Managing Security for Online Testing for a Small International Testing Program

In my opinion, this is a great example of securely administering online exams internationally, even in high-risk countries.

I’m very familiar with a relatively small US-based certification program with a large geographic footprint, attracting candidates from a great many countries. By passing the offered high-stakes exam an applicant greatly expands his or her opportunities to work in the United States.

The exam is offered in online form and administered several times a year in windows that span only a few days. There are several dozen testing centers located in about 40 countries worldwide. Some of those countries are notorious for high rates of cheating and the theft of test content. These include Nigeria, Pakistan, China, Philippines, India and Taiwan. But it is also in these countries where there is the highest potential of identifying capable candidates. So, the problem is to offer a quality exam, and then enhance security in these countries to the point that the test results can be reliably used to judge the skills of the applicants.

So what does this certification program do for security?

First, the design provides multiple equivalent forms of the exam so that an applicant cannot be sure which form he or she will see, even when retaking the exam. Second, exams are given in testing centers, and often proctored by individuals trusted and vetted by the program, rather than simply using default proctors. Third, the exam results are scrutinized by a routine data forensics effort conducted immediately after the close of the testing window. Any suspicious scores are thoroughly investigated and perhaps cancelled. Testing centers with an unusually high rate of “incidents” run the risk of being shut down. Fourth, an intense web monitoring effort begins a few days prior to each window and ends a few days after each window. Occasional searches occur between the windows. Any disclosure of item content on the Web is dealt with right away by the program staff.

How is it working? Despite the high-stakes test being given in high-risk locations, the data forensics evaluation indicates that the rates of security problems are consistently low across all centers.

Why can’t all small testing programs, even if they are only testing within a single country, use a secure model like this? The answer is that they can. The program pays for the combined security and test administration services with a slightly higher per-test fee. The small number of security violations is easily managed by the existing staff.


David Foster

President and CEO, Caveon Test Security

Leave a Reply