13 Scary Questions to Ask your Assessment Cloud Provider

Posted by John Kleeman

As its Halloween I thought you might enjoy learning about 13 questions that might scare your Assessment Cloud provider.

Let me first share some background information …13 Scary Questions to Ask your Assessment Cloud Provider

With increasing use of Cloud systems like Google Docs, Microsoft’s Office 365, and Amazon, and with enterprise software giants like Oracle and SAP offering OnDemand services, many organizations that previously managed IT internally are delegating the running of servers. A Cloud service can save you money, and allow you to focus on core business and user issues, by letting someone else deal with the technology.

Secure and scalable Assessment Clouds are the next wave of tools available that help organizations to measure knowledge, skills, and attitudes securely for certification, regulatory compliance and successful learning outcomes
As you consider moving your assessments to a Cloud, you need to ensure your provider is offering the best possible service, security and data protection. You want a provider who is fully invested in giving strong security, scalability, elasticity and robustness, not just someone running a server under a desk! Exam security has different challenges and demands to other kinds of IT due to the confidentiality of personally identifiable information, questions and results, so you need to make sure that the system you use is safe and secure.

Here are 13 questions you might scare the less professional Assessment Cloud providers in the marketplace:

1. Do you host assessments in a well-established Data Center, certified to SAS 70 Type II, SSAE 16 Type II or ISO 27001?

2. Does your Data Center have multiple connections to the power grid with onsite generators with at least 24 hours fuel onsite in case of power outages?

3. Does your Data Center have multiple, fast Internet links so that if one goes down, connectivity remains?

4. Is every server in the system load balanced and does every component have redundancy, so that if any one system fails, another can take over?

5. Is browser access to assessments and administration protected by SSL (or TLS) to 128 bits or higher, so that assessment data and results cannot be intercepted on the Internet?

6. Do you follow industry good practice in software development to reduce surface areas of attack and protect against security vulnerabilities? Common methodologies to work with are called STRIDE and DREAD.

7. Do you have separate development/integration areas and staging areas to test on before deploying to production?

Questionmark’s OnDemand Testing and Deployment Process
Questionmark’s OnDemand Testing and Deployment Process

8. Do you have a data security policy for your employees who run the service to ensure that they maintain the secrecy of customer data? Does the policy include confidentiality agreements, background checks on employees, regular training, and regular testing of employees to check they that understand data security?

9. Can I see information on real time information on the current status and uptime, and access statistics from round the world? See status.questionmark.com for an example of what you might look for from a provider.

10. Is the service monitored and run 24/7 at both Data Center, network, hardware and application level, so that problems out of hours will be fixed?

11. Are results data backed up safely at least once an hour, so that in the event of a catastrophe, you should never lose more than an hour’s worth of data?

12. What access might government agencies have to data of foreign nationals and are your systems Safe Harbour Certified?

13. What is your track record do you have for being a trustworthy provider with references and case studies to back your claims up?

The answers to these questions for Questionmark’s OnDemand Service are all yes. If you want to find out more, read more details in our new white paper, Security of Questionmark’s OnDemand Service available here.

4 Responses to “13 Scary Questions to Ask your Assessment Cloud Provider”

  1. […] Alberta then you may contact us at privacy@visitingalberta.com Last updated Sun, 23 Jan 2011 09:59Your Privacy Your privacy is important to us. To better protect your privacy we provide this notice … on our homepage and at every point where personally identifiable information may be requested. […]

  2. […] For more information on the security of Questionmark Ondemand, see our security white paper. Watch this blog for future articles on security – or in the meantime, feel free to check out my earlier post 13 Scary Questions to Ask your Assessment Cloud Provider. […]

  3. Before a customer subscribes to a cloud hosting provider, it is a imperative that they go through their own set of questions to ensure they are making the right decision for themselves and their business.

    Depending on what your requirements are, or what you need to feel happy with your provider, one has to keep in mind that different price points are available for each requirement level.

    Also ensure that you intuitively trust the provider, but the best way to confirm your intuition is by asking questions, similar to the ones listed above.

Leave a Reply