How to Evaluate the Security of Your Online Testing Process

Evaluating the security of an online test

Online tests are increasingly popular among certification bodies, test-takers, and exam administrators. Offering remote testing helps certification and licensure programs reach more people, adapt faster to industry changes, reduce costs and pass those savings on, and meet the demand for flexible exam formats

But remote testing, like many digital processes, comes with inherent risks. Security must be a top priority with online testing for professional associations – it’s vital to people trusting your certification or licensure program. When they do, professionals are more inclined to choose your program, and employers are more likely to hire candidates with your certification or license.

Evaluating and ensuring the security of your online testing process requires ongoing effort and actions before, during, and after exams. Fortunately, there’s a blueprint for success you can follow to provide a layer of security for your testing process.

Start by Developing a Test Security Plan

Creating and maintaining a test security plan (TSP) is one of the best ways to proactively address security. A TSP contains documentation, policies, and procedures for identifying risks and threats, managing incidents, and outlining actions to protect your exam integrity.

While a test security plan should be customized for your certification body’s unique needs, all TSPs share similar elements. Use this outline to help create the foundation for your TSP:

Before the Exam

  • Identify potential challenges, threats, and risks
  • Outline common types of cheating
  • Consider test development options and designs
  • Plan for worst-case scenarios

During the Exam

  • Provide exam policies and procedures
  • Confirm permission to test as well as non-disclosure and confidentiality agreements
  • Verify each test-taker’s identity 
  • Use trained staff and service partners
  • Monitor exams leveraging online proctoring software
  • Ensure capability to suspend or terminate test administrators
  • Enact escalation protocols 
  • Enable lockdown of exam delivery system if needed
  • Maintain control of the test environment

After the Exam

  • Verify all policies and procedures have been properly implemented
  • Establish and monitor a tip line
  • Conduct routine analysis with approved filters
  • Follow up on reported incidents and candidate comments
  • Regularly review all policies and make updates as needed
  • Monitor social media, test prep programs, chat rooms, and blogs
  • Liaise regularly with legal counsel
  • Build flowcharts to standardize decision-making


Pay extra attention to building out your communication proactively. If you do experience a breach, hack, or other security issue, you’ll want this communication already crafted so you avoid having to hastily come up with it.

For more details on building your TSP, download our Test Security Plan checklist.

3 Common Security Threats to Address

Deterring nefarious behavior and mitigating security risks is key to a secure online testing process. In particular, have a plan for these three security threats:

  • Proxy testing: Also known as imposter testing, this is when someone other than the approved exam candidate takes a test. For instance, an exam-taker might have a more knowledgeable colleague or friend take the test for them.

  • Test item harvesting: This refers to the stealing of exam content by a test-taker. Since item harvesting weakens the rigor and reputation of the association or group administering the exam, it can undercut the value of the resultant certification or license.

  • Collusion: This is when a test-taker receives unauthorized help with their exam. Examples include conferring with others on answers, copying/pasting responses from an outside source, or searching the internet for information during the test.

Online Proctoring Is a Key Component of a Strong Test Security Plan

When offering online exams, an online proctoring solution is a must-have part of your TSP. This technology adds security and rigor to the exam process for any certification or licensure program by:

  • Verifying each test-taker’s identity: Choose an online proctoring service that automatically captures the test-taker’s photo without requiring them to install anything on their computer.
  • Flagging anomalous behavior: Online proctoring software records video during the exam and flags anything suspicious, like talking with others, not maintaining consistent eye contact with the screen, and leaving the webcam view.
  • Providing audit trails of proctored session data: After the test, an exam administrator can review suspicious behavior if needed and determine the proper course of action.

In addition, online proctoring technology plays an important role in meeting the National Commission for Certifying Agencies’ policies and procedures. Check out Standard 18 of the NCCA’s security and confidentiality checklist to see the essential exam administration elements.

The Right Planning Helps Maximize Exam Security

Online tests offer many benefits to organizations and exam-takers alike. With a comprehensive TSP and best-in-class online proctoring solution, you can enjoy the advantages of remote tests and be confident your exams are secure.

Download the Test Security Plan checklist, a comprehensive guide to creating a robust test security plan. 

Developing a Test Security Plan