Questionmark Conference 2018 – Registration is Open!

Posted by Brian McNamara

We are excited to announce that registration for Questionmark Conference 2018 is now open!

Questionmark customers will gather March 6th – 9th in Savannah, Georgia, for three days of learning, networking and professional development opportunities.   Whether you are a new user or a pro, Questionmark Conference is the ideal place to get vital information, insight and learning about the latest assessment technologies.

Join us at the Westin Savannah Harbor to enjoy southern hospitality with your peers and the Questionmark team to:

  • Learn about new Questionmark features and functions
  • Attend engaging hands-on product training sessions
  • Network with fellow Questionmark users
  • Get valuable tips, insights and best-practice guidance
  • Plan for the future with a sneak peek at the product road map

Registration is now open at special early-bird rates. Visit the conference website today for details!

Questionmark Conference 2018: Assess for Success | March 6-9 in Savannah

Questionmark is ISO 27001 certified. What this means for you?

Posted by John Kleeman

As you may have seen on our news site, Questionmark has just been certified to the Information Security standard ISO 27001.

What is ISO 27001?Chart showing probability and impact of risks, with high impact and high probability risks in red

ISO 27001 (full name ISO/IEC 27001:2013) is an international information security standard that is widely recognized as credible and authentic in validating that the certified organization has an effective management system for security.

The core of ISO 27001 is risk management. You identify in a systematic way risks to confidentiality, integrity, and availability and then assess their impact and probability. As simplistically shown in the diagram to the right, you decide what risks you can accept and how you can mitigate or otherwise deal with those that you cannot accept.

Subject to risk assessment, ISO 27001 requires you to meet over 100 controls including all the usually expected security controls. It also requires top management commitment and very specific processes to deal with issues that arise and auditing and much more.

ISO 27001 also encourages continual improvement – with all the threats out there, you have to keep making your processes and security better.

Questionmark’s ISO 27001 journey

Security has been central to Questionmark’s mission for decades. We brought out the world’s first secure browser in the 1990s, and our very first post in this blog back in 2009 was about delivering assessments safely and securely.

Last year, we decided that if we were to get external audit and validation of our security, it would both help us become more secure and help customers and other stakeholders feel more comfortable with our service. We’d been aware of 27001 for some time as the most credible security standard out there, and decided to adapt our processes and internal documentation to meet it. And we commissioned BSI, who are leaders in this field, to audit us.

The process to become certified is quite arduous. Including “internal” audits by a consultant and BSI’s audits, we have had eight days of auditing in the last few months. And these can be quite grueling – one of our audit days started with breakfast at 7 am and the auditor left the building just after 7.30pm at night! This definitely puts your people, processes, and technology through their paces. Implementing 27001 has improved Questionmark security and I’d encourage you to respect any organization who is certified as it’s a very credible process.BSI Assurance Mark Template RGB

I’m pleased to let you know that we are now certified by BSI under ISO 27001. Our certificate number is IS 668255. Our scope and certificate of applicability are wide, and we’d be pleased to share these with stakeholders under NDA.

How might it matter to purchasers of assessment services?

ISO 27001 certification gives external validation that an organization has a good quality information security management system.

Anyone can claim to be secure. Anyone can claim to follow standards. It’s hard for someone who is not a security expert to know whether an organization actually has put the effort into people, process, and technology to do the best that can be done to resist threats to confidentiality, integrity and availability.

With all the threats out there to assessment data, we believe it’s helpful to our customers to have assurance that Questionmark has been independently audited and it has been certified that our information security management system complies with ISO 27001.

How could ISO 27001 help assessment providers?

Are you looking to create and deliver secure assessments and keen to protect confidentiality, integrity, and availability?

Although using Questionmark OnDemand will help you do this, I’d encourage some blog readers to think whether it might make sense to implement ISO 27001 yourselves as an organization. That way you will ensure that all your IT and systems are securely managed. There are some work and effort involved, but it will make you as an organization more secure and less likely to suffer breaches and other failures.

I’ve just led Questionmark’s implementation of ISO 27001 and would be happy to share experiences with others in the assessment industry, please feel free to reach out to me.

Questionmark’s assessment management system now offered in the G-Cloud digital marketplace

Posted by Chloe Mendonca

We’re excited to announce that Questionmark has been accepted as a G-Cloud 9 supplier of assessment solutions by the Crown Commercial Service (CCS). These solutions can be found on the UK government’s Digital Marketplace.

What is G-Cloud?

The UK government G-Cloud streamlines the process by which public-sector bodies procure cloud-based applications. You can think of G-Cloud like a mobile app store that contains a huge range of approved, ready-to-use services and applications.

What does this mean for public-sector organisations?
If you are a UK public-sector organisation, G-Cloud makes it easier to buy Questionmark’s assessment management system by dramatically reducing the time you spend procuring services — quickly connecting you with a supplier that fits your strict requirements and budget. US public-sector organisations can procure Questionmark via a similar service, the US General Services Administration (GSA) federal supply list. Organisations outside the US and UK can take comfort in the fact that Questionmark’s platform has been vetted and approved for listing on these government service provider sites.

Questionmark has excelled for many years in delivering assessment solutions to the public sector. Being available on G-Cloud enables Questionmark to expand our offering to even more government organisations that need to create, deliver and report on tests, exams, quizzes and surveys.

Why Questionmark?
In today’s highly-regulated world, the need to effectively assess knowledge and understanding of regulations or corporate policies is critical. Organisations are now required to do more than the traditional checkbox compliance approach and must ensure that all employees or target groups understand the rules and can follow them. Failure to do so can impact life, limb and livelihood, often resulting in fines and damaged business reputations. Only by using secure assessment management technologies that seamlessly integrate with your other enterprise systems and learning management tools can organisations efficiently and effectively set up, deploy and monitor compliance.

If you’re in a public-sector organisation looking for an intuitive, scalable SaaS solution that will help you ensure regulatory compliance and measure learning, request a demo of Questionmark’s assessment management system today.

Questionmark OnDemand Assessment Management System now HIPAA-compliant

Jamie ArmstrongPosted by Jamie Armstrong

Questionmark recently began offering US OnDemand Service customers the option of entering into an additional agreement for compliance with HIPAA (the US Health Insurance Portability and Accountability Act).

I’d like to provide some brief information on this exciting new development, particularly for those not familiar with what HIPAA is or involves. You can easily find additional information and resources on the U.S. Department of Health & Human Services website.

What is HIPAA and what kind of information or data does it cover?
HIPAA is a US federal law that in very general terms regulates access to and handling of “protected health information” (“PHI”) and provides individuals with important rights regarding their health information. PHI includes these categories of information:

  • health information collected from a person;
  • information relating to health conditions or health care provision created or received by an organization such as a health care provider, and;
  • information that either identifies or can reasonably be used to identify an individual.

For example, data gathered or used as part of an assessment using Questionmark OnDemand that relates to past, present or future health or condition may be PHI under HIPAA.

What types of organizations are subject to HIPAA requirements?
HIPAA applies to two main categories of organization having access to PHI. These are known as “covered entities” and “business associates.” A Questionmark customer that is a health plan or health care provider, e.g. a hospital, clinic or health insurance company,  may be a covered entity for HIPAA. Business associates include organizations receiving or maintaining PHI on behalf of a covered entity for functions such as data processing or administration (among other things). Questionmark may be a business associate in providing the OnDemand Service to customers that are either covered entities or business associates performing services for their own covered-entity clients.

What does HIPAA require?
HIPAA requires that covered entities and business associates meet various security, breach notification and privacy requirements. They must meet the requirements applicable to them internally and also have contracts with any third parties that may have access to PHI. This ensures  that these third parties are subject to the same restrictions and conditions. Before offering OnDemand Service customers the option of entering into a HIPAA business associate agreement, Questionmark completed a security and legal review to ensure compliance with relevant HIPAA requirements.

We are interested in obtaining HIPAA-compliant OnDemand Services.  How do we sign a HIPAA business associate agreement with Questionmark?
You can find our HIPAA business associate agreement here. If you’d like to learn more please contact your account manager. Questionmark is committed to safeguarding PHI in accordance with the HIPAA standards and looks forward to discussing your HIPAA compliance requirements.

Important disclaimer: This blog is provided for general information and interest purposes only, is non-exhaustive and does not constitute legal advice. As such, the contents of this blog should not be relied on for any particular purpose and you should seek the advice of your own legal counsel in considering HIPAA requirements.

Internet assessment software pioneer Paul Roberts to retire

Paul Roberts photoPosted by John Kleeman

We think of the Internet as being very young, but one of the pioneers in using the Internet for assessments is about to retire. Paul Roberts, the developer of the world’s first commercial, Internet assessment software is retiring in March. I thought readers might like to hear some of his story.

Paul was employee number three at Questionmark, joining us as software developer in 1989 when the company was still working out of my home in London.

During the 1990s, our main products ran on DOS and Windows. When we started hearing about the new ideas of HTML and the web, we realized that the Internet could make computerized assessment so much easier. Prior to the Internet, testing people at a distance required a specialized network or sending floppy disks in the mail (yes people really did this!). The idea that participants could connect to the questions and return their results over the Internet was compelling. With me as product manager, tester and documenter for our new product — and Paul as lead (and only!) developer — he wrote the first version of our Internet testing product QM Web, which we released in 1995.

QM Web manual cover

QM Web became widely used by universities and corporations who wanted to deliver quizzes and tests over the Internet. Later in the nineties, learning from the lessons of QM Web, we developed Questionmark Perception, our enterprise-level Internet assessment management system still widely used today. Paul architected Questionmark Perception and for many years was our lead developer on its assessment delivery engine.

One of Paul’s key innovations in developing Questionmark Perception was the use of XML to store questions. XML (eXtensible Markup Language) is a way of encoding data that is both human-readable and machine-readable. In 1997, Paul implemented QML (Question Markup Language) as an early application of this concept. QML allowed questions to be described independently of computer platforms. To quote Paul at the time:

“When we were developing our latest application, we really felt that we didn’t want to go down the route of designing yet another proprietary format that would restrict future developments for both us and the rest of the industry. We’re very familiar with the problems of transporting questions from platform to platform because we’ve been doing it for years with DOS, Windows, Macintosh and now the Web. With this in mind, we created a language that can describe questions and answers in tests, independently of the way they are presented. This makes it extremely powerful because QML now enables the same question database to be presented no matter what computer platform is chosen on or whatever the operating system.”

Questionmark Perception and Questionmark OnDemand still use QML as their native format, so that every single question delivered by Questionmark technology has QML as its core. QML was very influential in the design of the version 1 IMS Question & Test Interoperability specification (IMS QTI), which was led by Questionmark CEO Eric Shepherd and to which Paul was a major contributor. Paul also worked on other industry standards efforts including AICC, xAPI and ADL SCORM.

Over the years, many other technology innovators and leaders have joined Questionmark, and we have a thriving product development team. Most members of our team have had the opportunity to learn from Paul over the years, and Paul’s legacy is in safe hands: Questionmark will continue to break new frontiers in computerizing assessments. I am sure you will join me in wishing Paul well in his personal journey post-retirement.

Next Generation Assessment Technology & Exciting Events Driving the Conference Agenda

Now that we have the program in place for Questionmark Conference 2017, I’m eager to highlight a few sessions that you will have a chance to attend in Santa Fe, New Mexico March 21-24.

Before the conference gets rolling, there are two full-day workshops available Tuesday, March 21:

Here’s a peak and the agenda. You can explore the entire list of sessions here: Conference Program.

Questionmark Features & Functions

Case Studies

Best Practices

Networking Events

We have some fantastic networking events planned as well.

We’re kicking off the conference with our signature dessert reception. The next day, you will have a chance to enjoy Santa Fe enchanting downtown and dine with a group of fellow assessment professionals. But it’s all culminating to our final event: Meow Wolf’s House of Eternal Return – an exciting multimedia immersive art exhibit experience. Watch out for surprise acts! We look forward to an evening of eating, networking and celebrating!

Questions? Email conference@questionmark.com. We’re happy to help!

Next Page »