Educause Security Discussion mailing list archives
LTI vendor risk management strategy?
From: "Hassler, Karl D." <khassler () UDEL EDU>
Date: Tue, 3 Jul 2018 13:37:31 +0000
Textbook publishers create interfaces to our LMS via the Learning Tools Interoperability (LTI) protocol as a way of integrating textbook learning activities with our LMS. More concerning, some professors arrange for students to create accounts directly on publisher textbook-specific learning websites. Q - how do you manage the risks to the learning data (education records) processed by the publishers - either via LTI or directly with students? Specifically, how do you assess the publisher's security practices, and how do you obligate them to adhere to them? In most cases, there is no formal contract, unlike other cloud vendor arrangements. The faculty member selects and textbook and simply requests the LTI integration, or directs the students to use the code that came with the textbook to create a publisher account.
Current thread:
- LTI vendor risk management strategy? Hassler, Karl D. (Jul 03)
- Re: LTI vendor risk management strategy? Andy Hooper (Jul 03)