Test Security

Test security

A beginner’s guide.

Why is test security important?

Maintaining the security of your tests, exams and assessments is vital. Not only to ensure accurate measurement but also to protect your organization’s intellectual property and brand integrity. Perhaps most importantly, there needs to be trust that test results are fair, reliable and valid – and that any credential, certification, license or qualification has been achieved honestly.

Misconduct can occur in various ways. A test taker could gain access to pirated content before a test, copy answers from another test taker, or use a proxy test taker. As the technology used by a minority of individuals to commit test fraud advances, the technology used by test providers to prevent and outpace fraud also improves. It is our duty as test providers to ensure the validity of all the tests we administer by addressing these security risks and identifying security vulnerabilities. Additionally, addressing potential security issues early in the process ensures the integrity of test results.

On this page you will learn:

What now for test security?

The testing landscape has changed over the last ten years with the increasing popularity of computer-based testing (CBT) – in test centers and remotely with secure online proctoring. The adoption of online proctoring was accelerated by COVID-19 when test centers had to close temporarily. Technology has given test takers the option of at-home testing in a safe environment, providing much needed continuity in an uncertain time.

Evaluating the security posture of testing systems in both remote and in-person settings is crucial to identify security risks and gaps, and to recommend improvements to enhance security for protected assets.

With multi-modal testing, many organizations now give test takers a choice – take a secure test remotely with online proctoring or in a test center. Regardless of modality, to be truly effective cbt test security must be considered through the entire end to end testing process. From test design to post-test analysis of results. Watch our webinar to find out more about a holistic approach to test security.

PSI has been able to offer us added security features, while always keeping standards of practice front of mind and allowing AACN to make the decisions that are right for our organization. We were very confident moving away from the static forms in order to increase exam security.

Kristen Thomas

Certification Manager, American Association of Critical-Care Nurses

PSI provides a very secure system, not only for our candidates but also for the data that we share in terms of test forms and test content.

Melanie Thomas

VP of Credentialing Operations, NBRC

What secure testing measures can I use during test design and development?

With CBT it’s easier and less costly to rotate test content or vary item types on a more regular basis. Or even automatically assemble random alternative test forms. This makes it more difficult for test takers to learn material and pass it on to others.

An example of automated test assembly is Linear on the Fly Testing (LOFT). LOFT creates virtually unlimited equivalent forms from a pool of items while ensuring test difficulty and content are comparable. With LOFT, each test taker receives a unique test, making many types of misconduct more difficult to achieve.

Non-disclosure agreements with subject matter experts, as well as the secure storage and transfer of test content, are important test security measures during exam development.

At PSI we deliver secure testing services using measures to protect test content for the National Board of Respiratory Care and the American Association of Critical Care Nurses.

What security measures can I use to prevent misconduct on test day?

There are some fundamental measures used to prevent misconduct on test day. Any test used to make important decisions about people should be proctored by either a:

Test Center Administrator (TCA) – at a secure test center, or
A proctor – provided specifically for a testing event (online or in-person).

Test center security measures include:

Initial checks and walkthroughs – for unapproved items and active monitoring.
TCA placement and seat assignment – through viewing window and/or video surveillance.
Individual testing cubicles – with physical barriers separating test takers.

With secure remote testing:

Virtual room scanning – of testing environment with webcam to prevent the use of additional electronic devices, unauthorized hard copy resources or other people in the room.

For in-person and remote testing:

Lockdown browser – to prevent external communication or access to resources. Also prevents test takers from copying and distributing test content.
Recorded testing session – for proof of test integrity.

PSI’s state-of-the-art security solutions are utilized at both PSI test centers and in the on-campus proctored testing environment for the National Board of Surgical Technology and Surgical Assisting.

How do I know a test taker is who they say they are?

Always check the ID of every test taker before the start of any test. This need to accurately authenticate a test taker’s identity goes hand in hand with a duty to protect their personal information.

In a secure test center this involves:

A trained and certified TCA checks each test taker’s photo ID with a proof of signature during the check-in process.
TCA may also take a photo and collect a digital fingerprint.

With secure remote online testing services:

A test taker shows government issued ID through webcam for proctor to verify before test begins.
Throughout the test, a proctor ensures another person has not entered the room to collude with, or replace, the test taker.
A proctor assesses whether any discussion was about the test (misconduct) or something innocent (such as a child asking for a snack).

How do I ensure consistency across remote and in-person testing?

Multi-modal testing gives testing organizations the ability to extend their reach and expand markets. Key security techniques ensure testing is equitable and comparable across both modalities:

Policies aligned between test centers and online proctoring.
Regular and effective test taker communications.
ID checks and biometric measures.
Trained and certified proctors.
Regular auditing and evaluating.

Many organizations adopted multi-modal testing in response to COVID-19, giving us an unprecedented ability to examine meta trends across secure in-person and remote testing across multiple programs.

Blog

July 21, 2020

A guide to going multi-modal with testing

If test misconduct takes place how do I detect it?

Identifying suspected misconduct and acting early is a crucial component of test security. A successful test security program employs early detection methods for identifying cheating and other fraudulent activity when it occurs. For example, it’s important to coordinate test proctoring and data forensics to detect and investigate fraud.

When people interact with tests and test questions in abnormal and fraudulent ways, they are likely to leave traces of their acts, occurring as irregularities in their answer choices, score patterns, and response times. Some programs elect to employ data forensic services to analyze test taker response patterns associated with cheating, proxy testing, or item harvesting.

When data forensics highlights a potential issue, a test site, region, school, or test taker associated with anomalous findings may trigger further in-depth analysis and investigation. Investigative measures may incorporate a review of electronic records including video or photos, as well as drop-in inspections or a secret shopper for test centers. If evidence of fraudulent activity is found, corrective action should be taken.

PSI has security experts on staff who can take on the work of going out to investigate what's going on at testing centers, and that's been a fantastic weight off my mind.

Ben Price

Chief Executive Officer, NBSTSA

What if a test taker shares test items or forms online?

Web crawlers are software applications that search and index web pages. Some programs use web crawling for the purpose of test security, to identify potentially compromised test content posted to the web. Any proprietary test content found online is matched to actual test content. If a match is confirmed, notification is provided immediately and evidence is provided to support a legal take-down process.

Are secure remote tests, exams and assessments used in education?

Yes – secure remote testing with online proctoring is widely used in further and higher education. It offers flexible options and increased accessibility for students, with a reduction in cost of deployment for institutions.

Test security is crucial for maintaining the integrity and security of remote exams. The main queries are around test security and integrity, organizational risk and student privacy related to the threat of remote access. Many institutions are also concerned about tensions between security and student experience.

The good news is when online proctoring is delivered to high standards, our research shows:

Students rate online proctored exams favorably.
Student scores are comparable to the same exams administered with onsite proctoring.
Ratings of testing conditions were virtually uncorrelated with exam performance.

Why is it important to have and communicate a strong test security policy?

Along with security measures, it’s important to develop a policy and communicate this to test takers, so they are aware of the security procedures your program has in place. This communication should happen early and often. A strong and holistic policy is one of the best test security tools a testing program possesses.