“Assessment security is like a game of cat and mouse. Without a cat, the mice will rule,” says Cory Clark, Director of Operational Excellence at Meazure Learning. While the best approach to safeguarding an exam is to layer security mechanisms at all stages of the assessment life cycle, implementing a strong security plan during test administration and delivery—when tests are often most vulnerable to fraud, theft, collusion, and cheating—is essential.
This article will explore some of the security risks that credentialing programs face when administering and delivering exams. It will also outline some of the key measures to reduce these risks, with expert advice on implementation.
Test Administration and Delivery Security Threats
Regardless of whether a test is delivered in person or remotely, security threats exist. Left unaddressed, they can endanger the overall health and integrity of your credentialing program. How serious the damage is can depend on the type of threat and extent of the attack—ranging from exposure of a single item to exposure of your entire item bank.
During the administration and delivery phase of the assessment life cycle, possible testing irregularities may include, but are not limited to:
- Test-takers colluding with each other, administrators, or proctors
- Test-takers using unauthorized aids to gain an unfair advantage
- Test-takers circumventing the test administration or delivery process by leaving the testing environment
- Test-takers memorizing questions to participate in a post-exam “brain dump,” which may be used for collusion purposes or the sharing/selling of exam content
- Test coordinators, administrators, or proctors being negligent during the exam or when handling exam materials
- Proxy testing with false identification
Test Security Measures to Implement During Administration and Delivery
Credentialing programs today must comprehensively build layers of security into their entire testing journey—from blueprinting through delivery and post-administration analysis. Think of these layers like those used by castle builders during the medieval ages. To thwart attacks and breaches, multiple security checkpoints were created as well as a deep moat and double castle walls. Similarly, you can use a layered approach to protect your intellectual property and overall exam integrity too.
Here are a few administration and delivery security measures to consider in combination with other methods at different stages of the life cycle.
Measure #1: Ensure a Secure Check-In or Launch Process
The first line of defense against potential threats is a secure check-in or launch procedure. This includes identity verification, login processes, and environment or person checks. Administrators or proctors must verify the identity of all test-takers regardless of testing modality. They primarily do this through ID comparison. In-person test administrators can also use signature comparison. Remote proctoring can allow for additional digital assistance, including things like keystroke biometrics and public record challenge questions.
After verifying IDs, proctors should conduct environment or person checks. This includes secure storage outside the testing room for in-person exams and virtual and physical scans for remote exams. Some exam drivers are equipped with a two-factor authentication process. This ensures that only authorized individuals have access to the exam and helps prevent unauthorized access to sensitive information. According to ATP’s Guidelines for Technology-Based Assessment, you should establish roles-based permissions to “allow adequate control of the testing scenario and limit test security risks.”
TIP: To mitigate risk to your program, we recommend using a different password for each exam and term. Your administration or delivery provider may require that its professionals enter the exam password on behalf of your test-takers to ensure its security. The provider may also require its technology to automatically input the password so your test-takers can never access it, which is critical to preventing exam content theft.
Measure #2: Proctor or Monitor Each Exam
The use of proctoring in professional testing is critical to maintaining the credibility of the test and the credential it confers. Proctoring—regardless of modality—is a strong form of security. Simply having a human present to observe a test can deter many opportunistic cheaters and attempts to steal exam content.
You should ensure your vendor’s live proctors observe test-takers at all times during an exam. Specifically, you should expect proctors to:
- Maintain a secure testing environment: Proctors should ensure that test-takers do not have access to unauthorized materials, such as notes, books, or electronic devices.
- Monitor test-taker behavior: Proctors should watch for any suspicious behavior and take appropriate action if necessary. Some remote test administration and delivery providers, like Meazure Learning, have dedicated intervention specialists, who can be summoned by a proctor and are trained in conflict resolution.
- Enforce exam rules and security policies: Proctors should ensure that test-takers follow the rules set forth by the exam provider, such as time limits and prohibited actions. Some security policies may also be established by the administration or delivery provider, including acceptable forms of ID during the launch or check-in process.
- Report any incidents or violations: Proctors should document any incidents or violations that occur during a test session. They should report them to the appropriate authorities within an acceptable timeframe, usually set by the administration or delivery provider.
Having a professional proctor present for the duration of an exam goes a long way toward its security. But there are certain limitations for what the proctor should be expected to do. You should not expect the proctor to determine whether a test-taker has prior knowledge of exam content or is memorizing content to share with others afterward. You can mitigate these types of misconduct during test design and development processes or through post-administration data forensic analysis.
TIP: Make sure your assessment solution vendor has a secret shopper program—for both remote and test center delivery methods. This type of program is designed to evaluate the efficacy of exam-day rules, proctoring policies and procedures, and more. With a secret shopper program, test administration experts can pose as test-takers to get a firsthand perspective of the administration and delivery experience. These efforts can help you—as an exam provider—determine areas in which you and your vendor can improve.
Measure #3: Use Exam Data
In today’s technological world, you can find useful and usable data in many places—including test centers and remote proctoring environments. In-person and remote testing have unique security advantages and disadvantages. However, online proctoring solutions typically deliver a broader range of data points than test centers.
The main reason is that with online testing, you can replay and re-proctor session recordings. Most online proctoring solutions record a test-taker’s virtual and physical environment, including their computer screen and webcam. Combined with chat logs and audio files, these recordings capture the entire testing experience from an unobstructed vantage point. Proctoring providers often store recordings for a pre-determined amount of time in encrypted databases after a session has ended. Recordings give proctors or administrators the ability to re-proctor each session as needed. This process ensures they validate and defend any reports of test-takers breaking exam rules.
As an example of how one of our clients uses the data from a remote proctoring experience, Rona Starr—President and CEO of the Association of Professional Social Compliance Auditors (APSCA)—says, “Everything is recorded. I can see what the auditor was doing, I can see where they were in the exam, I can see the time, [and] I can see what the chat log is between the individual proctor and the individual auditor. It really makes for a simple closing out of an integrity issue when you’ve got that video recording.”
A recording of the in-person or remotely proctored exam can provide corroborating evidence if misconduct occurs. It can also aid in decision-making around:
- Program policies
- Administration and delivery procedures
- Test-taker behavior, including exonerating a test-taker who may be wrongly suspected of misconduct
TIP: Take an inventory of all the media and data points at your disposal. Try to use those tools of detection to your advantage. The use of multiple sources of data helps provide a more accurate picture of test-taker competency and reduces the potential for bias or inaccuracies. The data can be big, like full session recordings from a 1:1 perspective, or small, like details about scheduling and launch times. While all these factors matter, their severity depends on the context surrounding the incident.
Measure #4: Monitor the Web for Stolen or Exposed Test Content
Harvesting test content and selling it online is a major issue for credentialing programs. Because of this, monitoring the web for stolen or exposed test content is key in advanced exam security. It ensures your intellectual property isn’t being shared or sold and should be conducted on an ongoing basis.
To do so, you should check public and private social media platforms, internet forums, chat rooms, and test prep sites. If you find exam content that may belong to your program, you can match it to the items in your item bank or on your exam forms. Then you can take appropriate subsequent action.
TIP: Watermark your test content to mitigate the threat of content theft or increase your ability to detect content theft. Watermarked content in assessment includes exam materials that have a unique identifier, such as a logo, code, or digital signature. These identifiers are embedded in the content to ensure their authenticity, prevent unauthorized copying or distribution, and make identification of stolen content easier. By using watermarked content, exam providers can help prevent, detect, or respond to cheating—all of which aids in maintaining the credibility and value of the test and resulting credential.
Conclusion
In today’s increasingly complex assessment landscape, credentialing programs must take a robust and proactive approach to security when administering or delivering tests. By doing so, organizations can ensure the integrity of the exam process and provide a secure and fair assessment of an individual’s knowledge and skills.
Learn about additional methods for protecting your program content and upholding its integrity with “Comprehensive Test Security: Why It’s Important and How to Approach It.”