ProctorExam is Security Verified by the ICT Institute

Going beyond being GDPR compliant

Amsterdam 26th May 2021

ProctorExam, European market leader in online proctoring, is Security Verified by the ICT Institute, an independent IT audit firm. This achievement is another confirmation ProctorExam goes beyond being just GDPR compliant. Guaranteeing data protection and security for both exam takers and organizations is a top priority. ProctorExam investigates continuously how to take the extra mile to meet that urgency.

Information Security Management System should meet two parts

To be issued with the certificate, ProctorExam had to go through the Security Verified standard process, which consists of two parts. Part one, thus general requirements, is a list of the must-have elements for a functioning Information Security Management System (ISMS). An organization must address all these elements in order to have an effective ISMS. Part two, thus example controls, is a list of recommended best practices. The organization should evaluate these controls and implement those that are relevant and valuable. ICT Institute requested evidence of the implementation for more than 50% of these controls. The ISMS met the requirements of both parts. ProctorExam was qualified for the Security Reviewed certificate and was included in the Security Verified register.

Security Verified: an open standard for information security similar to ISO 27001

Test takers might be worried about data collection and storing and who can access their data. It is important to make clear to them that the aim isn’t to be intrusive, but to examine as closely as possible the experience and achieve security and academic integrity by keeping personal information to a minimum.

Beyond the bare minimum

To ensure that security procedures are permanently adhered and to go beyond solely being GDPR compliant as the bare minimum, ProctorExam takes extra measures. For example, all new employees receive privacy and security training during their onboarding. Also, there is annual security training for all employees. Moreover, the quarterly security team meeting is in place to review new updates or changes. Besides, information is never kept longer than needed. Last, there is a biennially security test and there are business continuity checks built in on a sustaining basis.

Information security policies are an organizational standard

Information security is extremely important in higher education. Students deserve to have their information protected, especially when it comes to digital education. Therefore, the policies of ProctorExam take into account the technical aspects, as well as the organizational aspects with great precision. The policies are documented on a sustaining basis and shared with the entire team of ProctorExam. The policies apply not just as a products and services standard, but also as an organizational standard. In short, consistency, transparency and reliability are at the heart of data protection.

“ProctorExam takes the privacy and information security of exam takers very seriously. During the audit, we found out that everyone at ProctorExam is aware of the importance of information security. We could notice that ProctorExam is taking data privacy and security into account for years now. The ProctorExam leadership was directly involved in all the workshops, which is underlining that information security gets the attention it deserves and within all levels of the organization. As to our society and privacy statements – we believe that exam takers and organizations should be able to request the policies at any time. ProctorExam has the same view on transparency and delivers over and over again,” says Sieuwert van Otterloo, co-founder ICT Institute.

“We are incredibly proud of the fact that external auditors of ICT Institute confirmed our excellent Information Security practices. We will continue to strive to be the market leader in data privacy in our domain and use it as a company differentiator. Keywords can be risk workshops and policies around behavioral risk, securing our website, apps and platforms, advanced functional management, testing and much more. Especially since integrity software is a central element in exam taking, data privacy and security should be ingrained in our company DNA. It is, and it will continue to be,” says Daniel Haven, CEO ProctorExam.