Policy for Use of a Learning Management System for Online Classes
Policy 1.6
Policy Title
Policy for Use of a Learning Management System for Online Classes
Policy Rationale
Online classes require digital platforms to connect students with instructors and content. A single LMS contributes materially to student success both by establishing a uniform tool for accessing course materials and by limiting the technology that must be mastered by any student. Students report that the multiple tools faculty use to deliver online classes create confusion and are unnecessarily burdensome.
In addition, the necessary electronic transmission of confidential and personally identifiable information during the semester in online courses is more vulnerable to cyberattacks than traditional classes, specifically from an endpoint security, privacy, and process perspective. The use of the university-supported LMS or an alternative LMS that meets CUNY’s cybersecurity policies and complies with data privacy laws will significantly reduce the likelihood of a security breach. It simultaneously supports identity management to increase assurance that the student enrolled in the online class is the person participating in the class.
CUNY currently supports two LMSs — Blackboard and D2L Brightspace – that meet these guidelines. After CUNY’s contract with Blackboard expires on December 19, 2025, Brightspace will be the single University-supported LMS.
Policy Statement
All Online Synchronous and Online Asynchronous classes must be delivered via a learning management system (LMS) that meets:
- CUNY’s cybersecurity policies;
- applicable data privacy laws including FERPA, GDPR, CCPA, COPPA, PIPEDA, ISO 27018, Cloud Security Alliance (CSA), and Security Trust and Assurance Registry (STAR); and
- any other relevant University policies and guidelines.
A course is “delivered” in an LMS for purposes of this policy when an instructor, at a minimum, posts a course syllabus and uses the gradebook and announcements functions for the duration of the course.
Use of the CUNY-supported LMS is strongly recommended. A college/academic unit may choose to allow use of an LMS other than the University-supported LMS when it meets the following conditions:
- The LMS is verified by the college CIO as meeting cybersecurity and data privacy policies as specified above.
- The college/academic unit assumes costs and liabilities associated with use of an alternative LMS. All procurement rules must be followed.
- The college/academic unit is responsible for course enrollment and ensures their data follows University Registrar enrollment and grades guidelines.
- The college/academic unit is responsible for LMS integration with CUNYfirst, CUNY SSO, and all other technologies as needed (third-party e-learning tools) to ensure reporting compliance for IPEDS, ADA, homeland security/visa status, and NC-SARA.
- The college/academic unit is responsible for training and support as well as ongoing maintenance and security vulnerability updates of the environment.
Policy Owner
Executive Vice Chancellor and University Provost
Responsible Office
CUNY Academic & Faculty Affairs
Contact Information
Academic Program Review & Policy
Approved By
Effective Date
By campus concurrent with transition to D2L Brightspace.
Constituencies
Faculty, instructional staff, and administrators
Related Information