Central Office, June 3, 2024
WHEREAS, The City University of New York (the “University” of “CUNY”) is obligated to safeguard its sensitive data; and
WHEREAS, Delivery of synchronous and asynchronous online classes requires use of digital platforms and electronic transmission of confidential and personally identifiable information for instructional purposes; and
WHEREAS, The University-supported Learning Management System (“LMS”) meets CUNY’s cybersecurity policies and applicable data privacy laws thereby significantly reducing the likelihood of a security breach; and
WHEREAS, The University-supported LMS supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class; and
WHEREAS, The University-supported LMS contributes to student success by providing a single, centralized platform for online learning that accommodates integration with numerous third-party tools; and
WHEREAS, CUNY recognizes the need may arise for an LMS other than the University-supported LMS where there are accreditation requirements or other compelling education needs that cannot be served by the University-supported LMS; and
WHEREAS, Any alternative LMS must meet CUNY’s cybersecurity policies and applicable data privacy laws.
NOW, THEREFORE, BE IT
RESOLVED, That the Board of Trustees of The City University of New York approves Policy 1.6 – A Policy for Use of a Learning Management System for Online Classes, effective June 25, 2024; and
BE IT FURTHER
RESOLVED, That any subsequent material changes to the Policy shall be submitted to the University Board of Trustees for its consideration and approval.
EXPLANATION:
Online classes require digital platforms to connect students with instructors and content. A single LMS contributes materially to student success both by establishing a uniform tool for accessing course materials and by limiting the technology that must be mastered by any student. Students report that the multiple tools faculty use to deliver online classes create confusion and are unnecessarily burdensome.
In addition, the necessary electronic transmission of confidential and personally identifiable information during the semester in online courses is more vulnerable to cyberattacks than traditional classes, specifically from an endpoint security, privacy, and process perspective. The use of the university-supported LMS or an alternative LMS that meets CUNY’s cybersecurity policies and complies with data privacy laws will significantly reduce the likelihood of a security breach. The LMS simultaneously supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class.
The proposed policy is reflected below.
Policy 1.6
Policy Title
Policy for Use of a Learning Management System for Online Classes
Policy Rationale
Online classes require digital platforms to connect students with instructors and content. A single LMS contributes materially to student success both by establishing a uniform tool for accessing course materials and by limiting the technology that must be mastered by any student. Students report that the multiple tools faculty use to deliver online classes create confusion and are unnecessarily burdensome.
In addition, the necessary electronic transmission of confidential and personally identifiable information during the semester in online courses is more vulnerable to cyberattacks than traditional classes, specifically from an endpoint security, privacy, and process perspective. The use of the university-supported LMS or an alternative LMS that meets CUNY’s cybersecurity policies and complies with data privacy laws will significantly reduce the likelihood of a security breach. It simultaneously supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class.
CUNY currently supports two LMSs — Blackboard and D2L Brightspace – that meet these guidelines. After CUNY’s contract with Blackboard expires on December 19, 2025, Brightspace will be the single University-supported LMS.
Policy Statement
All Online Synchronous and Online Asynchronous classes must be delivered via a learning management system (LMS) that meets:
- CUNY’s cybersecurity policies;
- applicable data privacy laws including FERPA, GDPR, CCPA, COPPA, PIPEDA, ISO 27018, Cloud Security Alliance (CSA), and Security Trust and Assurance Registry (STAR); and
- any other relevant University policies and guidelines.
A course is “delivered” in an LMS for purposes of this policy when an instructor, at a minimum, posts a course syllabus and uses the gradebook and announcements functions for the duration of the course.
Use of the CUNY-supported LMS is strongly recommended. A college/academic unit may choose to allow use of an LMS other than the University-supported LMS when it meets the following conditions:
- The LMS is verified by the college CIO as meeting cybersecurity and data privacy policies as specified above.
- The college/academic unit assumes costs and liabilities associated with use of an alternative LMS. All procurement rules must be followed.
- The college/academic unit is responsible for course enrollment and ensures their data follows University Registrar enrollment and grades guidelines.
- The college/academic unit is responsible for LMS integration with CUNYfirst, CUNY SSO, and all other technologies as needed (third-party e-learning tools) to ensure reporting compliance for IPEDS, ADA, homeland security/visa status, and NC-SARA.
- The college/academic unit is responsible for training and support as well as ongoing maintenance and security vulnerability updates of the environment.
Policy Owner: Executive Vice Chancellor and University Provost.
Responsible Office: CUNY Academic & Faculty Affairs.
Contact Information: Academic Program Review & Policy.
Effective Date: By campus concurrent with transition to D2L Brightspace.
Constituencies: Faculty, instructional staff, and administrators.
What is a Learning Management System (LMS)?
A Learning Management System (LMS) is a software application designed for the administration, documentation, tracking, reporting, automation, and delivery of educational courses, training programs, materials, or learning and development programs. It serves as a centralized platform for managing various aspects of the learning process and provides tools for creating, organizing, and delivering educational content to learners. An LMS is focused on online learning delivery but also supports a range of uses, acting as a platform for online content for in-person and hybrid courses.
What modalities of instruction does the new LMS Use Policy apply to?
The LMS Use Policy applies only to courses offered as Online Synchronous or Online Asynchronous. It does not apply to courses offered as In-person, Hybrid Synchronous, Hybrid Asynchronous or Hyflex. However, use of the University-supported LMS is strongly recommended for all classes as appropriate.
Why doesn’t this policy apply to all modalities?
In-person and hybrid classes do not require use of digital platforms and electronic transmission of confidential and personally identifiable information for instructional purposes. Faculty electing to transmit such information electronically are obligated to use platforms that meet cybersecurity and data privacy requirements.
What does the new LMS Use Policy Require?
The new policy requires all online synchronous and asynchronous classes to be delivered through an LMS that meets CUNY’s cybersecurity policies; applicable data privacy laws, and other relevant University policies and guidelines. Use of the University-supported LMS D2L Brightspace, once implemented on a campus, is strongly recommended. A college or academic unit may authorize use of an alternative LMS so long as the alternative LMS meets threshold security and legal conditions articulated in the LMS Use policy, and the college agrees to assume the additional costs and risks associated with using, maintaining, and upgrading the alternative LMS.
Why is the University strongly recommending that all online classes be delivered through the University-supported LMS?
Online classes require digital platforms to connect students with professors and content. A single LMS contributes materially to student success both by establishing a uniform tool for accessing course materials and by limiting the technology that must be mastered by any student. Students report that the multiple tools faculty use to deliver online classes create confusion and are unnecessarily burdensome.
In addition, the necessary electronic transmission of confidential and personally identifiable information during the semester in online courses is more vulnerable to cyberattacks than traditional classes, specifically from an endpoint security, privacy, and process perspective. The university-supported LMS D2L Brightspace meets CUNY’s cybersecurity policies and complies with data privacy laws including FERPA, GDPR, CCPA, COPPA, PIPEDA, ISO 27018, Cloud Security Alliance (CSA), and Security Trust and Assurance Registry (STAR). This significantly reduces the likelihood of a security breach. It simultaneously supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class.
What does it mean to “deliver” a course in an LMS?
The LMS serves as a common access point for students to secure course materials and on-going access to their grades. At a minimum, meeting the “delivery” requirement includes the following:
- the course syllabus must be posted in an accessible format that is consistent with respective campus requirements. Posting the syllabus in an LMS supports transparency and accountability for students in online learning;
- the gradebook and announcements functions must be used. Regular updates serve as a supportive channel for disseminating changes to the schedule, clarification of assignments, and announcements of upcoming events or deadlines in a consistent location. The Gradebook in the LMS centralizes and organizes all assessment data and offers students a private, protected, and individualized view of their progress within the course;
- all confidential and personally identifiable information about students must be contained in the LMS and may not be transmitted via email or other technology not meeting CUNY’s cybersecurity policies and applicable data privacy laws; and
- all course recordings must be uploaded and embedded in the course site. Live sessions conducted via Zoom, Teams, or other video conferencing platforms should be accessed through the course site. These tools are available and integrated within Brightspace.
In addition, it is strongly recommended that all instructors of online courses, as well as instructors of hybrid and in-person courses, where appropriate, do the following:
- Upload and embed course materials in the LMS to ensure availability and accessibility via the LMS accessibility checker and Ally. Organizing these materials in modules that mirror the syllabus outline, with readings and media embedded when possible, helps students locate and engage in the materials in a timely manner.
- Link and access specific library resources, ebooks, and online articles in the LMS. Open Educational Resources (OER) should be uploaded or linked to external sites in the course modules within the LMS as well.
Does the LMS limit what tools I can use?
The LMS does not limit the tools faculty can use in teaching their online classes. A modern LMS is designed to integrate with many third-party tools, and D2L Brightspace can support thousands of tools which faculty can link to the LMS. Tools also can be used or accessed independently of the LMS in online courses.
Can I use publisher supported apps and other program-specific platforms and materials accessed through Brightspace?
Yes. Although Zoom, Teams, Academic Commons, and Google Classroom as stand-alone platforms do not meet CUNY’s cybersecurity and data privacy requirements, they may be used in conjunction with Brightspace or another approved LMS. They cannot be used in place of an LMS. Zoom and MS Teams are integrated with Brightspace. Numerous third-party tools are also integrated, and many others can be. Although Brightspace includes a blogging feature, faculty have the option at their discretion to link to other platforms and tools from their Brightspace course site including computer science/data science software, math-oriented software, and OER materials. Academic Commons and Open Lab are examples of WordPress sites that can be linked to Brightspace.
Note that while it is recommended that links to external websites are embedded in the LMS course site to make them easy for students to locate and access, this is not required under the policy.
How does Brightspace support students with disabilities?
Brightspace technology conforms with global accessibility standards and is designed with people with disabilities. Brightspace includes tools such as the Accessibility checker and Video Note to support the creation and consumption of accessible learning content as well as features that facilitate universal design for learning as a practice of inclusive pedagogy.
Can I leverage open-educational resources (OER)?
Yes, you can link to OER materials from Brightspace.
What third-party integrations with Brightspace will be available? What additional options are there?
MS Teams and Zoom are integrated with Brightspace. Google Tools such as Google Classroom and numerous other third-party tools as shown here can be integrated. This is not a comprehensive list as Brightspace can support thousands of other tools that meet industry standards.
CUNY can support only a limited number of third-party tools at the enterprise level. Campuses and academic units may procure and integrate additional third-party tools as deemed appropriate.
Can I use Google Classroom with Brightspace?
Yes, Google Classroom can be linked to from Brightspace.
Can I use WordPress sites with Brightspace?
Yes, Academic Commons and Open Lab are examples of WordPress sites that can be linked to from Brightspace.
Can I use Open Lab in Brightspace?
Yes, you may link to Open Lab content from Brightspace as you would to any external content.
Can I use Academic Commons with Brightspace?
Yes, you may link to Academic Commons content from Brightspace as you would to any external content.
Can I use Teams and/or Zoom?
Yes, Teams and Zoom are integrated with Brightspace.
Do I have to post links to these sites in the LMS or can I send my students to the website directly?
Posting links in the LMS course site is not required by the policy. This is strongly recommended because doing so makes it easy for students to locate and access the sites.
What is Brightspace LeaP?
Brightspace LeaP is an adaptive learning tool that can be used to build personalized learning paths for students. It is most appropriate for fact-based courses, such as geography, history, and science, with well-defined, granular learning objectives. To use it, the instructor has to build a Leap path where they would add learning objectives, questions, and content to the path. It is not automatically “on” in any course.
Does the LMS restrict how I teach my online class or the materials I use? Isn’t this a violation of academic freedom?
No. The LMS provides an environment for delivering online instruction much like a classroom is the environment for in-person instruction. The instructor has control over the content, methods, and resources used for instruction within the environment. A modern LMS is designed to integrate with many third-party tools and supports links to content on external websites.
What is “Regular & Substantive Interaction” and what does it have to do with LMS use?
Per US Department of Education regulations, online courses must provide evidence of regular and substantive interaction (RSI) between a student and an instructor. Institutions risk losing access to student financial aid if the institution is audited by the US Department of Education’s (DoE) Office of Inspector General or as part of a periodic Departmental financial aid program review and found to be out of compliance. The LMS is the best tool to enable colleges to provide evidence of RSI during an audit.
What should a faculty member do if they want to use an LMS that is not Brightspace?
A faculty member who wants to use an LMS other than Brightspace should first secure the support of their department chair or dean, who will work with the campus’ Chief Information Officer to verify whether the LMS meets applicable cybersecurity and other regulations. The college must assume responsibility for any additional costs associated with using, maintaining, and upgrading the alternative LMS. All procurement rules must be followed.
How will the University enforce the LMS Use Policy?
It is expected that all instructors will comply with this policy as with all other University policies. If a student reports or it becomes known that an instructor is not delivering an online course within Brightspace or an LMS approved by this policy, the Chief Academic Officer of the college or their designee will investigate and facilitate compliance by providing education and technical assistance to the instructor. An instructor’s repeated refusal to comply with this policy should be considered in assigning online courses in the future.