The COVID-19 pandemic forced a change in exam delivery model when in-person test centers shut down. While many traditional test centers have reopened, remote exams remain popular with organizations, test-takers, and exam administrators alike.
The reality is that remote testing isn’t going away, and although each certification body is unique, all organizations should prioritize designing a secure remote testing process in 2022.
How to Design and Implement a Secure Remote Testing Process
Developing a test security plan (TSP) is a great way to prepare now for the future of remote testing. A TSP helps you organize the policies, procedures, and documentation required to maintain security for nearly every aspect of the testing process by addressing the many end-users involved, including:
- Internal staff (or test sponsor)
- Board of directors (or equivalent)
- Candidates
- Users of test scores (e.g., employers and state boards)
- External personnel (vendors and proctors)
- Members of the public or consumers
Think of a TSP as an insurance policy for your exams to protect intellectual property (IP), program reputation, and candidate privacy. It’s an integral part of securing remote tests and giving everyone confidence in your credentialing program.
Good Communication Is a Cornerstone of Remote Testing
Clear communication is a must-have with remote testing. When switching to remote proctoring, be prepared for an increase in customer support needs (especially if supporting dual modality).
Provide exam-takers and exam administrators information on all technologies to be used, including how to get support during a test. Nothing is more anxiety-inducing than facing technical issues while trying to take a high-stakes exam.
To help test-takers feel more comfortable with automated testing, technology, and AI, include system pre-checks and instructions to minimize or eliminate tech issues. Also, terminology matters when discussing AI and online observation of tests, so use easy-to-understand language.
Build out communication templates approved by your legal department to use if a breach or other issue occurs, so you’re not hastily putting one together during an incident. Stakeholders to consider for such emails and press releases include staff, committees, CMEs, candidates, vendors, legal, the general public, and the press.
TSP Checklist for Secure Remote Testing
Test security plans are not one-size-fits-all solutions, but they all include similar elements to identify risks, implement test development options and designs, consider worst-case scenarios, and use incident reports as a guideline.
The earlier you start building a plan, the better. Use this checklist as a guideline for creating your TSP:
Before the Exam
- Identify potential threats, challenges, and risks:
- Technology vulnerabilities
- Testing across different time zones
- Cultural considerations (know your target population)
- Bad actors (including proctors, test prep coaches, instructors, and former staff)
- Plan for common types of cheating:
- Item harvesting (stealing exam questions/answers to share or sell)
- Proxy testing (taking the test for someone else)
- Pre-knowledge (gaining access to the questions in advance)
- Collusion (people working together to take the test)
- Consider test development options and designs:
- Administrative factors
- Communication considerations
- Outline worst-case scenarios
During the Exam
- Provide exam policies and procedures
- Reconfirm permission to test
- Confirm candidate non-disclosure agreement (NDA)/confidentiality agreement
- Verify each exam-taker’s identity
- Use trained staff and service partners (vendors, administrators, and proctors)
- Monitor exam session:
- Use active, real-time monitoring
- Supplement with record and review options
- Manage candidate breaks
- Implement AI or other monitoring software to detect and flag issues:
- Proxy testing
- Item/content harvesting
- Pre-knowledge
- Collusion
- Ensure capability to suspend or terminate test administrations
- Enact escalation protocols
- Enforce proctor-to-candidate ratios
- Require lock down of exam delivery system if needed
- Maintain control of the test environment
After the Exam
- Verify all policies and procedures have been properly implemented
- Establish and monitor a tip line
- Conduct routine analysis with approved filters:
- Operational vs. pretest
- Morning vs. afternoon administrators
- Test center vs. remotely proctored
- Item statistics (drift, difficulty, response time, etc.)
- Repeat status
- Follow up on reported incidents and candidate comments
- Regularly review and make updates as needed to:
- Policies and procedures (P+Ps)
- Letter templates
- Websites
- NDAs
- Conflicts of interest (COIs)
- Monitor social media, test prep programs, chat rooms, and blogs
- Liaise regularly with legal counsel on:
- Cease and desist letters
- Takedown letters
- Policies and procedures
- Candidate challenges
- Build flowcharts to standardize decision-making
Make Secure Remote Exams a Priority
Creating a well-thought-out TSP for remote testing takes time, but it’s critical to deterring nefarious behavior and addressing security issues. When used with a best-in-class online proctoring solution, a TSP can provide a secure remote testing process for everyone involved.