What are compliance boundaries?

Blackboard Learn integrates with other tools and services to extend the learning management system's capability and serve as the center of your virtual learning ecosystem. Some of these integrations are built by Blackboard, partner developers, or other third party vendors.

Blackboard is committed to protecting user data and privacy. During your migration process or based on your hosting region, Blackboard establishes a compliance boundary for your Blackboard Learn instance. When you enable a tool or service that exchanges user data, Blackboard Learn will inform you if this tool or service could send data outside of your site’s boundary. Refer to the sections below to learn more about the different compliance boundaries Blackboard can establish for your site.

Types of compliance boundaries

A compliance boundary describes the nature of a Blackboard Learn outbound connection. A compliance boundary doesn't indicate the nature of inbound access. For example, a building block with a REST API that accepts calls from external systems or sites won't be categorized that way.

Not all features, tools, and integrations will warn you of potential compliance boundaries.

System configuration compliance boundaries

Blackboard Learn tools can be categorized into three compliance boundaries:

  • Global: This compliance boundary assumes that the site is expected to send data to third party servers and services outside of Blackboard’s control. The system won't warn you if a feature is sending data outside of Blackboard’s control because it is expected that an administrator knows that features will send data to external servers and services.
  • Blackboard: This compliance boundary assumes that an administrator needs to approve features the send data to a service outside of Blackboard's control. For example, enabling Box would generate a warning because Blackboard doesn't control this service.
  • FedRAMP: This compliance boundary assumes an administer needs to be warned if a feature may connect to a service outside of the Blackboard’s defined FedRAMP boundary. Currently not all Blackboard developed products and services are included within Blackboard’s defined FedRAMP Boundary. For example, since SafeAssign is outside the Blackboard defined Learn FedRAMP boundary, enabling the SafeAssign Building Block would generate a warning.

Building block compliance boundaries

If you enable a building block outside your boundary, accepting the permissions request and continuing allows the building block to perform operations that may take data outside your declared system boundary. Building blocks can be classified into the existing system compliance boundaries:

  • Global: The building block may connect to sites in the world.
  • Blackboard: The building block has been reviewed and all outbound connections (if any) are only made to Blackboard managed services.
  • FedRAMP: The building block has been reviewed and all outbound connections (if any) are only made to FedRAMP certified services inside our defined FedRamp boundary.

What if I want to enable a feature that's not within the compliance boundary?

When you enable a feature that extends beyond your system boundary, be aware that this may allow the feature to perform operations that may take data outside your declared system boundary. Consult with your institution's Information System Security Officer (ISSO) or Authorizing Official (AO) to understand the impacts before you enable this type of feature.