Trust Center: Our Commitment to Security

Posted by Julie Delazyn

Our commitment to security is real. Security and reliability are key to both to our success and the success of our customers. That’s why we’ve established our Trust Center — a single place us to feature our different accreditations and validations. In order to highlight Questionmark’s commitment to security, I spoke to Questionmark’s Executive Director and Founder John Kleeman about what security means to Questionmark and how far we go to ensure the protection and privacy of our customer’s data.

What does security mean to Questionmark?

Organizations and companies around the world — companies, universities, and colleges, certification organizations — entrust us with a large amount of confidential data from assessments. We conduct millions of assessments a year and customers depend on us to keep those secure. To Questionmark, security means: Confidentiality, Integrity and Availability of our services for our customers. It’s one of our central aims and goals.

How does Questionmark make security a priority?

You can never 100% ensure security. As you can see in the media, Governments or large well-regarded corporations have had security breaches –so it’s about reducing that risk and making it unlikely that there will be a security issue. The main way in which we do that is by having an information security management system and putting processes in place to look at the risks and put in place controls and take other actions to reduce them.

Anyone can claim to be secure. What sets us apart from some companies in the space is that we don’t just say we’re secure, we get external validation of our security. We’ve recently certified against the ISO 27001 standard, and that’s an involved, grueling audit, which looks at our procedures. By having external validation, we can prove that experts have looked at our security and checked that it’s real — not just that we’re claiming it.

Questionmark is a global company with customers around the world – how do the standards we meet reflect that?

Everyone in the world wants confidentiality, integrity and availability, but there are local compliance criteria—technical rules – that can differ. While ISO 27001 is an international accreditation, we’re also looking to meet various national standards. We’re in the process of establishing compliance with FedRAMP, which is a US Government requirement. We are an approved supplier under GSA in the US and the G-Cloud in the UK, we’ve also passed a Cyber Essentials certification in the UK, and we’re looking to pass other national and international accreditations. In Europe, the GDPR is a focus for European customers, and we’re making sure that we’re complaint with the GDPR. That compliance will help our customers around the world ensure that we follow best practices in data protection. But the main security issues are essentially the same in every country in the world and every geography.

What tools do we offer our customers to help them protect their own data?

The Questionmark software has a strong authentication structure in place—you can define password policies that allow you to have strong passwords. We support integration with SAML, which many of our customers use with their own systems. And then Questionmark has very flexible capabilities to give differential access to data. You can set up your system so only those people who need to know have access to data in your Questionmark system. These are the kinds of features in the product that genuinely increase security.

Why the trust center?

We know with all the concerns about cyber security that there is a real need for our customers to understand whether we as a supplier are secure and safe for them, and so we wanted to create a single place to feature these different accreditations and validations.

There are only a few ways to prove you are secure. Let’s take the example of a castle—you or I could look at this massive structure and guess that if it’s secure or not. But if we’re not castle experts, we really can’t be sure. Similarly, unless you’re a software as a service security expert, how do you know if company A, B or C is secure? By getting to see the different certifications and laws that we follow, customers can get an appreciation of the security we offer, and compare that to others.

What is the future for Questionmark’s commitment to security?

You must have continued improvement. Threats are evolving, and you just can’t stand still. As a very simple example, we currently test our own employees on data security every year, and we’re expanding that by planning different tests by role or department. We’re looking at other accreditations and a continual increase in technical controls. We have many internal improvements that we’re expanding to implement soon. It’s literally a process of continual improvement, and we will continue to add to the trust center.

Questionmark is committed to the highest levels of trust, transparency, and compliance. Please register for a free intro webinar for more information on our key features and functions. We look forward to building your trust and working with you to secure your data.

How do you improve exam integrity and candidate satisfaction?

Posted by Julie Delazyn

Proxy testing … Cheating …. Content theft. How can you be sure that the integrity of your exam isn’t compromised when the technologies and techniques are complex and continually evolving? Many organizations are increasingly turning to online proctoring solutions.

Research shows that when properly applied, online proctoring can be as or more effective than traditional test-center proctoring. Besides reducing security risks, it also improves candidate satisfaction by offering the convenience of taking tests from their homes, workplaces or colleges. It also reduces costs not only for administrators but also for test takers. Consider for a moment the testing fees, travel, parking, and the simple time away from work or studies.  In addition to online proctoring’s effectiveness, one of the most exciting things is that this approach has the potential to grow as technology becomes more advanced and widespread.

What do you need to consider before implementing online proctoring? What features are important to you? How will your exams retain their integrity? How are other colleges or credentialing organizations using online proctoring to improve candidate experience?

Join Questionmark for a 30-minute webinar answering these questions and more

The webinar will cover:

  • Record and review based system with automated flagging
  • What colleges, universities and credentialing organizations are using to offer 24/7 flexibility to test-takers
  • How to administer online exams in a fair way by combining test delivery with exam proctoring

Want to learn more? Secure your spot for this complimentary webinar

Six tips to increase content validity in competence tests and exams

Posted by John Kleeman

Content validity is one of the most important criteria on which to judge a test, exam or quiz. This blog post explains what content validity is, why it matters and how to increase it when using competence tests and exams within regulatory compliance and other work settings.

What is content validity?

An assessment has content validity if the content of the assessment matches what is being measured, i.e. it reflects the knowledge/skills required to do a job or demonstrate that the participant grasps course content sufficiently.

Content validity is often measured by having a group of subject matter experts (SMEs) verify that the test measures what it is supposed to measure.

Why does content validity matter?

If an assessment doesn’t have content validity, then the test isn’t actually testing what it seeks to, or it misses important aspects of job skills.

Would you want to fly in a plane, where the pilot knows how to take off but not land? Obviously not! Assessments for airline pilots take account all job functions including landing in emergency scenarios.

Similarly, if you are testing your employees to ensure competence for regulatory compliance purposes, or before you let them sell your products, you need to ensure the tests have content validity – that is to say they cover the job skills required.

Additionally to these common sense reasons, if you use an assessment without content validity to make decisions about people, you could face a lawsuit. See this blog post which describes a US lawsuit where a court ruled that because a policing test didn’t match the job skills, it couldn’t be used fairly for promotion purposes.

How can you increase content validity?

Here are some tips to get you started. For a deeper dive, Questionmark has several white papers that will help, and I also recommend Shrock & Coscarelli’s excellent book “Criterion-Referenced Test Development”.

  1. Conduct a job task analysis (JTA). A JTA is a survey which asks experts in the job role what tasks are important and how often they are done. A JTA gives you the information to define assessment topics in terms of what the job needs. Questionmark has a JTA question type which makes it easy to deliver and report on JTAs.
  2. Define the topics in the test before authoring. Use an item bank to store questions, and define the topics carefully before you start writing the questions. See Know what your questions are about before you deliver the test for some more reasoning on this.
  3. You can poll subject matter experts to check content validity for an existing test. If you have an existing assessment, and you need to check its content validity, get a panel of SMEs (experts) to rate each question as to whether it is  “essential,” “useful, but not essential,” or “not necessary” to the performance of what is being measured. The more SMEs who agree that items are essential, the higher the content validity. See Understanding Assessment Validity- Content Validity for a way to do this within Questionmark software.
  4. Use item analysis reporting. Item analysis reports flag questions which are don’t correlate well with the rest of the assessment. Questionmark has an easy to understand item analysis report which will flag potential questions for review. One of the reasons a question might get flagged is because participants who do well on other questions don’t do well on this question – this could indicate the question lacks content validity.
  5. Involve Subject Matter Experts (SMEs). It might sound obvious, but the more you involve SMEs in your assessment development, the more content validity you are likely to get. Use an assessment management system which is easy for busy SMEs to use, and involve SMEs in writing and reviewing questions.
  6. Review and update tests frequently. Skills required for jobs change quickly with changing technology and changing regulations.  Many workplace tests that were valid two years ago, are not valid today. Use an item bank with a search facility to manage your questions, and review and update or retire questions that are no longer relevant.

I hope this blog post reminds you why content validity matters and gives helpful tips to improve the content validity of your tests. If you are using a Learning Management System to create and deliver assessments, you may struggle to obtain and demonstrate content validity. If you want to see how Questionmark software can help manage your assessments, request a personalized demo today.