PASS Training & Compliance

View Original

A call to regulators to require LMS' to meet technical requirements

With online training, content isn’t the only thing regulators should look at when approving an online trainer. Verifying that an online trainer’s learning management system (LMS) has specific features is essential to ensure the integrity of the experience. Holding the trainer accountable for security, chain of custody, and verification of each training they issue is as important as the content itself.

Security

Evaluating any online service provider and adequately handling personally identifiable information (PII) is one of the most important considerations. Examples of this type of information include:

  • Passwords

  • Email addresses

  • Payment information

It is essential to ensure that all online training providers use proper encryption standards and data storage best practices to keep the risk of customer data being compromised to a minimum.

Chain of Custody

Most LMS' have the ability to integrate with third-party training providers, but not all of these integrations are created equal. Some of these integrations have a feedback loop, and others do not, but a feedback loop is essential so that providers can properly track who has been trained with their content, that the content is as up-to-date as possible, and guarantee the integrity of the training.

 The PASS system tracks who we've trained first-party and through any integration with any third-party LMS. This guarantees a chain of custody on all training. We believe that as a part of the approval process, the LMS regulated trainings should be able to prove to the state they have a chain of custody concerning their no matter which LMS it's served from.

Certification Verification

Every LMS should have a way to verify the authenticity of a certificate issued. Trust is a must! We believe that a part of the approval process should include a method for a regulatory body to verify a certificate’s authenticity. This is generally done by issuing certificate serial numbers or some other kind of unique identifier that can prove the certificate was issued to a particular individual belonging to a specific company/location on a particular day.