Brightspace Third-Party Integration Process

Process for Third-Party Integrations within Brightspace

 

What are Third-Party Integrations?

Third-Party Integrations may include LTI and API tools.

LTI stands for Learning Tools Interoperability and API stands for Application Programming Interface. These are standard integration methods for many third-party tool providers.

 

How do I request a new Third-Party Integration in Brightspace?

The faculty or staff member requesting the integration within Brightspace will fill out this TeamDynamix Service Request with all pertinent information: https://sjfc.teamdynamix.com/TDClient/1811/Portal/Requests/ServiceDet?ID=52908

 

What is the review process?

Each Third-Party Integration requested will be reviewed in the areas of Security, Accessibility, FERPA, Technological Functionality, and Institutional Cost. Third-Party Integrations that provide the same or similar features within Brightspace or an SJF Supported Tool (e.g., YuJa, Respondus, Turnitin, etc.) will likely not be approved.

Once the request has been submitted, OIT and CITE will begin the review process.

OIT and CITE reserve the right to decline the integration of tools that would compromise the security of University data and systems.

If a Third-Party Integration request is approved, it is the responsibility of requestee to work with OIT and CITE to test the integration. Most times, OIT and CITE do have the ability to access third-party accounts/tools and cannot ensure that the integration is set up correctly without the assistance of the requestee.

Approved Third-Party Integrations will be turned on only for specific requested courses or departments unless explicitly requested for campus-wide access.

The Third-Party Integration list will be audited annually and the requestee will be required to confirm continued use. This will aid in reduced risk of leaving unused tools integrated in Brightspace.

 

What is investigated during the review process?

1. FERPA/Privacy

1. What data fields are passed back to the tool?

2. Are grades and/or files passed back to Brightspace?

2. Security

1. Is the tool in compliance with the SJF Information Security policy?

2. Is the vendor reputable?

3. Do we know about any previous security concerns/breaches with the vendor?

4. Is there a secure login?

5. What data is being passed between Brightspace and the Third-Party Integration?

6. Who owns the data? Does the vendor claim ownership over data passed?

3. Accessibility

1. Is the tool Section 508 compliant?

2. Is the tool WCAG (Web Content Accessibility Guidelines) 2.1/2.2 compliant?

3. Has the vendor provided a VPAT?

4. Technical Considerations

1. Is there another tool that already exists in Brightspace with similar functionality?

2. Is the tool compatible with D2L/Brightspace?

3. Is the tool available in the latest Integration standard available?

4. Does the tool require resources be available from OIT to support it?

5. What features does the integration provide that are not currently available within Brightspace/SJF Supported tools?

5. Cost

1. How will the tool be funded? If the Third-Party Integration has a cost associated, is the cost the responsibility of the user or department making the request? Some tools have campus wide usage.

 

What happens if my Third-Party Integration is not approved?

You will be notified if your Third-Party Integration request is not approved, reasons will be provided. When applicable, alternate options will be offered.

If the functionality for a tool currently exists within Brightspace or an SJF Supported Tool, the DePeters Family Center is available to train users on the supported tool. Email the DePeter’s Family Center directly at cite@sjf.edu to set up a training session.

 

Why is this necessary?

As technology advances and educational technology needs change, installation of third-party integrations requesting access to Fisher data creates a potential security vulnerability to St. John Fisher University. This process is intended to minimize the risk to St. John Fisher University and ensure that institutional data is protected