This article explains the crucial measures and strategies employed to preserve the question pool and maintain the integrity of exams, ensuring a secure testing environment. With the increasing prevalence of online assessments, it becomes imperative to implement robust security measures to prevent compromises and uphold the credibility of educational evaluations.
YouTestMe offers security Measures at different levels:
- Question Level
- Exam Level
- User Level
- System Level
- Company Level
Question Level #
- Randomizing Answers: By shuffling the order of answers, each student receives a unique set, minimizing the possibility of cheating. This article explains how to use the question-and-answer randomization option for tests that are manually created but also for tests that are generated.
- Question Branching: Introducing follow-up questions based on responses adds complexity and ensures a deeper understanding of the subject matter. Find more information on how to create a branching questions in this article.
- Exam Versioning: Generating different versions of exams with distinct questions provides additional layers of security against unauthorized sharing. This article explains how to create multiple, unique test versions. The test versions can contain independent combinations of questions imported from pools and manually created questions.
Exam Level #
- IP Restrictions: Restricting exams to specific IP ranges adds a layer of control, ensuring that assessments are taken in approved environments.
- Browser Lockdown: This article aims to provide a comprehensive guide for organizing a test using the Lockdown browser, which prevents unauthorized actions and violations during the test such as cutting, copying, and printing.
- Password Protection: Adding password protection to exams adds an extra layer of access control, ensuring only authorized individuals can take the test.
- Automated AI-based Proctoring: Leveraging artificial intelligence to monitor and detect unusual behavior during exams enhances exam supervision. For more information, check this link.
User Level #
- Role-Based Access Control: Assigning specific roles such as student, guest, question pool manager, proctor, instructor, administrator, and more, ensures that each user has appropriate access rights. In this article, you’ll learn about the default user roles in the system, how to assign them to users, and how to create custom roles tailored to your needs.
- Session-level Access: Temporary profiles for students ensure that their information is deleted once the session expires or they sign out, maintaining privacy. This article is a comprehensive guide that provides detailed insights into the process of sharing tests for guest users within the application. It focuses on the steps and essential considerations for granting temporary access to test content.
System Level #
- Encryption: Employing TLS 1.2 for data in transit and Microsoft Azure Disk Storage Server-Side Encryption for data at rest ensures secure handling of information. For more information, check this link.
- Compliance Checks: Rigorous compliance checks, including risk management frameworks and security scans, validate the system’s resilience against potential vulnerabilities. For more information, check this link.
- Deployment Options: Offering both on-premise deployment behind firewalls and cloud deployment on FedRAMP-compliant servers provides flexibility while maintaining security.
Company Level #
- ISO/IEC 27001 Compliance: Adherence to international standards for information security ensures a systematic approach to managing sensitive data.
- Business Continuity Planning: Based on Enterprise Architecture, ensuring continuous operation even in unforeseen circumstances.
- Data Processing Agreement: Establishing clear agreements on how data is processed adds transparency and accountability.
- Data Protection Guidelines: Complying with global data protection regulations such as GDPR, PIPEDA, CCPA, APPs, and PDPA ensures user privacy and data security.
- Internal Security Policies: Enforcing internal policies and procedures at the company level further strengthens the overall security posture. For more information, check this link.
In conclusion, the preservation of question pools and exam integrity demands a comprehensive approach across different levels – from individual questions to system-wide security protocols. Employing a combination of innovative technologies and established security standards ensures a robust and trustworthy examination environment, fostering academic integrity in the digital age.