Can play multiple content formats, e.g., video, SCORM, and other widely available formats.

Can load, play, and track SCORM content.

Provides open APIs to other systems and single sign-on (SSO).

Can operate on mobile/tablet (iOS/Android), laptop, and desktop.

Provides internal configuration/branding.

Can grow with the organization (e.g. user count).

Provides segregated catalog access for different business units (e.g. medical content separate from commercial content) for users and admins.

Provides flexible, configurable reporting by business unit/region/district/individual.

Provides a configurable dashboard.

Provides assignability based on curricula, user group, and individual.

Provides auto notification for assignments to user and manager (coming due, overdue).

Can assign item due dates by number of days and by date.

Can automatically reassign content based on a preset amount of time (e.g. yearly re-training).

Provides an easy to use search function.

Provides meeting management and agenda functionality.

Data storage limitations are configurable via service agreement.

Upload file size limits are configurable via service agreement.

Provides learning assessments; multiple assessment types, configurable scoring (pass/fail rate, etc.).

Provides scheduling – prerequisites, certificates, CE units, etc.

Upgrades and system enhancements are available at no additional cost.

Provides version control of training content in a manner that the version of the training element is traceable to the date of the training.

Provides the ability for users to select a training activity from a menu of approved training activities.

Maintains compliance requirements but also gets high user ratings.

Can launch and run Zoom or Teams meetings from platform.

Can conduct certifications within the system.

Can create certificates.

Allows access to be limited to authorized individuals.

Allows authorized users to configure security roles.

Allows designated users to control user access to the system.

System access is regulated by user ID, password, and organization.

Does not permit the creation of duplicate user names.

Enforces a strong password policy.

Provides system lock outs after a set number of failed login attempts.

The system does not store passwords and hides passwords when entered.

Non-administrator users are denied the ability to access administration functions including security policies and settings.

Non-administrator users are denied the ability to delete raw or critical data.

Allows both internal and external users to access the training with equally secure methods of authentication and authorization.

Provides a password reset feature which requires users to prove their identity and/or requires interaction with a password administrator to reset.

Provides the ability to freeze and unfreeze user accounts.

Requires the approval of an administrator to delete any account data.

Allows access through a web interface.

Supports electronic notifications to users and supervisors/managers via email for new assignments, assignment reminders, and overdue assignments.

Supports single-sign-on (SSO) with providers like OKTA.

Provides API/bulk load capabilities for migrating historical training history information including training items, training item versions, and training completions.

Designated users can create new security roles as applicable.

Designated users must be able to assign a security role with: the ability to view audit logs, the ability to reset passwords with a secure password reset method, the ability to freeze and unfreeze user accounts (except for administrator accounts).

Designated users can create new user groups as applicable to business use.

Designated users can assign users to user groups.

Designated users must be able to assign a reporting security role with: the ability to view users and training items, run system reports for users, assignment and completions, view reports on reports and dashboard tabs, but cannot manage users or content.

Designated users must be able to assign a manager security role with: the ability to access only their direct employees, access the team dashboard, view user profile information for the users that directly report to them.

Designated users must be able to assign a training administrator security role with: access to create training items, curriculums, and manage assignment of training to users.

Designated users must be able to assign a system administrator security role with: the ability to manage users, groups, security roles, the ability to access user reports, the ability to change or reset passwords.

Designated users must be able to manage new training categories.

Designated users must be able to create user groups that can be associated to learners via criteria-based membership or manual membership.

Designated users must be able to establish assignments so that refresher training is automatically deployed based on rules set on the training item and/or curriculum.

Designated users must have the ability to access metadata of previous version training items.

Allows curricula owners to review/approve the curricula.

Allows content owners to review/approve the training content.

Allows automatic training assignments in sequential manner.

Platform performs content backups at least weekly.

Platform performs end user record backups at least daily.

Platform performs backup tests at least annually.

Platform audit trails record actions, changes, and deletions to data including performed by, date, time, previous entry or value and reason for change.

Platform audit trails record actions performed related to uniquely identified administration and user functions.

Platform audit trails are computer generated and un-modifiable.

Platform audit trails are permanently linked to the associated electronic record.

Platform audit trail captures history of access to the system.

Provides the ability to print audit trails in human-readable format.

Provides at least two distinct identification components (such as identification code and password) for electronic signatures.

Provides electronically signed records that contain information associated with the signing that includes: the printed name of the signer, the date and time when the signature was executed, the meaning of the signing (e.g., approval).

Platform permanently associates electronic signatures to their respective electronic records.

Platform enforces electronic signatures that are unique to one individual.

Platform generates accurate and complete copies of electronic records in both human-readable and electronic form.

Electronic records are secured and only accessible to authorized persons.

Enforces permitted sequencing of steps and activities as required by the business process.

Attributes and metadata integrity are preserved for the duration of the record.

Performs authorization checks to limit use of functions to authorized individuals.

Time stamps on electronic records accurately reflect date and time in UTC format.

Ensures that changes to electronic records do not obscure or overwrite previously recorded data.

Platform leverages the currently accepted protocols for encryption, currently TLS 1.2 and above.

Platform has been security tested by a third party.

Platform was designed to mitigate against the OWASP top 10 and other common web attacks.

Platform runs behind a web application firewall (WAF) to mitigate against web attacks.