Companies in the e-learning industry in particular have to face special challenges in terms of information security and data protection.
In the article ‘Geprüfte IT-Sicherheit in der E-Learning-Produktion’ (Tested IT Security in E-Learning Production), which was published in April on the Personalwirtschaft website, CBTL GmbH shows how it masters these challenges as a TISAX-tested company. Using the basic principles of confidentiality, integrity and availability, it illustrates how features of the EVOLUTION³ authoring platform ensure IT security in the various project phases.
Tested IT security in e-learning production
With product cycles becoming ever shorter, the pressure to get e-learning content online faster is increasing. In this context, information security and data protection are becoming more and more important. CBTL meets the highest security standards and is certified according to the TISAX standard.
Confidentiality, Integrity, Availability
The basic principles of IT security – confidentiality, integrity and availability – play a central role in e-learning production. Organisations that create content with internal departments or external service providers must ensure that sensitive data is protected in accordance with the GDPR at every stage. CBTL ensures this with the EVOLUTION³ authoring tool, the client-server platform and comprehensive IT security measures.
Information Security Management at CBTL
CBTL relies on a consistent information security management system (ISMS) that is regularly updated to respond to new threats. In 2020/2021, the ISMS was expanded and successfully verified by several audits, including a TISAX assessment for the protection goals ‘Info very high’ and ‘Data’.
Important IT security measures:
Confidentiality
Two-factor authentication and server monitoring protect the login and data access. Transport encryption such as HTTPS and TLS as well as the encryption of data storage on servers and clients guarantee security. All EVOLUTION³ servers are hosted in ISO 27001 certified data centres in the EU. A strict role- and rights-based management system prevents unauthorised access and is regularly reviewed.
Integrity
Granular role and rights management allows read and write rights to be assigned on a project or page basis. Version management ensures that changes remain traceable and can be reset to an earlier version if required. Actions such as copying, deleting or assigning rights are logged.
Availability
Automated backups ensure that project data is stored securely. CBTL tools make sure that data is not only viewable, but also editable. Long-term support gives companies additional security.
Data protection in focus
In addition to IT security, the focus is also on data protection. CBTL meets all the requirements of the GDPR and uses technical and organizational measures (TOMs) that are regularly reviewed. An external data protection officer ensures that order processing contracts can be concluded quickly and easily.
To avoid unnecessary accumulation of data, user interactions are only logged for security-related purposes. No telemetry or usage data is collected from the client PC. Logging and deletion periods can be individually adapted to customer requirements.
Conclusion
With the EVOLUTION³ authoring tool, the client-server platform and the IT security measures of CBTL, companies worldwide – from Frankfurt to Bangalore to Buenos Aires – can create e-learning content securely and efficiently.