LTI Tool Security Policy

This policy outlines the security measures and practices employed by Feedback Loop's LTI tool to ensure the confidentiality, integrity, and availability of user data. It applies to all aspects of the tool, including data storage, processing, and transmission.

Data Encryption

    • All data transmitted to and from the LTI tool is encrypted using industry-standard encryption protocols such as TLS. 
    • Data stored within the tool's systems, including backups, is encrypted at rest using robust encryption methods meeting or exceeding current best practices such as AES-256.

Access Control

    • Access to user data within the LTI tool is restricted through role-based access control (RBAC) and attribute-based access control (ABAC) mechanisms. 
    • Authentication of personnel is enforced using strong credentials, and multi-factor authentication (MFA) is implemented where appropriate. 
    • Authentication of tool users is enforced using LTI Advantage-based Single Sign On (SSO) mechanisms. 
    • Regular audits are conducted to review access logs and ensure that only authorized personnel have access to sensitive data. 

Network Security

  • The tool's infrastructure is protected by firewalls and intrusion detection/prevention systems. 
  • Regular vulnerability assessments and penetration tests are conducted to identify and remediate potential security weaknesses. 

Data Privacy and Compliance

  • The tool adheres to relevant data protection regulations (e.g., FERPA) and best practices in user data privacy. 
  • Users are informed about the data collection practices, and consent is obtained where required by law.
  • Data collection is limited to only information required for the tool to function correctly: student full name, email address and user profile picture.

Incident Response

  • A formal incident response plan is in place to address potential security breaches. 
  • The plan includes procedures for incident detection, response, recovery, and notification to affected parties. 

Employee Training and Awareness

  • Employees receive regular training on data security and privacy principles. 
  • Awareness programs are in place to ensure employees understand their roles in maintaining the tool's security. 

Updates and Changes to this Security Policy

This security policy and the associated practices are reviewed and updated regularly to align with emerging threats and industry standards. 

What is Feedback Loop?

A highly user-friendly, powerful peer feedback platform that works seamlessly within the LMS.

Terms of Service

The Feedback Loop Terms of Service is posted here.

Security Policy

The Feedback Loop Security Policy is posted here.

VPAT

Learn more about Feedback Loop's compliance with the Voluntary Product ACcessibility Template (VPAT) here.

Learn more

Click here to see how Feedback Loop works or get in touch with the button below.

Contact Us

Learn more about

Feedback Loop

See how easy it is to implement Feedback Loop in your courses for amazing, easy to use peer feedback built right into your Learning Mangement System!

Contact Us