We live in a world where access to information is at our fingertips! In this “Online First" world, it is becoming increasingly difficult, yet increasingly important for Test Publishers and Test Delivery Platforms to ensure the security of Test Content.
Items are the core IP of Test Publishers. It is very important to protect these items and limit their exposure as much as possible during the test workflow. This not only includes secure storage and transfer of items at the platform level but also includes ensuring the security of items during the test authoring process, while performing admin activities, during the test delivery process, and also post-test delivery.
This article lists a few guidelines that you need to follow to ensure the security of your test content during the assessment lifecycle.
Security During Authoring and Admin Activities
The number of admin and authors may be limited (when compared to the test-takers). However, most of these users typically have direct access to your item and test banks. You need to have the right policies in place to ensure your items have the minimum exposure-
Always use separate instances for Item Authoring/Banking and Test Delivery.
Keep your Item Bank and Test Assembly servers behind a firewall
Ensure strict role-based access to the Item Bank
Enforce a workflow-based authoring of items to ensure authors and reviewers can only access and modify items that are assigned to them
Enforce the use of Lockdown Browser (yes, lockdown browser!) while authoring items to prevent authors and reviewers from copying, printing item content.
Disable preview of items and tests for non-power users.
Security During Test Delivery
The test content has the maximum exposure during test delivery. Here are a few guidelines to limit this exposure-
Use multiple forms for each of your tests to limit the exposure of items in your bank.
As much as possible, deliver your tests using a Lockdown Browser, so that it is not easy for test-takers to take screenshots, copy or print the Test Content.
Use templatized items with placeholders wherever possible. Eg: Let us consider the item stem – “John has 2 dozens of bananas. He gives 5 bananas to Mary. How many bananas does John have now?". Here the names and quantities, namely – [John], [Mary], [Bananas], [2 dozens], , [He] can all be made as placeholders and filled in dynamically based on certain rules. So the item might as well be “Tracy has 4 dozens of apples. She gives 14 apples to Chris. How many apples does Tracy have now?".
Security Post Test Delivery
In spite of all our efforts, candidates can still manage to take snapshots of their screens from another device, write down the test content on paper or even just remember the questions and dump them on common brain dump sites on the web. Your platform needs to monitor the web especially the brain dump websites and flag any items that may have been leaked out.
Use web crawlers that can crawl the web, especially the brain dump websites to identify any exposed content.
Flag items that have been exposed and notify key stakeholders
Replace flagged items regularly and weed them out of your item bank.
At Excelsoft, we constantly strive to improve our products and platforms to meet the highest security standards and adopt the best security practices.