4501-21-14. Technology-based method(s)  

[Comment: For dates and availability of material incorporated by reference in this rule, see paragraph (A) in rule 4501-21-17 of the Administrative Code.]

An adult remedial driving course enterprise may use technology-based method(s) for delivery of part of the curriculum. This shall be done in conjunction with classroom-based instruction. Sections 4510.037 and 4510.038 of the Revised Code require at least fifty per cent of the adult remedial curriculum to be delivered to a student through classroom instruction. The student shall successfully complete all technology-based method(s) portions of the training prior to starting the classroom portion of the training. Each student shall finish the complete eight hours of training within thirty days of the initial starting date and time. After thirty days, the student shall be required to begin the course again.

Any enterprise that wants to use a technology-based instruction method beyond that provided for in paragraph (B)( 2)(h) of rule 4501-21-13 of the Administrative Code shall, as part of the course approval application process, submit a proposal to the department that meets all of the requirements in rule 4501-21-06 and this rule as well as the approval criteria provided by the department and available on the driver training web page at http://www.drivertraining.ohio.gov/schools.htm.

The department shall review the proposal for technology-based instruction, and approve or deny approval of the proposed method. Under no circumstances shall the department approve technology-based instruction to accomplish juvenile remedial driving instruction as provided in sections 4510.31 and 4510.311 of the Revised Code. The enterprise shall provide any additional information required by the department as part of the approval process.

The enterprise proposal shall contain the following:

(A) An adult remedial driving course enterprise shall develop security policies and procedures. The elements of the security policies and procedures shall include:

(1) Risk management plan;

(2) User authentication and authorization procedures and technologies;

(3) Access control procedures and technologies;

(4) Auditing capability;

(5) Systems availability;

(6) Course and systems integrity;

(7) Confidentiality and privacy;

(8) Business continuity and disaster recovery;

(9) Systems monitoring and incident response; and

(10) Change control.

(B) An enterprise shall incorporate a personal validation process that verifies student identity and participation. An enterprise shall develop and maintain a means to reasonably authenticate users on a periodic basis. Authentication shall occur randomly twice during the course and upon entering, and exiting the adult remedial driving course. This may be accomplished by a combination of the following:

(1) Username and password authentication;

(2) Third-party database authentication including the department-provided student validated questions;

(3) Certification authentication through the use of digital certificates;

(4) Biometric authentication; or

(5) Other means that are as secure as the methods described in paragraphs (B)(1) to (B)(4) of this rule that are based on emerging technologies and allow for reasonable assurance that the students are authenticated.

(C) An enterprise shall incorporate a course validation process that verifies student participation and comprehension of course material, including the following:

(1) Built-in timers to ensure that the statutorily required amount of hours have been attended and completed by the student; and

(2) Testing of student participation throughout the course to ensure that the student receives the minimum course content and time management requirements for instruction, as follows:

(a) At least ten course validation questions per hour shall be asked throughout the course. Course validation questions shall be asked in every major unit or section throughout the course;

(b) At least fifty per cent of the course validation questions asked shall be educational content questions drawn from statistics, facts, and techniques presented as part of the course material and at least five of the validation questions shall be devoted to the area of alcohol, drugs and the operation of motor vehicles;

(c) At least one course validation question shall be asked during or following each section of the course to show that the student participated in and comprehended the course section and at least five of the validation questions shall be devoted to the area of alcohol, drugs and the operation of motor vehicles;

(d) The test bank for course validation questions shall be at least eighty questions, of which at least fifty per cent shall be educational questions drawn from the course material;

(e) All course validation questions shall be generated in random order within each major unit or section and the same questions shall not be asked more than twice. Questions that appear twice shall be as a result of random generation and not by design; and

(f) Course validation questions shall be multiple choice and designed to ensure the student participated in the actual course instruction.

(D) An enterprise shall maintain a complete student course data file to demonstrate student activity and shall ensure that at least the following information is collected and retained for creating the student footprint:

(1) Student's name and driver license number;

(2) Dates and times of student activity (log-on and log-off times) or rental activity;

(3) Dates, times, and results of personal-validation and course-content questions. If a "key" or "code" is used to identify the question and answer, rather than recording the entire question and answer, then the "key" or "code" must be furnished;

(4) Verification of the amount of time the student spent in each unit;

(5) Verification of the amount of total time the student spent in the course;

(6) An identifier of the reason a person was suspended or failed the course;

(7) Dates, times, and responses for each question on the final examination;

(8) Name or identity number of an adult remedial driving course enterprise staff member entering comments, retesting, or revalidating student, if applicable.

(E) The technology-based method(s) portion of the course shall not include the final exam. The classroom portion of the course shall include administration and scoring of the final exam, including the one retake examination that is permitted under paragraph (C)( 8) of rule 4501-21-13 of the Administrative Code.

(F) An enterprise shall provide for systems security as follows:

(1) An adult remedial driving course enterprise shall develop and maintain a technology infrastructure that facilitates sound security and positively contributes to the student learning experience;

(2) An enterprise shall develop and maintain an appropriate solution to ensure the integrity of information, especially financial and personal information, in transit and at rest;

(3) An enterprise shall develop and maintain a systems back-up and disaster recovery capability;

(4) An enterprise shall assure that course data are readily, securely, and reliably available by electronic or printed means to the department and the department authorized recipients on a demand basis;

(5) An enterprise shall develop and maintain a means to facilitate state audit, compliance, and verification requirements; and

(6) An enterprise shall develop and maintain a means to facilitate state-conducted audit requirements. The department retains the right to request and review work papers and other supporting documentation related to the audit reports and the reviews undertaken. If the technical support, application server host, or data storage facilities are located outside the state of Ohio, the enterprise shall submit upon request of the department, a report encompassing the rules of this chapter to meet the audit requirements in lieu of a state-conducted audit of technical support, application server host, or data storage facilities. An enterprise shall provide the department with an audit amendment describing any significant system changes within thirty days of enabling those changes. An enterprise shall make student records available to the department online, in a password-protected environment upon request.

(G) Audits

(1) A remedial driving course enterprise may be audited upon request of the department, and the results shall become a part of the course provider file maintained by the department.

(2) An enterprise shall address all exceptions noted during the audit and provide such documentation to the department within thirty days of notice of said exceptions.

(3) An enterprise upon termination of the course approval, shall deliver any missing student data to the department within seven calendar days of termination.

(H) Student pre-registration process

(1) An enterprise using technology-based method(s) as a part of the course of instruction shall establish a student pre-registration process that requires each student to register with the affiliated classroom provider as identified in paragraph (D)( 11) of rule 4501-21-05 of the Administrative Code.

(2) During the student pre-registration process, the classroom provider shall verify the identification of each student using the list of approved primary and secondary documents as published in the "Digest of Motor Vehicle Laws."

(3) Students may not begin the technology-based method(s) portion of the course until their identity has been verified during the classroom provider's student pre-registration process. Following verification of each student's identity, the classroom provider will issue the student a unique user ID and password that will provide the student with access to the on-line portion of the course.