TYPO3 and LMS3: Secure and GDPR compliant architecture
LMS3 can build on the TYPO3 system in terms of security and data protection, which already has a high standard that is constantly monitored by the community.
The German federal government uses TYPO3 as a content management system (CMS) for some of its official websites. There were good reasons why TYPO3 was preferred for government institutions and organizations:
Since the source code is open, anyone with the necessary technical skills can review the code. This means that potential security holes and vulnerabilities are more likely to be identified and reported. This is in contrast to proprietary software, where the source code is not publicly available.
In the open source community, there are many developers who review, test and improve the code. This increases the likelihood that security vulnerabilities will be identified and fixed before they can be exploited.
There is usually a faster response to security vulnerability fixes in open source projects. The community can develop and provide patches and updates more quickly to secure the software.
With open source software, companies are not dependent on a single vendor for security updates. They can update the code themselves or rely on the community and independent developers.
If needed, security features or enhancements can be implemented directly by the community or internal developers instead of having to wait for the software vendor to release updates.
What aspects make LMS3 secure and GDPR compliant?
We can mention here some points that stand for security and data protection:
- Password rules and two-factor authentication: we make sure that passwords have a certain length and contain various features such as numbers and special characters. There is also the option of two-factor authentication in the backend. If you wish, we can also connect a two-factor authentication service for the frontend.
- Delete user data: User data should be stored only as long as necessary. With LMS3, you can specify after what period of time a user has not logged in, the data should be deleted. Before that, you can send an e-mail notification about the upcoming deletion.
- Change and duty to provide information: The LMS3 report provides all data that a user has stored in the learning platform or has generated through his activities. In order to comply with the duty to provide information according to GDPR, this data can be made available upon request.
- Possibility of anonymization: On request, the reports can also be made available without plain names and e-mail addresses if the HR department so wishes.