Policy for Use of a Learning Management System for Online Classes
Central Office, June 3, 2024
WHEREAS, The City University of New York (the “University” of “CUNY”) is obligated to safeguard its sensitive data; and
WHEREAS, Delivery of synchronous and asynchronous online classes requires use of digital platforms and electronic transmission of confidential and personally identifiable information for instructional purposes; and
WHEREAS, The University-supported Learning Management System (“LMS”) meets CUNY’s cybersecurity policies and applicable data privacy laws thereby significantly reducing the likelihood of a security breach; and
WHEREAS, The University-supported LMS supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class; and
WHEREAS, The University-supported LMS contributes to student success by providing a single, centralized platform for online learning that accommodates integration with numerous third-party tools; and
WHEREAS, CUNY recognizes the need may arise for an LMS other than the University-supported LMS where there are accreditation requirements or other compelling education needs that cannot be served by the University-supported LMS; and
WHEREAS, Any alternative LMS must meet CUNY’s cybersecurity policies and applicable data privacy laws.
NOW, THEREFORE, BE IT
RESOLVED, That the Board of Trustees of The City University of New York approves Policy 1.6 – A Policy for Use of a Learning Management System for Online Classes, effective June 25, 2024; and
BE IT FURTHER
RESOLVED, That any subsequent material changes to the Policy shall be submitted to the University Board of Trustees for its consideration and approval.
EXPLANATION:
Online classes require digital platforms to connect students with instructors and content. A single LMS contributes materially to student success both by establishing a uniform tool for accessing course materials and by limiting the technology that must be mastered by any student. Students report that the multiple tools faculty use to deliver online classes create confusion and are unnecessarily burdensome.
In addition, the necessary electronic transmission of confidential and personally identifiable information during the semester in online courses is more vulnerable to cyberattacks than traditional classes, specifically from an endpoint security, privacy, and process perspective. The use of the university-supported LMS or an alternative LMS that meets CUNY’s cybersecurity policies and complies with data privacy laws will significantly reduce the likelihood of a security breach. The LMS simultaneously supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class.
The proposed policy is reflected below.
Policy 1.6
Policy Title
Policy for Use of a Learning Management System for Online Classes
Policy Rationale
Online classes require digital platforms to connect students with instructors and content. A single LMS contributes materially to student success both by establishing a uniform tool for accessing course materials and by limiting the technology that must be mastered by any student. Students report that the multiple tools faculty use to deliver online classes create confusion and are unnecessarily burdensome.
In addition, the necessary electronic transmission of confidential and personally identifiable information during the semester in online courses is more vulnerable to cyberattacks than traditional classes, specifically from an endpoint security, privacy, and process perspective. The use of the university-supported LMS or an alternative LMS that meets CUNY’s cybersecurity policies and complies with data privacy laws will significantly reduce the likelihood of a security breach. It simultaneously supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class.
CUNY currently supports two LMSs -- Blackboard and D2L Brightspace – that meet these guidelines. After CUNY’s contract with Blackboard expires on December 19, 2025, Brightspace will be the single University-supported LMS.
Policy Statement
All Online Synchronous and Online Asynchronous classes must be delivered via a learning management system (LMS) that meets:
- CUNY’s cybersecurity policies;
- applicable data privacy laws including FERPA, GDPR, CCPA, COPPA, PIPEDA, ISO 27018, Cloud Security Alliance (CSA), and Security Trust and Assurance Registry (STAR); and
- any other relevant University policies and guidelines.
A course is “delivered” in an LMS for purposes of this policy when an instructor, at a minimum, posts a course syllabus and uses the gradebook and announcements functions for the duration of the course.
Use of the CUNY-supported LMS is strongly recommended. A college/academic unit may choose to allow use of an LMS other than the University-supported LMS when it meets the following conditions:
- The LMS is verified by the college CIO as meeting cybersecurity and data privacy policies as specified above.
- The college/academic unit assumes costs and liabilities associated with use of an alternative LMS. All procurement rules must be followed.
- The college/academic unit is responsible for course enrollment and ensures their data follows University Registrar enrollment and grades guidelines.
- The college/academic unit is responsible for LMS integration with CUNYfirst, CUNY SSO, and all other technologies as needed (third-party e-learning tools) to ensure reporting compliance for IPEDS, ADA, homeland security/visa status, and NC-SARA.
- The college/academic unit is responsible for training and support as well as ongoing maintenance and security vulnerability updates of the environment.
Policy Owner: Executive Vice Chancellor and University Provost.
Responsible Office: CUNY Academic & Faculty Affairs.
Contact Information: Academic Program Review & Policy.
Effective Date: By campus concurrent with transition to D2L Brightspace.
Constituencies: Faculty, instructional staff, and administrators.