Proctoring in Focus, Part 1: Online Exam Security Q&A

| Blog Articles | Share:  

Headshot of Cory Clark, Meazure Learning’s VP of Security, Training, and Quality
Cory Clark, VP of Security, Training, and Quality

Imagine a smoke detector going off in your home. Your immediate reaction probably isn’t to flee but to check for signs of a fire and determine whether there’s real danger. Similarly, our approach to proctoring online exams involves a comprehensive system to verify and address any signs of misconduct. This ensures that when our detectors go off, we’re not just reacting but prepared to investigate and confirm the integrity of the testing environment.

In this article, we’ll look at some security questions we often receive about our proctoring process as well as the ProctorU Platform and Guardian Secure Browser. To answer these questions, we’ve brought in Cory Clark—our Vice President of Security, Training, and Quality. Before joining Meazure Learning, Cory spent a decade enhancing processes and managing risks for Fortune 1000 companies. Now he leads a team of 100 people focused exclusively on proctoring quality, training, and security.

What’s Meazure Learning’s overall approach to proctoring security?

We believe in a layered security approach, especially during the delivery stage of the assessment life cycle, where security vulnerabilities are more pronounced. Our dedicated security team works in conjunction with our proctoring staff, product developers, and data analysts to ensure we stay one step ahead of anyone attempting to undermine exam integrity. Together, we implement rigorous security measures and continuously monitor for emerging threats so we can protect against them.

What is the typical process if suspected misconduct occurs during a proctoring session?

Our response to suspected misconduct depends on a few different things: the proctoring service line used, the process approved by the test owner, and the type of behavior detected. In a synchronous session, the proctor calls an intervention specialist into action when there’s a suspected integrity breach. In an asynchronous session, our Incident Center specialists review every video in full, not just the segments that our system has flagged as potentially suspicious. In all cases, our team carefully analyzes the entire session and documents their findings in an incident report.

We deliver incident reports within 8 hours on average after a proctoring session. However, it can sometimes take up to 24 hours for Live+ sessions and 72 hours for Review+ and Record+ sessions. I’m really proud of how quickly our team turns around those reports. They’re important to serving our clients and helping maintain test integrity.

“I’m really proud of how quickly our team turns around [incident reports]. They’re important to serving our clients and helping maintain test integrity.”

—Cory Clark, Meazure Learning’s VP of Security, Training, and Quality

What’s included in the incident reports?

In every incident report, our specialists include detailed notes about the situation, video and screen recordings, and access to the session chat logs. To make it easier for clients to triage incidents, we classify test-taker behavior into subcategories, like copying exam content, deliberately disconnecting a session, proxy testing, looking off screen, using an unacceptable ID, failing to follow instructions, and more. Each report is associated with a session within the platform. Because our clients can view proctoring sessions both in real time and afterward, they have access to a detailed timeline featuring flagged time stamps in the video player where issues were identified.

Can you tell me how your proctoring team detects and prevents proxy testing?

A person is using a laptop with digital icons and symbols floating above the keyboard, reflecting the concept of secure online exam proctoring.

Absolutely. Proxy testing attempts pose a big threat in online testing and proctoring, but our platform has built-in safeguards to address those attempts. Several measures that the ProctorU Platform employs include multifactor ID validation checks and integration with our Guardian Secure Browser, which prevents unpermitted applications from running. Our certified proctors also undergo rigorous training and retraining to identify potential proxy testing scenarios. In addition to these measures, we capture and analyze extensive telemetry data generated by the platform itself. This data includes a range of metrics, like test-taker IP addresses, hardware and system information, network traffic, and more—all with the purpose of identifying patterns that deviate from expected behavior.

Are test-takers able to access other websites or computer programs during a proctoring session?

Not unless the test sponsor or institution allows it. If requested, we can add specific URLs or programs to an “allow list.” Otherwise, access to other websites or programs is restricted. In fact, the Guardian Browser blocks interaction with locally installed applications and checks for unpermitted software every 30 seconds. It also logs all active processes on a test-taker’s machine for investigation if a potentially threatening program is detected. So, for example, if the test-taker does try to open an application or use the copy/paste shortcuts, Guardian will recognize it, log what was attempted within the session timeline, and disallow the activity.

So, your proctoring system can continuously detect unauthorized equipment and software?

Yes—it’s one of our strongest security features. Our system continuously checks for unauthorized equipment and software throughout the exam session. For instance:

  • Multiple Monitors: If a secondary monitor is detected, the system prompts the test-taker to disconnect it before proceeding.
  • Suspicious System Setups: Our proprietary secure browser, the Guardian Browser, captures a host of telemetry data that can be used to identify suspicious setups and prevent the use of unauthorized tools and configurations.
  • Remote Connections and Virtual Machines: Our proctoring system scans for over 400 applications to detect virtual machines and remote access tools. It also uses other methods to identify virtual security threats during an exam session.

How does the ProctorU Platform deal with concurrent logins?

Good question! This issue can come up if a test-taker intentionally shares their credentials with someone else and they log in at the same time. As I mentioned before, our platform records all login events and captures the IP address associated with each one. If multiple logins occur during an exam, the test-taker receives an error message about multiple sessions and is prevented from proceeding. Our team carefully reviews these incidents and, if necessary, provides detailed reports to the testing organization or institution for further investigation. This process ensures that any attempts to share credentials are detected and managed promptly.

How do you see these capabilities evolving to address emerging threats in online testing?

We’re always enhancing our security features based on emerging threats. Our team actively monitors and captures evidence of new cheating tactics, such as AI deepfake impersonations. We frequently collaborate with third parties to stay ahead of security challenges, and we’re also developing new capabilities—including the use of machine learning for predictive risk scores—to further strengthen our proctoring system and processes. Stay tuned for more updates on these developments!

Looking for More?

Please reach out if you have security questions that weren’t answered in this article.

Contact Us