Is data privacy and security a lot to wait for in online exams?

One of the top priorities at ProctorExam has been to guarantee data protection and security for both candidates and organizations. This priority still remains high on the list with ProctorExam becoming 'Security Verified' by the ICT Institute, a team of IT experts with passion for privacy, security and code quality.

Security concerns

The Covid-19 outbreak resulted in more and more people taking their tests from home. Universities who used to test students on campus started testing them remotely. Companies who used to give face-to-face training are now training and testing remotely. Even awarding bodies are offering exams at home, rather than requiring candidates to come into test centres.

For testing organizations, there is an obvious security concern. Will people who take tests at home do so fairly, without receiving unauthorized support? Many tests use online proctoring, by which video surveillance is used to monitor test takers and promote integrity. However, some candidates have privacy concerns about this. If proctoring is being used, then a stranger might be able to see their private space at home and potentially record a stressful moment of the test taker answering an exam, right?

Obviously, balance is key. Testing organizations, together with proctoring providers, should take constant measures against data and security threats.

ProctorExam’s security: an ongoing process

At ProctorExam, we are proud of the efforts we make to guarantee the safety of the data we process. Already compliant with European Union (EU) data protection laws, namely GDPR, we always strive to take the extra mile and upgrade our security policies. We are happy to announce our latest accomplishment in meeting higher privacy standards, with ProctorExam now being Security Verified by the ICT Institute information security team.
"I was really happy to see that ProctorExam takes the privacy and information security of candidates so seriously. We noticed during the audit that everyone at ProctorExam is aware that information security is important. The ProctorExam leadership was directly involved in all the workshops around this topic. It is great to see when information security get the attention it deserves. With the new information security management system in place, ProctorExam will be able to respond swiftly to any threat or incident ".
– Sieuwert van Otterloo, Co-founder of ICT Institute
To be issued with the certificate, ProctorExam went through the Security Verified standard process which consists of two parts:

• Part 1 - General Requirements - lists the must-have elements for a functioning Information Security Management System (ISMS). An organization must address all these elements in order to have an effective ISMS.
• Part 2 - Example controls - is a list of recommended best practices. The organization should evaluate the controls and implement those that are relevant and valuable. ICT Institute requests evidence of the implementation for more than 50% of these controls (at least 17 out of 34).

The structure of Security Verified is similar to ISO 27001. ISO 27001 is a normative standard that contains mandatory elements like part 1, thus the general requirements. ISO 27002 is a collection of best practice controls like part 2, thus example controls. One difference is that Security Verified has integrated GDPR compliance into part 1, since these are legal requirements in the EU.

If an ISMS meets the requirements of both parts, it qualifies for a Security Reviewed certificate and it will be included in the Security Verified register.
"There is a high awareness among employees on information security and current staff is actively involved in information security".
– Information security auditor at ICT Institute
"We are incredibly proud that external auditors confirmed our good Information Security practices. We will continue to strive to be the market leader on data privacy and use it as a company differentiator".
– Daniel Haven, CEO at ProctorExam
"From the very beginning, ProctorExam has been looking at how we handle data as the core of the business. What I realized during the certification precess was that ProctorExam had been already complying with lots of the requirement needed to get certified and questions asked by the external auditors were also familiar to the team. "
– Dirk Groten, CTO at ProctorExam

Ensuring adherence to our security

To ensure that we permanently adhere to our security procedures, ProctorExam is taking extra measures that include among others:
• All new employees receive a privacy and security training during their onboarding and an annual security training for all employees;
• The quarterly security team meeting to review new updates or changes;
• A biennially security test;
• Business continuity check.

Conclusion

Both test takers and organizers can reasonably expect that online proctoring conforms with the law and best practices of data privacy protection and security. It is possible to meet the candidate’s interests in a fair and privacy-respecting exam fully, without compromising on the adoption of online proctoring solutions.
Interested in hearing more proctoring for regulated certification?