continuity plans. These plans are tested annually using simulated scenarios to ensure preparedness and updated based on results and organizational changes.
Answer
Yes, we maintain a cybersecurity incident response plan. The plan is tested annually through simulated exercises to ensure readiness. It is updated regularly based on lessons learned, emerging threats, and any organizational changes.
Answer
Provides secure file transfer capabilities through encrypted protocols for uploading, downloading, and managing files. Files uploaded to the platform are stored securely on the server, and administrators can set permissions to control who can access, download, or modify files. Moodle supports SSL encryption for secure data transmission and allows restricted access to sensitive content based on user roles.
Answer
Our development process is structured to create high-quality, engaging e-Learning content that meets learner and organizational goals. We begin with a needs analysis to identify learning objectives, target audience, and desired outcomes. Using instructional design models like ADDIE and SAM, we design a course blueprint that includes structure, learning paths, and multimedia elements. Content is then developed in collaboration with subject matter experts (SMEs) to ensure accuracy and relevance, with interactive components like quizzes, simulations, and assessments integrated to enhance engagement. Leveraging technologies such as SCORM, xAPI, and H5P, we ensure compatibility with learning management systems (LMS) and optimize for accessibility. Rigorous testing and quality assurance follow, focusing on functionality, accessibility, and compliance with ADA and WCAG standards. After deployment on the LMS, we provide continuous support and updates, ensuring the course remains relevant and effective over time.
Answer
We ensure the quality of our courses through a comprehensive and systematic process that incorporates multiple stages of review and testing. During content development, subject matter experts (SMEs) validate the accuracy and relevance of the material. Instructional designers align the content with established learning objectives and industry-recognized methodologies like ADDIE to ensure pedagogical effectiveness.
Interactive elements, such as quizzes and simulations, are tested for functionality and engagement, while multimedia components undergo reviews for clarity and consistency. Rigorous quality assurance (QA) checks focus on ensuring compliance with accessibility standards, including ADA and WCAG, as well as compatibility with LMS platforms through SCORM and xAPI testing.
Additionally, usability testing is conducted to assess the learner experience, ensuring intuitive navigation and seamless interaction across devices. Feedback loops are built into the process, allowing for iterative improvements based on input from reviewers, SMEs, and test users. This multi-layered approach guarantees that our courses meet high standards of quality, effectiveness, and user satisfaction.
Answer
Yes, certificates can be forwarded to a manager or third party. Upon successful completion of a course, learners can download or receive a digital version of their certificate, which can then be shared via email or other communication methods. This allows students to easily provide proof of their achievement to employers, managers, or any other relevant parties for professional development, performance reviews, or certification purposes.
Answer
Yes, our servers are co-located in secure, state-of-the-art data centers that adhere to industry best practices for reliability and security. These data centers are equipped with redundant power supplies, cooling systems, and robust security measures to ensure the continuous operation of our ASP service. Over the past year, our service has maintained an uptime of 99.9%, reflecting our commitment to providing a stable and reliable platform for our users. Regular monitoring and proactive maintenance ensure that potential issues are identified and resolved promptly to minimize any service disruptions.
Answer
Yes, our system offers customizable levels of security for administrators, allowing different roles and permissions to be assigned for tasks such as adding or updating students, viewing reports, and managing course content. Administrators can be granted varying levels of access based on their responsibilities and needs. For example, a user may have full administrative rights to manage students, assign courses, and view all reports, while another user may only have permission to view reports or manage a specific group of learners.
These role-based permissions are configurable, ensuring that sensitive data is protected and that users only have access to the areas necessary for their job functions. This system helps maintain security and control over the management of courses and learner data, and ensures that administrators have the appropriate level of access to perform their duties.
Answer
Yes, our system provides a robust method for administrators to track and report on the progress of students. Administrators have access to detailed reports that include key metrics such as course completion rates, quiz scores, time spent on modules, and overall progress. These reports are automatically generated and can be customized to meet specific needs, allowing for a comprehensive view of individual and group performance. Administrators can monitor students’ engagement, identify areas where additional support may be needed, and assess the effectiveness of the course material. This tracking functionality helps ensure that administrators can effectively manage learner outcomes and adjust instructional strategies as necessary.
Answer
If an individual employee ceases employment with the agency or entity that purchased the training, their “seat” or “user” access can be deactivated or reassigned. Administrators have the ability to manage user accounts by removing or disabling access for departing employees. This ensures that the training seat is freed up and available for reassignment to a new employee. Depending on the specific settings of the platform, administrators can either transfer the seat to another employee or simply revoke access, depending on the organization’s needs and the terms of their training agreement.
Answer
Yes, our system is capable of tracking and reporting on various aspects of course usage. You can monitor individual user activity, including the duration spent in a course and the specific hours of the day the course was accessed. We also provide reports showing the names of users who accessed a specified course during a selected time frame, as well as the total number of users accessing the course in that period. Additionally, our reporting system can generate lists of users who have completed a course with scores above a designated threshold within a defined timeframe. You can also track the number of users meeting this criterion, and identify users who are still in progress on specified courses. We can provide sample reports to demonstrate these tracking and reporting features, allowing for customizable reports tailored to your needs.
Answer
Moodle fully supports role-based access control with customizable permissions.
Answer
Moodle supports individual and bulk enrollments using user profile attributes, cohorts, and learning paths through course completion settings.
Answer
Moodle does not have built-in approval workflows, but this can be achieved by installing plugins like “Enrolment upon approval” or “Course Request Approval”. Notifications can be configured through Moodle’s messaging system.
Answer
Moodle can track CPE credits using custom course completion criteria and categories, with plugins available for automating the calculation and reporting of CPE totals.
Answer
Moodle includes security features such as SSL encryption, user role management, data privacy settings, and compliance with standards like GDPR to protect sensitive information.
Answer
Moodle supports various authentication protocols such as OAuth, LDAP, SAML, and Moodle’s internal authentication, ensuring secure login, preventing unauthorized access, and reducing data breach risks.
Answer
Moodle supports automated backups of courses, user data, and configurations, and includes disaster recovery options for system restoration in case of failures.