JISC business to consumer secure file transfer system

From the very first conversations we had with them, Deltascheme clearly demonstrated that their overall knowledge and ingenuity within a broad range of technology, would be a good fit for Jisc and for the requirements that we had. They offer a great service and an excellent dedicated team. It has been an absolute pleasure working with them and I would have no problem recommending them to others. Thank you Deltascheme.

John Goodland, Project Manager, Jisc

Overview

JISC’s role is to support institutions of higher education and research, including post-16 education. It provides network and IT services, digital resources, relevant advice, and procurement consulting, while researching and developing new information technologies and modes of working.

JISC needed to redevelop an existing commercial B2C application that they relied upon to fulfil hundreds of customers' requests each year. The application needed to handle and manipulate large data files containing sensitive data, and then securely share the data files in a scalable, automated, and well-governed manner.

In response Deltascheme designed and implemented a solution that leveraged Jisc's existing infrastructure (Office 365, Azure Active Directory, Azure), this accelerated the implementation of a modern, cloud-based, extendable solution that delivered against all the requirements, with a key focus on data security and auditing to ensure GDPR compliance.

Key Benefits

1. Reduction in hours of manual processing to prepare and share the data.

2. Ensures GDPR compliant data sharing.

3. Searchable audit trail of staff and customer activity e.g. (a customer has downloaded this dataset, or a staff member has accessed that dataset).

4. Storing, manipulating, and automatically preparing large data files (up to 15GB)

5. A solution that would ultimately provide a far more enhanced and more streamlined management of existing work flows.

The Challenge

As a data processor Jisc process every U.K. University’s student and staff data which they provide to their customers, tailoring the large data files to meet each customer’s requirements. Before sharing this tailored dataset with the customer Jisc will sometimes provide a preview of the dataset with each University whose data has contributed to the underlying dataset to notify them that their data will be published into the public domain.

JISC comply with strict data protection measures to secure and audit data access throughout each stage of the process, including when the dataset is eventually shared with the customer.

JISC fulfil several hundred customer requests every year and they needed a solution to help them automate the tasks of preparing and sharing the data while ensuring their strict data protection measures are enforced at every step.

The Approach

After discussion with the project sponsors Deltascheme proposed to split the project into two phases: design and implementation. Any further requirements that were discovered after the design would be catered for during an optional, third phase to retrofit the solution accordingly.

The design phase was conducted with multiple, short, focused workshops with stakeholders and end-users. The principal design considerations were data protection, leveraging existing infrastructure (Office 365 and Azure Active Directory), and future-proofing the solution to enable Jisc to support and enhance the solution themselves.

The design phase produced several documents which demonstrated how Jisc's requirements would be delivered:

Firstly, user profiles were described and staff members from across the business were nominated to represent each user profile to make sure the solution was holistically designed.

Next, workshops were conducted with each group of staff members who had been nominated to represent a user role, this workshop empowered the staff to write their own job stories (a more design-centric version of user stories) and helped them articulate what jobs they needed the solution to help them with. During these workshops, a glossary was agreed, for example the meaning of the term 'tailored dataset' was described, this helped everyone communicate in a common language which eased verbal communication. From this glossary it was possible to derive the beginnings of an entity relationship diagram, which then evolved further and eventually became the database schema.

The job stories from the workshops then influenced the design of a prototype using an online wireframing tool, this prototype translated the written job stories into a visual design which helped staff more accurately communicate their requirements and iteratively enhanced the solution's design.

Finally, a solution architecture diagram was drawn showing how Jisc's existing infrastructure would be configured and what additional Azure resources would be developed to technically deliver against the requirements. Accompanying this was a cost estimate of the cloud resources, and a data flow diagram which showed how data would be secured and transferred at each step of the process, this enabled the Data Protection Officer to consent to the design.

It was a pleasure to collaborate with Jisc staff from across the business to produce a holistic solution design that worked well for everyone.

Mike Turnbull, Technical Consultant, Deltascheme

The Solution

Office 365 (now Microsoft 365) handles the data files, auditing and hosts the custom user interface (delivered using the SharePoint Framework). The user interface calls upon Azure resources (database and platform as a service (PaaS)), and Azure Active Directory enables guest users to securely access their data files using multi-factor authentication (MFA).

Results

The solution enabled JISC to prepare large datasets and securely share them with the confidence that best practice data protection measures were enforced at every step.

Making appropriate use of low code tools (Power Automate), common libraries frameworks (React Js, Pnp, and SPFx), and leveraging JISC's existing infrastructure (SharePoint Online and Azure Active Directory) accelerated the implementation, so the solution was delivered within just 2-3 months, additionally this minimised the bespoke element of the code base and positioned the solution to eventually be supported, and continuously improved in-house.

JISC staff were already familiar with the Office 365 user experience (UX), so by using the same Fluent Design System (that Microsoft uses in Office 365) the solution was able to offer the same fresh, modern UX, helping users quickly adopt the solution.