In our previous post, we discussed some of the issues that assessment programs consider when building a comprehensive security program. For this post, we will focus on a few key preventive strategies that programs should evaluate in the context of their needs . There are inherent risks in testing so no approach can guarantee perfect compliance and no security breaches. However, these steps can go a long way in the right direction, and are worth the time and investment involved. Although many of these components may seem self-evident, they continue to be critical activities that can significantly reduce the risk of serious security breaches.
There are three key strategies in preventative security. They are, education, comprehensive policies and procedures and most importantly, proactive test design. The process of preventing security breaches starts at the very beginning of your program design or as part of a redesign. Creating a holistic proactive plan of how you will approach test development, delivery and fulfillment will increase the security and integrity of your credential. For example, if you determine during program design that you will be delivering your exams in high-risk areas with a history of item theft, then your test development process should contain mitigation strategies to protect your exam. All too often, decisions regarding the type of assessments and the test candidates are made without mapping out the long-term security impacts; which can lead to serious unanticipated long-term consequences.
When most people think about security breaches in assessment, they think about candidates – whether individually or as part of collusive efforts – cheating during the test. Although cheating is a major concern, candidates having any unintended advantage are a threat to your credential’s validity. The policies and procedures put in place before, during and after your test administration will have critical impacts on your ability to prevent any unintended advantage. Internal policies are just as important as the external candidate policies you put in place. Every program should have a security manual that addresses limiting access of test items to a need to know basis and sets data security parameters for your employees, vendors and contractors. It is essential that these policies and procedures be defined before the test development process begins, and are constantly evaluated throughout the process.
Every step in the test administration process, from the candidates verifying their identity when they arrive to take the examination, to the candidate agreements, to the behavior of the test administrators, and to the materials that candidates can or cannot bring to the testing site will be critical for the prevention of security breaches. Other preventative aspects will include copyrighting your programs item bank and test forms to establish your program’s intellectual property. In all of these scenarios, there is a balancing act between the rights and responsibilities of the test sponsors, and the test takers, along with the costs and resources required to maintain certain security protocols in place.
There are several things you can do to educate your candidate population on the importance of security. Your website is a good place to post agreements, policies and your expectations in regards to confidentiality and the importance of security. This communication with your candidates will go a long way in making sure they are aware of the consequences of not following your security and confidentiality policies.
This post only skimmed the surface of the issues and activities that need to be considered when trying to prevent security breaches in your testing program. Because every testing environment has different expectations when it comes to the test security protocols, these topics should be evaluated in light of your program’s needs.
If you would like more information on preventative security, please review our ATP presentation: Don't Be Late to the Game - Security Should Not Be An Afterthought.