Astute eLearning Platform v3.1.0 Release Notes

Astute eLearning Platform v3.1.0 Release Notes

1) Risk Assessment Version 3

We are delighted to announce the general release of our new and improved Risk Assessment Version 3 tool to the Astute Platform.

This feature is designed to allow customers to develop risk assessments which enable users to manage low-level issues and escalate high-level concerns directly to administrators for further investigation.

Available to all subscription-based customers, there are two guides available with further information on building risk assessments and management of concerns:

Risk Assessment Building Assessment

Risk Assessment Review and Manage

2) Additional Filters on Compliance Reports

New filters have been added to compliance reports, which will now default to exclude expired, archived and future events. Filters have been added to the report to include these events, along with filters by ‘job title’ and ‘additional field (s)’:

3) KPI Reporting

A new report in reporting and analytics is now live: KPI reporting. The KPI report is designed to give a simple, high-level overview of critical training and risk assessment data:


4) Additional Filters on Enrolment Activities

Additional filters have been added to enrolment activities, making it easier to search and filter activities when assigning to enrolment events:

5) Auto Enrol All Users in Enrolment Event Rules

Auto-enrolment has been updated such that all active users will be automatically enrolled on an event immediately upon selecting this option:

6) Archiving Enrolment Events – Workflow Update

The workflow associated with archiving enrolment events has been updated. Upon achieving an enrolment event, no further enrolments and / or re-enrolment will occur (whether manual or rules-based). Current incomplete enrolments will remain in place with learners until such time as these are completed, or the learner is removed from the enrolment event:

7) Additional Recipients to Trigger Emails

Additional recipients can now be added as a cc to trigger email notifications:

How to use eLearning to Satisfy the 7 key Principles of GDPR in 2022.

General Data Protection Regulation (GDPR) has been around long enough for us all to understand it’s basic data protection principles. While the regulation itself may not be new to businesses anymore, there are still new businesses, processes and situations appearing every day across the world. These new businesses, processes and situations must still comply with GDPR.

This blog looks at the 7 key principles of GDPR, what they are and what businesses are expected to do to comply with them, and how to ensure GDPR compliance in 2022.

What are the 7 Key Principles of GDPR?

There are 7 principles of the General Data Protection Regulation which all businesses should be aware of. By creating a culture of compliance around these principles, organisations can rest assured they are well on their way to GDPR compliance.

Image

Setting the scene

To practically demonstrate how the 7 key principles of GDPR can affect business practices, we will follow a newly created company, NeltaDet, as they begin their journey to be GDPR compliant. NeltaDet is building a mailing list to receive a monthly compliance newsletter. They aim to capture website visitors’ details through their online newsletter sign up form or an opt-in tick box on their product enquiry form.

Lawful, fair and transparent

The first GDPR principle consists of 3 components:

1. Lawful – this refers to the gathering of people’s data. There must be a lawful reason for you to process personal data. There are 6 legal reasons deemed as lawful, these are:

  1. Consent
  2. Contract
  3. Legal Obligation
  4. Vital Interests
  5. Public task
  6. Legitimate interest

More information on these can be found here.

2. Fair –  this refers to the scope of personal data processing. This should be limited to what is expected by the person whose personal data is being processed.

3. Transparent – when dealing with an individual’s personal data, GDPR guidelines require you to communicate clearly and simply about how that person’s personal data is intended to be used.

For NeltaDet, using a voluntary form and tick box for website visitors to sign up to would be classed as lawful consent. Transparency is achieved by informing the visitor about the compliance newsletter and how their data will be handled by pointing towards NeltaDets privacy policy. When processing the data, NeltaDet would have to be careful to ensure they only used the data fairly, for example it would be a breach of GDPR to use this data to send Health and Safety training emails to.

Image

Purpose Limitation

Purpose limitation ensures that businesses only process data for it’s original purpose. Personal data should not be used for purposes that it wasn’t originally intended for – if it is used for another purpose then the individual, and business, responsible could be fined or have criminal charges pursued.

NeltaDet’s newsletter signup process automatically stores the IP address of the individual on sign up. At the time, this was so NeltaDet could keep a record of how and when NeltaDet gained consent to send the newsletter to this individual. However, someone in the marketing team now wants to repurpose this personal data and use it to send out geographically targeted email campaigns based on their IP addresses. This breaches GDPR and could result in a fine and or criminal charges against individuals and the business. Information should only be used for the purposes originally stated when collecting the data.

Data Minimisation

When collecting customer information, it can be tempting to collect as much data as possible to maximise the information you have on your customer database. However, the GDPR principle of data minimisation requires businesses to only collect the information they need. Long gone are the days of long sign up forms and endless questions. GDPR ensures that the collection of personal data collection is minimised to what is needed, not what is wanted.

For NeltaDet’s compliance newsletter sign up form they should only be asking for two pieces of information – the individual’s name and email address. This is the only information required to send their newsletter and no other information should be requested.

Image

Accuracy

Any businesses data should – at the very minimum – be accurate regardless of GDPR. However, under GDPR guidelines, personal data should be maintained and kept up to date. The data controller and/or data processor should take reasonable measures to ensure personal data remains up to date.

The ICO states that where a business uses it’s own sources to compile personal data, then it should ensure that the information is accurate. Despite this, sometimes, you may not be able to check the accuracy of the information that comes from a third party. In this case, you should:

  • accurately record the information provided;
  • accurately record the source of the information;
  • take reasonable steps in the circumstances to ensure the accuracy of the information;
  • and carefully consider any challenges to the accuracy of the information.

Regarding NeltaDet’s situation, they should ensure that their data controller/processor regularly cleans their data and ensures it is accurate. It would also be good practice to give all subscribers a preferences portal where they can manually edit their own personal data and unsubscribe if they want to, helping to ease the workload for NeltaDet and improve the quality of their data.

Storage limitations

Under GDPR, businesses should not store data for longer than they need it. They should also be able to justify why any data is stored. It is good practice to develop a data retention policy that stipulates how long personal data will stay on file – this helps to satisfy GDPR documentation requirements.

Much like the principle of data accuracy, businesses should review the personal data they hold regularly. Any data that is no longer needed should be erased regularly to meet storage limitation guidelines, and business data is kept clean.

Individuals also have the ‘right to erasure’ which allows them to request their data gets deleted. However, there are scenarios where businesses can still store personal data even if an individual has submitted an erasure request. To better understand the right to erasure, check out our Right to Erasure online training course.

For NeltaDet’s compliance newsletter, storage limitations are straightforward. The individual provided consent to use their data to receive newsletters, and NeltaDet has implemented a preferences management portal to help subscribers make their data more accurate. When an individual unsubscribes from the compliance mailing list, their data must be deleted from the system, if they are not subscribed to anything else and are not a customer. This is because their only purpose to hold their data was to provide them with the compliance newsletter. Once they unsubscribe, they no longer have a reason to store this data.

However, if the individual unsubscribing from the compliance newsletter is an existing customer with active subscriptions to their other newsletters, then NeltaDet can continue holding their data on the system, without sending the compliance newsletter to them.

Integrity and confidentiality

GDPR’s integrity and confidentiality principle derives from two sides of the CIA triad. This principle ensures any business dealing with personal data has appropriate security measures in place to protect it from both internal and external threats.

Integrity – refers to protecting personal data from manipulation, ensuring information stays correct.

Confidentiality - refers to protecting personal data from unauthorised access. Ensuring cyber criminals and other unauthorised people cannot access a business’ stored data, keeping it confidential.

NeltaDet needs to ensure it has proper systems in place to ensure its data is secure. Deploying a password-protected system like a CRM is a great place to start, but this is just a basic level to protect the personal data a company holds. Discover our range of data protection courses here.

Accountability

This is the final principle of GDPR, and it is concerned with taking accountability for GDPR compliance in a business. Accountability should involve more than just tick-box exercises. It requires organisations to take responsibility for their actions, and how they comply with the other GDPR principles. Organisations must demonstrate that they have appropriate measures and records in place to highlight their accountability.

Looking at NeltaDet’s compliance newsletter, NeltaDet must highlight the lawfulness principle/consent given by the individual, as well as documenting how they initially proposed to handle this data. Then ensuring they complied with the rest of the GDPR principles, documenting their compliance procedures and any potential risks or breaches of GDPR.

How to ensure GDPR compliance in 2022

Training. High quality, comprehensive training for all staff is the only way to ensure GDPR compliance in 2022. GDPR is a vast landscape that affects every person and every department within an organisation. High quality, thorough and regular training is essential to ensure GDPR compliance. Non-compliance can be significantly financially and reputationally damaging. Employees can also face potential personal liability in a court of law. Every individual in a business should understand their role to play in assuring GDPR compliance.

eLearning has evolved, and 2022 is looking to be the real post-Covid test businesses will face. Production is due to rise and employees are reluctant to return to the workplace full-time, bringing a new set of challenges. Traditional in-house training and compliance procedures no longer work, and a switch to digital training has already begun. Organisations must ensure they switch to online GDPR training or face potential compliance issues in the future. An organisation’s GDPR compliance is only as good as its weakest link.

We provide a comprehensive collection of online data protection courses which your business can use on our Astute eLearning platform (optional). Our courses are CPD accredited and have been developed alongside GDPR and Data Protection experts to ensure their content is accurate and engaging. By utilising our Astute platform you easily identify and close any skills or knowledge gaps, learn on the go with a tablet or smartphone with our cloud based support, easily report on GDPR training to assist GDPR compliance and much more.

For NeltaDet, using a voluntary form and tick box for website visitors to sign up to would be classed as lawful consent. Transparency is achieved by informing the visitor about the compliance newsletter and how their data will be handled by pointing towards NeltaDets privacy policy. When processing the data, NeltaDet would have to be careful to ensure they only used the data fairly, for example it would be a breach of GDPR to use this data to send Health and Safety training emails to.

DeltaNet International Bolsters eLearning Capability with Cylix Integration

DeltaNet International, a global eLearning provider of compliance, health and safety and performance training solutions, has today announced the growth of its business through the integration of Cylix Limited, which was recently acquired by parent company Marlowe plc. Following this expansion, DeltaNet International will also be aligned into Marlowe plc’s new WorkNest brand.

Cylix Limited, an eLearning software platform based in Bath, was acquired earlier this year with a total enterprise value of £1m. It provides accredited equality, diversity, wellbeing and health and safety eLearning courses to organisations within the UK.

From today, Cylix customers will have an opportunity to access an expanded library of 200+ compliance, health and safety and performance courses, in addition to fresh content in different formats to help them re-invigorate training, keeping learners engaged. Cylix brings strong expertise working with various sectors, such as education and public sector organisations, including the University of Oxford, University of Edinburgh and LSE.

WorkNest is a collective of employment law, HR and health and safety support services, comprising specialist companies within Marlowe plc. The integration strengthens DeltaNet’s offering, as the leader of Marlowe plc’s eLearning platform, within the WorkNest brand. DeltaNet will continue to retain its autonomous position within this group, and the investment of the collective will further drive the organisation’s growth in specialist eLearning.

Darren Hockley, Managing Director at DeltaNet International, said, “We are very excited to welcome Cylix into the DeltaNet family. Both organisations share a strong commitment to delivering quality eLearning courses and providing first-class customer service. The array of talent and the 150+ years of industry expertise joining the DeltaNet team will enhance our skills to continue furthering our growth and providing courses which matter to our customers.”

Steven Price, Managing Director and Owner at Cylix Limited, commented, “Our customers can continue their exciting journey with us through DeltaNet’s state-of-the-art eLearning Platform, Astute LXP, and a wider collection of courseware, whilst retaining access to our current high-quality content. Since our acquisition by Marlowe earlier this year, it is clear that we share the same vision to strengthen the quality of courses and support to organisations looking for compliance, health and safety, diversity and wellbeing eLearning.”

DeltaNet International Launches Phishing Simulation Tool

DeltaNet International, a global eLearning provider of compliance training solutions, has today announced the availability of its Phishing Simulator, to help organisations strengthen their cybersecurity awareness training against phishing attacks.

This solution enables organisations to assess the effectiveness of their cybersecurity education, diagnosing vulnerabilities and identifying urgent skills gaps through realistic phishing simulations.

How likely is your organisation to become the next phishing victim?

The phishing simulation tool can be used simply to test the susceptibility of an organisation to falling victim to a phishing attack, but when combined with follow-up training to close knowledge and risk gaps, users can experience true added value.

The simulator allows users to choose from thousands of phishing email templates, or create new templates specifically for their campaign and fully customise the software based on their brand and requirements. Available direct or through resellers, users can simulate targeted spear-phishing attacks, such as clicking on malicious URLs, and requests for personal information and passwords.

Automatically deploy training to users who ‘fail’ the test

The tool is delivered through the intelligent learning experience platform, Astute, which also makes it easy for businesses to deploy refresher eLearning to employees who ‘fail’ the phishing simulation through its cloud-based platform.

“Regardless of size, every organisation is under threat of phishing attacks and with the headlines constantly announcing the latest breach, it’s high time cybersecurity awareness training became a priority for all employees. All it takes is one click on a malicious link, and it could open your organisation to a cyberattack,” said Darren Hockley, Managing Director at DeltaNet International.

Organisational Resilience

“By simulating an attack, you can test the resilience of the employees within your organisation and then quickly deploy focused training to those employees that need it. This builds organisational resilience to cybersecurity risks and can continually be assessed and measured through multiple campaigns.”

Industry leading online learning content

Benefiting from high-quality eLearning and 20+ Information Security awareness training courses, users of DeltaNet International’s Phishing Simulator can automatically enrol participants who failed the phishing test onto any courses via Astute, or access other company policy documents and eLearning.

Business leaders can measure the effectiveness of the testing by tracking in real-time how employees have reacted to the fake phishing email, allowing security, compliance and HR teams to understand where to provide additional support to mitigate risk and reduce susceptibility to phishing attacks.

Impersonation phishing attacks

“With impersonation phishing attacks becoming increasingly common, we will additionally be working closely with our users to create highly personalised templates designed to test the vulnerability of their employees.

By impersonating considerable levels of familiarity, these emails will test even the most highly aware and vigilant employees, so organisations understand where to prioritise training,” added Jason Stirland, CTO at DeltaNet International.

Image

Astute Transformation: Stage 2 Now Live

We’re committed to giving our clients the best possible eLearning experience – one that meets their needs and exceeds their expectations.

Last year, we gave our eLearning platform Astute a major upgrade. Now, following some excellent client feedback, we’re launching the second stage in Astute’s transformation.

So, what’s new?

Our All-New Reporting Tool

One of the biggest changes is to Astute’s reporting tool. Working alongside our customers and taking their views into account at every stage, we’ve revamped this section of Astute, giving you access to more data – better presented and more detailed.

The new reporting tool is:

  • Faster: We’ve increased speed so that accessing your reports is quicker than ever
  • More detailed: Drill into the detail of learners’ answers in addition to the standard pass/fail data
  • Graphically enhanced: We’ve revolutionised the way your data is presented; it is now complete with easy to read charts and graphs

Having this extra information easily available helps administrators provide learners with the training that suits them best, identifying strengths and areas for growth like never before.

The reporting tool is currently in beta. Get in touch with any feedback, comments or queries. If you have reporting access, you can access the beta version like so:

  1. Login to Astute. Use your Astute login details to access your dashboard.
  2. Select Learning Analytics V2 (Beta). Open the menu in the top right-hand corner and select this option.

Progress: Based on Time Left to Complete your eLearning

Users progress through their learning plan and individual courses will now be measured by time left to completion.

For example, if a course includes one hour-long module and three short modules, the time it takes the average learner to complete each course will be the guiding factor rather than the number of modules. Astute analyses the time needed to complete each activity in each module and displays how much of your training you have completed in an accurate, easy to understand way.

This means Astute will display “Overall Progress” on the home screen and “Course Progress” on the course modules page, giving a better idea of how much training is complete and how much is left.

New-Look Management Pages

The following management pages have a new design:

  1. Management Home
  2. Organisation Management
  3. Content Management
  4. Dashboard
  5. Courses
  6. Enrolments
  7. Learners
  8. Reporting

The functionality on these pages is the same. The main difference is that they now match the look of the user pages, giving your journey through Astute a seamless feel.

New Sections

There’s a new section within content management called “Videos”. Here, clients can view animated video snippets that relate to some of our courses and deliver a core message about the topic. The videos are part of the free communication resources we offer, alongside posters. They can upload their own versions too.

There is a new setting within “Organisation” to “Show Pre-Course Message”. This is available to all clients and once activated, it will show a message each time a course is launched. The course will not launch without the learner agreeing to the statement. This is an effort to prevent learners closing the master window when launching a course and losing their progress.

If you have any questions about any of these changes, please contact your Account Manager or email us at: [email protected].

Find out more about Astute here.

Introducing Astute’s New Appraisal Management System

We’re constantly working to provide our Astute users with the best possible experience of our eLearning platform. That’s why we’ve introduced the next step-up for Astute: the introduction of the Appraisal Management System.

Our Appraisal Management System is a great way of storing and reviewing employee/manager interaction. Managers can see all 1-to-1 and appraisal information in one place, providing an easy-to-understand way to visualise the skills development of their staff. They can configure templates for 1-to-1s, tailoring them and reusing them as appropriate. Employees can track their own development and see the results of previous 1-to-1s.

Once appraisal time comes round, managers and employees can rest assured they have all the relevant information from previous reviews and catch-ups at their fingertips, saving everyone time going over old ground.

It is a useful tool for companies interested in upskilling and internally promoting their staff – a strategy that benefits employees and organisations alike, saving time and money on external recruitment. Employees with high-demand skills are more likely to stay with their current company if their employer is investing in their training.

The Appraisal Management System is available through the “Personal Development” button when you log into Astute.

For further information please contact us:

[email protected] or call 01509 611019

Introducing MyAstute: Our eLearning App

The MyAstute app is now available, bringing your eLearning to your mobile device – anytime, anywhere that suits you.

Complete with the benefits that have made Astute such a successful Learning Experience Platform, the app is designed with maximum flexibility in mind and offers learners an exceptional user experience.

Doing your training on the move? The app allows learners to take their Compliance and Health and Safety eLearning courses offline. Once they are connected to the internet again, the data seamlessly syncs and updates learners’ progress. This saves users from using valuable data allowances when there’s no wi-fi.

MyAstute has been designed with learning on mobiles and tablets in mind. It is responsive, giving learners a smooth and hassle-free experience while they’re navigating through their courses.

Download MyAstute now from the App Store and Google Play Store.

For further information please contact [email protected] or call 01509 611019.