- What is RIC One?
- Who are RIC One customers?
- What problems are we solving?
- What is the solution?
- What are we trying to accomplish?
- How does RIC One API work?
- How secure is RIC One API?
- Who controls the data?
- What is the source and destination for the data?
- What district data is being accessed?
- Where is the data being sent?
- What about vendors that already work with districts to provide data integration?
- How does RIC One, a New York State initiative, align with national standards?
- What is the source of a user’s identity?
- Where is the data being sent?
- What happens if a user account is disabled within a district’s directory?
- Can RIC One work with instructional applications supported by BOCES?
- Who is participating in this service?
- How quickly will RIC One mature?
What is RIC One?
RIC One is a family of services offered by New York State’s Regional Information Centers (RICs) to provide end-to-end, fully automated data integration for applications that students, teachers, administrators and staff use within school districts.
Who are RIC One customers?
RIC One customers are school districts in New York State.
What problems are we solving?
Technology is a critically important component of instructional programs and of general district operations. The number of applications districts utilize continues to grow exponentially which is a good thing as it puts more tools in the hands of teachers and staff. According to the Software and Information Industry Association, K-12 software revenue in 2015 was $8.38 billion, up by almost 14% over the previous year. Incredibly, this number does NOT account for free K-12 software which is growing at an even faster pace than paid software.
Applications need data from the district’s Student Information System in order to work. Providing this data comes at significant cost (e.g., loading data, maintaining user accounts). To compound this problem, labor costs are largely associated with redundant tasks. Money aside, this redundancy is wasteful of district staff time.
Equally important to reducing costs and making life easier is increasing district control of their data for the sake of Data Privacy. RIC One is fundamentally about district control over where their data goes and who in their district and outside their district gets to see it.
What is the solution?
RIC One eliminates the labor cost and often the financial cost while enabling the rapid deployment of applications. RIC One is a group of centralized services. This means that data access can be controlled, data can be integrated between systems can be enabled. All of this eliminates hurdles. It gets the right tools in the hands of teachers and staff when they’re needed while the district maintains control of district data. Data is exchanged locally at each RIC.
What are we trying to accomplish?
RICs are automating the transfer of and access to district data within the custody of local RICs, governed by their districts.
In April 2014, the New York State Legislature passed the Common Core Implementation Reform legislation, Education Law 2c. This law strengthened data protection practices and requirements. The law recognizes the trust districts place in their BOCES and Regional Information Centers (RICs). Over decades RICs and BOCES have supported districts’ State Reporting and student information systems. RIC One automation is distinguished by the control it provides districts at the local level to assure district concerns for data privacy and security are addressed while eliminating labor and simplifying use of software.
In addition to data automation governed by districts, the RICs on a statewide basis will advocate to the vendor community on their districts’ behalf. RICs, acting as “one” can “move the market” and convince software vendors to adopt RIC technology that is more efficient, more secure and more cost-effective for districts.
TECHNICAL QUESTIONS – API
How does RIC One API work?
Districts who want to use the RIC One API work directly with their local Regional Information Centers.
Application vendors complete the review process. Once approved, they develop a web service client to interface with the API and are assigned tokens for their districts. A token is accepted by the API if it originates from the right application, at the right time, for the right district and the right data fields.
How secure is RIC One API?
Data is collected from student information systems by the Data Provider Appliance using either Secure File Transfer Protocol (SFTP) or by SIF encryption. Data is encrypted at rest within the Data Provider Appliance as required by New York Education Law 2d. Data is presented in the API using HTTPS encryption and time-bound tokens.
Additionally, an independent third party security expert evaluates and tests RIC One systems.
Who controls the data?
Districts are in complete control of the data they provide to their vendors. The RIC One Data Provider Appliance, which is essentially a bundle of servers, is deployed to each RIC. It restricts vendor access and ensures vendors only have access to data elements authorized by the district.
What is the source and destination for the data?
The data originates from a district’s Student Information System (SIS) and is made available to vendor applications using a standards-based Application Programming Interface (API) and the Data Provider Appliance. Data is exchanged under district control, in the safe confines of the RICs’ network infrastructure.
What district data is being accessed?
The vendor sees the data they need and nothing more. The data set is similar to that which is required for State Reporting.
Where is the data being sent?
With the permission of the district, the encrypted data is being sent to the application vendor.
What about vendors that already work with districts to provide data integration?
Vendors may have established relationships with school districts, BOCES and RICs across the State. The RIC One service can work with any vendor.
How does RIC One, a New York State initiative, align with national standards?
RIC One API is built on standards to simplify alignment. The API employs web service architecture called REST to move data across the Internet. RIC One also adopted the USDOE Common Educational Data Standard (CEDS) data model. Additionally, RIC One supports application software and student information systems that have adopted SIF, Ed-Fi, and other education data standards.
What is the source of a user’s identity?
The data originates from a district’s network directory.
Where is the data being sent?
The identity data is being sent to the application vendor with the permission of the district and the RIC. The vendor receives the data they need and nothing more.
What happens if a user account is disabled within a district’s directory?
Disabling a user account in a district directory will effectively disable the user’s access to all applications connected via the federation. Users will immediately be prevented from accessing applications.
Can RIC One work with instructional applications supported by BOCES?
If you are a BOCES and have a vendor that you would like to see adopt RIC One, please have them contact Dr. Madalyn L. Romano (email@example.com).
Who is participating in this service?
School districts and vendors in New York State may elect to participate in either service by contacting their local Regional Information Center.