We often get asked about the security of content uploaded to Test Track. Often, custom built content will be commercially sensitive, proprietary or even classified, and the security of that content is a legitimate concern. We've taken all the "normal" security precautions for a web application, and by and large, our users' data is secure. However, we always err on the side of caution and advise people that the content on the SCORM Test Track is not completely secure. On any system, it is always conceivable that a malicious user could access the content you upload.

The question simply becomes, is it secure enough for your needs? Only you can answer that question. We have taken reasonable precautions to secure the TestTrack servers and applications while still maintaining accessibility and ease of use. For the vast majority of cases, Test Track is secure enough and your data is confidential. However, if you are tightly bound (either contractually or legally) to not share the content with any outside party, you would be wise to avoid uploading content to the Test Track server (or any other publicly available free service for that matter). If something is truly proprietary or sensitive, it shouldn't be uploaded anywhere on the web.

We have no interest in looking at your content, but theoretically we could. The SCORM Cloud (which drives Test Track) is hosted on Amazon's cloud computing infrastructure. The engineers at Amazon have even less interest in looking at your content, but I'm sure they could as well. Nuclear launch codes should most definitely not be uploaded to Test Track. Can you upload confidential training about your company's proprietary process for making a widget? That's for you to decide.

This brings us to a second issue of substance. Occasionally, certain users (often the same users mentioned above) send us questions about a section of Test Track's Terms and Conditions of Use. Specifically, they are concerned about section 2:

2. User Submissions. The Site may permit the submission, hosting and publishing of certain User provided content (User Submissions). User is solely responsible for User's own User Submissions and any resultant consequences of posting User Submissions to the Site. By posting User Submissions to the Site, User hereby grants RUSTICI a worldwide, non-exclusive, royalty free transferable license: (i) to use, review and distribute the User Submissions, including any intellectual property contained therein, unless User provides RUSTICI written notice that it is revoking such license or removes the User Submission from the Site; and (ii) to use any technical aspects of the User Submissions. USER SHALL RETAIN ALL OF USER'S OWNERSHIP INTEREST IN THE USER SUBMISSIONS.

You gotta love lawyers, don't you? I generally hate their language and covertness, but this is one place where we have to trust them (and, yes, we do love you Amy, Jason et al). We know that content often has proprietary knowledge in it and we know that people have technology that they want to protect. But since we're offering a free service, we just can't accept liability for the confidentiality of that content.

I know that the legal phraseology is rather grim. We always try to do what is fair and right, so I thought I would look around and see what other free services have to say. The first two I looked at seem to have very similar clauses:

Gmail:

You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

Yahoo:

You acknowledge, consent and agree that Yahoo! may access, preserve and disclose your account information and Content.

So what should you do if you are on the fence? As I see it, you have three options:

1) Don't use Test Track. We'd hate to see you go, but if you absolutely can not disclose your content, you shouldn't upload it to a server out of your control.

2) Delete your content as soon as possible. We do not maintain copies of deleted content, so if you minimize the amount of time your content is in Test Track, the chances that it will be used, reviewed or distributed are substantially reduced.

3) Purchase a local version. We license locally installed versions of SCORM Test Track all the time. This option is particularly appealing to our military clients who deal with classified material. Keeping your software on your local network is the only way to completely secure it.