I'd like to discuss this to get a sense of how you guys interpret relationships between data. I'm particularly curious about the following relationships specifically (please forgive me if I'm misusing terms; I'm trying to keep the terms consistent with what I recall you mentioning), but the more schema the merrier here:
- Realms -> Clients
- Institutions -> Realms -- particularly in how I seem to recall this being at a yearly level, but I get the sense you have some clients with multiple "cycle runs" a year.
- Applicants -> Realms
- Applications -> Realms
- Applications -> Applicants
This is specifically regarding client's security requirements of data transmission and storage compliance.
- In what form does the data take when you transmit to a system for researchers to run their scoring and screening algorithms?
- Does this happen in the SRS or RPS admin functions you presented to us, or is there some other ancillary system beyond Excel and Access databases that are used for this?
- If it is Access DB's, are there any client concerns regarding external access to the centralized database that stores this applicant info.
- And are there any client concerns regarding decentralizing that data out to ancillary mdb/xls files?
Understanding the integration between this client and your systems would be beneficial.
- Do they perform the application collection and have you guys do your scoring/screening algorithms for awarding?
- Is it simply a CSV export that they give you guys?
- What do they export? When? How often? Etc.
I know you guys have a set of roles, but I'm curious to know how users are stored (LDAP? Database?) and are provisioned. When you mentioned the RPS admin site, I recall you mentioning it was based on a specific role that had to be requested from the IT department.
- Are these systems coupled in a way that's specific to ACT's IT systems?
- If so, have you had any security compliance guidelines you've had to meet by exposing some level of internal user credentials to the outside world?
- What level of access are clients used to having into the system and how is this reflected in the user store?
- Have there been any requests by clients to externally integrate with their authentication subsystems or to institute single sign-on with their systems?
I don't wanna delve too deeply on this one, but I'd like to just get a sense of how this data is being handled today.
- Do you use a third-party payment processor (PayPal, BrainTree, etc)?
- If so, what methodology is used here?
- If not, do you store/capture any of the CC info onto the server beyond ephemeral POST data?
- How does this integrate into your form creation? Do you have a specific field type for this defined in your xsd?
- Have any clients specifically requested to extend their support role to a more active role where they can change data?
- If so, how have those requests been traditionally handled?
- If not, what has the client response been to those restrictions?
- I know you guys have demonstrated a historical view representing changes to the status of the application, but how pervasive is this logging? What is the relationship between it and the "switch user" (to view the application as the student/submit as the student)?
- Do clients ever use this "switch user" operation? Are they aware of it?
- How are code changes and feature updates handled? In what way are these changes communicated to clients?
- Are they scheduled on a weekly, monthly, yearly basis or are they provisional?
- As part of a centralized system, have you ever had to have a client-specific deployment?
- In what way does the system scale outward (does it simply scale horizontally, or does it scale vertically or both?)?
- How is configuration management handled here?
- Is any of that info exposed to clients?
- Is the system hosted exclusively on ACT servers or is it farmed out to an external data center/cloud provider (AWS, Azure, etc)?
- What have the load considerations been?
- Have you guys had any troubles here?
- If so, what have been the points of failure and how have those failures been communicated to clients?
- What are client expectations regarding future improvements here?
- Have you guys had any troubles here?
- What is the relationship between SRS and RPS?
- What level of access does RPS have to SRS's db and what is the intention of having multiple administration sites?
- How is SharePoint administered and configured? And how does it related to all the other categories regarding deployment, security, etc?
- I'm mostly curious about the integration of the reports with email bounceback. How is this being handled? Are you querying a mail server directly, or are you using a third-party mail provider that gives SRS this information?