Develop, deliver, detect: 3 steps for holistic online proctored test security 


Develop, deliver, detect: 3 steps for holistic online proctored test security 

Nicole Tucker


Achieving the best possible security for online proctored exams and tests isn’t just about secure delivery. That’s why we take a holistic approach when it comes to our online proctoring services. Starting with test content development, to data forensics and web crawling.

In a traditional test setting, the proctor plays two vital roles. Firstly, to ensure the test taker is comfortable throughout the process. And secondly to protect the integrity of the test results. With online proctored testing, where the test taker is remote, combining a great test taker experience with robust test security brings its own challenges.

Growing trend in online proctoring

Just as with onsite testing, ensuring security and the integrity of the result requires different techniques at every stage of the assessment lifecycle.

A requirement for a holistic approach to test security in online proctored exams and tests is something I highlighted in my previous blog about testing trends for 2023. And as we come into the second half of the year, we can see that prediction was correct.

We are increasingly working with clients to develop holistic test security plans that include techniques for the prevention and detection of security breaches across the whole assessment lifecycle. Of course, these techniques can work in isolation. But when used together, your holistic test security plan will be far greater than the sum of its parts.

1. Test development and publishing

The techniques that can be used to develop a secure test include:

  • Non-Disclosure Agreements (NDAs) signed by all Subject Matter Experts (SMEs) involved in item writing and reviews.
  • Training for SMEs around secure practices, for example not discussing or sharing test content outside meetings.
  • Secure item authoring and banking software to manage your test items, item banks and test forms.

Test publishing tools such as Automatic Item Generation (AIG) or Linear On The Fly Testing (LOFT) that create alternate or unique and statistically equivalent test forms.

2. Online proctored exam and test delivery

Effective techniques to ensure your online test takers don’t gain an unfair advantage, or suffer a disadvantage, when you deliver your online proctored tests include:

  • Single sign-on with Learning Tools Interoperability (LTI) and Application Programming Interface (API).
  • Online proctoring services (live or record & review) to spot collusion, use of unauthorized materials, or other prohibited behaviors during a test.
  • Fully trained and regularly audited human proctors.
  • Best in class online proctoring software / platform.
  • Secure browser that prevents access to other applications during a test.
  • ID verification to ensure a test taker is who they say they are.
  • Policies and guidelines that make it clear what is okay – and not okay – to do during an online proctored exam or test.
3. Data forensics and web crawling

In the post-test phase of the assessment lifecycle, tools to detect where malpractice may have taken place work alongside steps to stop it – and prevent it in the future:

  • Data forensics using statistical detection methods to help recognize anomalies in testing data patterns that might indicate proxy testing or collusion, for example.
  • Web crawling services to locate proprietary test content that is being shared on the internet, for example offered for sale or discussed on social media.
  • Plans and processes that outline what will happen if the above tools uncover evidence of malpractice e.g., reviews of a session recording, further investigations.
  • Legal action against a brain dump site, test taker or proxy test taker.

Better together

So, how do all these elements work together? We see it happen across a wide range of scenarios. For example, if a proctor flags suspicious behavior during a remote proctored exam, data forensics might be used to support an investigation. An unknown application used during this test can then be added to the list of prohibited applications in the lockdown browser for future test takers.

In another recent example, a holistic approach to test security helped us identify test taker pre-knowledge and act to address it:

  • Our client received a tip off that a test taker had access to test items before their test.
  • A standard Data Forensics analysis identified the test taker was flagged.
  • Both pieces of intelligence triggered a deeper dive into the test taker’s performance.
  • This showed reduced response times, which often occurs when a test taker is familiar with test content. Analysis also showed an unlikely difference between scored and field-tested items on both percentage correct and response time.
  • Further investigations discovered that the test taker most likely received the content from an SME. This SME had access to the scored items but not the unscored field-tested items.
  • The test taker’s certification was revoked.

End-to-end security

Successful security and result integrity for online proctored exams and tests is an end-to-end concern involving people, processes, and support. It requires rigor and a consistent approach throughout the assessment lifecycle.

Looking both at and beyond the security of the proctored environment, these techniques serve to both prevent and detect test security breaches. And as security techniques become more advanced, so do the different ways in which they interact.