Customers Access to their Data
Customers can get access to the data stored in their dedicated SQL Database using the LMS365 OData API Service (see specific articles on the LMS365 Help Center on how to use this, for example via Microsoft PowerBI).
From within LMS365 Global Configuration, the customer can generate an API Key, which provides access to the OData Service. It will be the customer’s responsibility to protect access to this key. The customer can also change and revoke the API Key from LMS365 Global Configuration.
Using the API Key the customer can also update their data in LMS365 using the LMS365 Cloud API (see https://api.365.systems) and/or analyzing data, building apps, automating processes using the LMS365 Connector for the Microsoft Power Platform.
2nd Party Access to Data
Under normal operational circumstances, ELEARNINGFORCE Product Development and Support Staff (2nd party) will never access the customer's dedicated Azure SQL Database and/or data.
Support Staff will from time to time require access to the Customer’s Data when investigating an issue reported by the customer.
Access to all production systems is always controlled and supervised by our IT & Security Team and only allowed from a compliant company-managed device from protected IP ranges. To ensure just-in-time access only to authorized staff Azure AD Privileged Identity Management is used with multi-factor authentication enforced to activate the role.
All staff has signed our Confidentiality Agreement.
To administrate this privileged access, organizational structures are in place to govern who is granted access to what in accordance with our Information Security Policy.
3rd party Access to Data
3rd party is defined as anyone that is not the Customer or ELEARNINGFORCE Product Development or Support Staff. Examples of 3rd parties are ELEARNINGFORCE Professional Services, ELEARNINGFORCE Partners, or other trusted external specialists hired by the customer.
If relevant Customers can provide 3rd party access to Customer Data in LMS365. For example, to have 3rd party help with programmatically creating ready-made content (ex. Storyals or Microsoft Learning Pathways material) or have 3rd party create Power BI dashboards, Microsoft Power Automate Flows or Power Apps that have access to the customer's LMS365 data. For such uses, the Customer can share their API Key with 3rd party.
Customers will always control the API Key and can change or revoke the API Key, which will instantly remove all access to Customers Data via this API Key.
When a Customer performs a change to their API Key, a timestamp and the identity of the user performing the change will be logged.
Microsoft Access to Data
Ensuring security in the processing of customer data stored and shared via the Microsoft Cloud is critical to Microsoft. Read more about how Microsoft handles data in the cloud in Microsoft's documentation.