Future Learning also has to deal with the GDPR and the AVG, because a Learning Content Management System (LCMS) such as ILIAS stores individual personal data and is used for authorization and authentication (logging into the system and assigning roles / rights for access to specific content). The security of these data is of great importance, i.e. the data security.
Customers and users of the Learning Management System ILIAS, one of the e-learning services that Future Learning provides internationally as an ILIAS Premium Partner, places very high demands on the safety of the system. For example, because they use classified content, which is only accessible to users who meet specific requirements.
Use by defense authorities
NATO is a large-scale user of the ILIAS Learning Management System and has many classified learning content alongside unclassified learning content. NATO has selected ILIAS as LMS worldwide, after carrying out extensive security tests before the software was installed within the NATO server park. New versions of the ILIAS software are also extensively tested by NATO as part of a recent modernization process.
The same applies to other customers in the military sector, such as the Air Force School of the United Arab Emirates, who also uses the ILIAS system within their own firewall. Before the system could be installed, it was extensively tested for security using, among other things, penetration tests on the login page.
In France and Germany ILIAS LMS software is also used by military organizations such as the French Navy and Helmut Schmidt University (military educational institution).
In the Netherlands ILIAS is in use by the Ministry of Defense, among others by the armed forces; the Royal Netherlands Navy (KM); the Royal Netherlands Army (KL); the Royal Netherlands Air Force (KLu); the Royal Netherlands Marechaussee (KMar) and some supporting executive organizations such as the Defense Materiel Organization (DMO).
Many military customers use the ILIAS Learning Management System within their own secure server park and firewall.
ILIAS with an SLA and Processor Agreement
Future Learning also provides ILIAS with a Service Level Agreement (SLA) and Processor Agreement, which meets the high requirements set, namely for
- Government agencies such as; ministries, provinces, municipalities, water boards;
- executive organizations and services, such as inspections, agencies, police services;
- judicial power;
- Semi-government organizations such as; energy, public transport, education, housing corporations, media, healthcare and welfare.
The healthcare sector also places high demands on the protection of personal data of patients, volunteers and employees.
ILIAS Community makes Security Test Suites available
Since 2018, the ILIAS Community has had a Technical Board, which includes a special member who deals with the subject of security. This is partly due to the introduction of GDPR, but also in general in connection with the increase in Internet security requirements. Security in ILIAS is about protecting and securing information and data against unauthorized access and also defining policy on how to deal with security and privacy.
The ILIAS software must be well protected against general hazards and attacks by preventing unauthorized access, use and modification. In addition, by addressing the 10 highest security risks (OWASP – Open Web Application Security Project) and thereby guaranteeing integrity, authenticity and confidentiality of personal data. Test Suites are available for this, which are used by the ILIAS Community, but also by customers and users to test safety. In case of problems these are addressed directly by the ILIAS Technical Board.
Future Learning works with Partner who meets the ISO 27001 standard
Future Learning also provides ILIAS as a Managed Service and has selected a partner that meets the ISO 27001 standard. ISO 27001 is the most used security management certification outside the United States. This certification consists of 133 controls and applies to the establishment of the entire Information Security Management System based on the most recent version: ISO27001: 2013.
In addition, Future Learning has drawn up a Processor Agreement for customers that has been adapted for AVG (GDPR). The most recent version has been accepted in 2018 for healthcare customers, based on recent European legislation (GDPR).