Compliance Requirements for Learning Management Systems

by Gary Woodill on June 26, 2009

Many learning management system (LMS) vendors experience the following scenario. A prospective client arrives at their tradeshow booth and asks, “Does your LMS do compliance?” The answer to this question is not a simple one.

The concern with compliance is driven by laws and regulations that require specific training, the desire of companies to avoid liabilities, the implementation of business objectives, and the reduction of paperwork. To understand this topic fully, we need to distinguish between the ability to track compliance in a number of areas with the fact that, as a piece of software, a learning management system may itself need to be compliant with certain standards and regulations. It is also important to realize that laws and regulations are specific to individual countries or states, and will likely vary widely from one jurisdiction to another. The examples below are drawn from the United States and Canada but there will be parallel issues in the legislation of other countries.

Here are the main compliance issues that one needs to consider in choosing a learning management system:

Accessibility standards – there are two aspects concerning accessibility and LMSs. The first one is to ask whether the learning management system and its website is itself accessible to people with disabilities. The second is to ask whether the learning management system can track accessibility of online courses and face-to-face training opportunities. In the United States, accessibility regulations come under the Americans with Disabilities Act (ADA) and Section 508 (29 U.S.C. ‘794d) of the 1998 Rehabilitation Act. In Canada, these standards are known as Common Look and Feel (CLF) standards for government websites. These standards closely follow the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines 1.0.

Human Resources standards and regulations – most countries have passed legislation regulating employment that may or may not include aspects of training. For example, in the United States there are Equal Employment Opportunity Commission (EEOC) regulations and provisions of the Fair Labor Standards Act (FLSA). Many other countries have equivalent legislation. Given the overlap between human resources management (HRM) software, talent management software, and learning management systems, this may be an area that potential clients want to explore in their requirements for a LMS.

Interoperability standards – one the earliest demands of LMS users was that courses developed by different developers work in the same learning management system. This led to the development of one of the first sets of LMS standards, those of the Aircraft Industry CBT Committee (AICC), which published its first guidelines in 1989. In 1997, the IMS Global Learning Consortium (IMS GLC), a nonprofit member organization devoted to setting specifications and standards for the learning industry, was formed, and has issued many sets of specifications since that date. The same year (1997) saw the announcement of the Advanced Distributed Learning (ADL) initiative of the US Department of Defense. ADL developed the Shareable Content Object Reference Model (SCORM) and the ADL Registry of SCORM compliant software. LMS vendors are well aware of both AICC and SCORM, and generally say that they are compliant with both standards. However, in practical terms, most LMS implementations don’t work well with these standards “out of the box” and often require a period of adjustment and tuning to make them work seamlessly.

Quality standards – compliance with quality standards can be managed with an LMS and tied to both competencies and diagnostic/gap analysis procedures. These, in turn, can be linked to individual or group training plans. Relevant standards include workplace and manufacturing quality standards such as the ISO 9000 series, the QS 9000 series (US auto industry), ISO 14000 (environmental practices) and Good Manufacturing Practice (GMP) standards. These all can have implications for training.  Managers may also want to ask about the software engineering processes of the LMS vendor, to see if they conform to either ISO 9126 (evaluation of software quality) or the Software Engineering Institute’s Capability Maturity rating (1-5).

Regulatory compliance tracking – learning management systems, because they are essentially large databases, are often asked to track regulatory compliance with specific government legislation. Examples in the United States include the Health Insurance Portability and Accountability Act (HIPAA), and the Occupational Safety and Health Administration (OSHA) regulations. In Canada, the requirements of training for the Workplace Hazardous Materials Information System (WHIMIS) are sometimes tracked by a LMS.

Security standards – many organizations require very secure systems to store personal information. This is especially true in the medical field but can apply in many other areas. Requirements here may include the maintenance of audit trails, the deployment of completely closed systems, the use of digital signatures, such as the US Federal Drug Administration regulation FDA 21 CFR Part 11 for the medical, biotech, and pharmaceutical industries, and the use of high degrees of encryption for groups such as the banking industry. The is an ISO standard for information security – !SO 27001. Only a few LMSs are certified to this standard.

Tracking training for required certification and recertification – there are lots of examples of regulatory compliance for training in specific industries, where employees are required to be certified before being on the job, and need to be recertified on a regular basis. Many LMSs track certification, and can issue automatic alerts as the date for recertification approaches. This need can be driven by legislation or by standards imposed by a specific industry or company. Examples would be workers in the nuclear industry, or air traffic control, who need to keep skills up to date and at optimal performance levels.  

Tracking training for liability reduction – training can help reduce liability for employers in areas that can be controversial. Courses or educational materials on such things as sexual harassment, or employment discrimination, might be much less expensive to provide (and a good thing to do in any case) than the settling of lawsuits in disputes in these areas.

Reduction in paperwork – Finally, a fully functional LMS can have features that reduce workload and paperwork for compliance management. Such features can include auto-enrollment in compliance training based on job, automatic notifications to managers and workers on failures to complete compliance training, assessment and evaluation of compliance training, issuing of certificates on completion of compliance training, and many other configurations for tracking and reporting in this area.

So the answers to questions on compliance and learning management systems are not simple and are multifaceted. Hopefully this short guide will be of some help in sorting out what you need to do in this area.

Previous post:

Next post: