7 ways assessments can save you money and protect your reputation [Compliance webinar]

Julie ProfilePosted by Julie Delazyn

Last week, illegal banking practices cost Wells Fargo, one of America’s largest banks, $185 million in fines. Regulators have called the scandal “outrageous” and stated that the widespread nature of the illegal behavior shows the bank lacked the necessary controls and oversight of its employees.

Educating and monitoring employee understanding of proper practices is vital for regulatory compliance.  How do you ensure your workers are compliant with the rules and regulations in your industry? How do you prove that employee training is understood?

Register today for the FREE webinar: 7 Ways Assessments Fortify Compliance

The webinar will examine real-world examples of how assessments are used to strengthen compliance programs. It will also provide tips for developing valid, reliable assessments.

Infographic: Online or Test-Centre Proctoring?

Julie ProfilePosted by Julie Delazyn

For many exams, candidates are required to travel to brick-and-mortar test centers where proctors (or invigilators) supervise the process; However, a new way of proctoring certification exams is rapidly gaining traction. Two of the world’s largest software companies, SAP and Microsoft, offer online proctoring for their certification programs, and many other companies are looking to follow suit.

Do you need to understand the key differences and benefits? Here’s an infographic that explains some of the pros and cons of the two approaches.

Proctoring Infographic

For more on online proctoring, check out this informational page and video below:

 

 

SAML 101: How it works

Bart Hendrickx SmallPosted by Bart Hendrickx

In my last post, I wrote about what SAML is. In this one, I’ll offer a use case to put it into context. There are a number of scenarios where SAML can be used, but I will stick toSSO3 login (authentication) that is initiated by the service provider. I’ll use Questionmark OnDemand as an example of a SP that can work with SAML. Our fictitious customer has an identity provider that is internally hosted behind a firewall, inaccessible from the outside world. Users at the customer’s company can go on the Internet; therefore, they can also take Questionmark OnDemand assessments.

User Jane Doe wants to connect to Questionmark OnDemand, to take an assessment that was scheduled to her. She browses to her company’s OnDemand area, which had been set up to authenticate via SAML. Through the federation metadata, Questionmark OnDemand knows which identity provider to ask for those authentication details. But it cannot talk to the IdP directly. Instead, it creates a SAML request which the web browser passes on to the IdP. Jane Doe’s computer is on the internal network and can access the IdP. The request is forwarded to the IdP, which accepts it because it knows about the service provider (SP), i.e. the customer’s OnDemand area—also possible thanks to the federation metadata.

Jane Doe is already logged on to the IdP: she opened her company’s intranet page this morning, which required her to authenticate, and that session is still active in her browser. So when the IdP gets a request: “Who is this user?”, it already knows the answer: “This is Jane Doe.” The IdP prepares a SAML response and includes a number of attributes, such as Jane Doe’s email address and hire date. All those data form an assertion, which is part of the response.

Again, Jane Doe’s browser plays a key role. It receives the SAML response with the assertion from the IdP and passes it on to the customer’s OnDemand area, which then reads the response. The OnDemand area confirms that this information comes from its trusted IdP and sees that this is Jane Doe. and that an assessment has been scheduled to her. Jane Doe now has access to the OnDemand area and can take the assessment.

For Jane Doe, this all happens seamlessly. She may see her browser redirect to other URLs a few times, when it is relaying information from the SP to the IdP and vice versa, but the entire process usually only takes a couple of seconds.

In a future post, I will explain what SAML requests and responses do and do not contain. Stay tuned!

Assessments worth their weight in gold?

John Kleeman HeadshotPosted by John Kleeman

Another day, another big fine for a financial institution.

Nothing in this article should be construed as specific criticism of any individual bank, but last week, the United States Federal Reserve Board fined a large investment bank $36m for unauthorized use and disclosure of confidential information. The Board required the bank to:

“submit … an acceptable written plan …for the training of all appropriate … personnel regarding the restrictions, controls and legal requirements governing the use of confidential supervisory information. At minimum, the plan shall include … a requirement that training be conducted and documented no less frequently than annually”

McKinsey & Company have calculated in a report that in the period 2009-Gold bars2014, regulatory fines and settlements have increased by nearly 4500 percent for the top 20 US and EU banks. It used to be that bad loans (credit impairment) were banks’  biggest challenges, but this is now a smaller problem. And whereas regulatory compliance used to be a small part of a bank’s job, it is much more crucial to their operating performance. McKinsey suggest banks need to rethink their response to compliance and make it much more central to their mission.

There are many complex compliance challenges in financial organizations. It is not easy to strike the right balance between giving employees responsibility and incentive to make money, whilst preventing them from misusing that responsibility to take risks that injure the bank.

But ensuring that your employees know, understand and can apply the rules is very achievable. Many banks and other financial institutions use Questionmark technology to deliver regular, trustworthy assessments to their employees — you can see case study examples here. The assessments focus on the specific regulations and duties each employee has, and they also allow assessing understanding of products and job skills.

If you conduct regular online assessments of your employees in this way, you can:

1. Find out if your employees know and understand the rules that apply to them and identify those who don’t.

2. By using scenario questions, also find out if they can apply the rules in practical situations.

3. Gain evidence to demonstrate to regulators that your employees are trained and competent.

4. Provide an incentive to make employees learn the rules, because they know they have to pass the test.

5. You can also save time by allowing knowledgeable employees to “test out” of all-company training on topics they are already expert in.

6. if you require managers as well as employees to pass tests, it demonstrates internally your organization’s commitment to compliance.

7. If you combine regular assessments with other measures, you can help mitigate the risk of regulatory fines.

In their report, McKinsey suggest that firms consider shifting their organizational structure to give compliance a higher and more central profile. If you are running a central compliance function, the ability to assess all your employees and measure directly their understanding of regulations and their ability to meet regulatory needs is a genuinely golden capability.

Questionmark has written a white paper “The Role of Assessments in Mitigating Risk for Financial Services Organizations” which explains the benefits of assessments in mitigating risk and gives good practice in using them as well. You can download the white paper (free with registration) here.Role Mitigating risk_Blog

Data Protection and Privacy: Important developments

Jamie ArmstrongPosted by Jamie Armstrong

As Associate Legal Counsel at Questionmark, I spend a lot of time thinking about data protection and privacy law issues. There have been many important developments over recent months, and I thought it would be interesting for our readers if I summarized just three of these below. I may look at others and/or consider those mentioned here in more detail in a future blog post. With a dedicated in-house technical and legal team, Questionmark is continuously monitoring changes in this field and my role helps to ensure that Questionmark is ahead of the curve in protecting our customers.

1. For around fifteen years, organizations transferring personal data from the European Union to the United States were able to rely on the US-EU Safe Harbor Agreement as a legal basis for such transfers. The Safe Harbor Agreement allowed organizations to self-certify compliance with certain data protection standards. In October 2015, the Court of Justice of the EU invalidated the EU decision that underpinned this arrangement. This meant that organizations transferring relevant data had to review their arrangements to ensure such transfers remained legal by different means, such as the EU Standard Contractual Clauses or Binding Corporate Rules – Safe Harbor can no longer be relied on for transfers of EU personal data to the US.

2. The final text of the new General Data Protection Regulation (“GDPR”) was agreed in April this year, and the GDPR will have legal effect from May 2018. From that date, the GDPR will replace the current Data Protection Directive and will apply in all EU member states without any implementing national law required. This should help multinational organizations with compliance, as there will be more uniformity than there is now. The GDPR includes some new obligations, like requiring appointment of a data protection officer in certain cases, hence the two year lead in period to allow organizations time to prepare. The GDPR is relevant for organizations based outside the EU as it has broader effect when EU personal data processing is involved.

3. After Safe Harbor was invalidated, the US and EU authorities worked together on a replacement, known as the Privacy Shield. The initial agreed text received a cool response in Europe and was subsequently revised to address concerns, including around possible continued surveillance in the US and insufficiency of the Ombudsman role created to consider complaints. It is expected that the mechanics of the Privacy Shield will operate similarly to Safe Harbor (but with stricter requirements), with voluntarily compliance certification to the US Department of Commerce possible from August 1 of this year. Unlike the EU Standard Contractual Clauses and Binding Corporate Rules, the Privacy Shield, as with Safe Harbor, will only apply to transfers of data from the EU to the US. The collective of EU data protection authorities have recently said they will not legally challenge the Privacy Shield for at least a year, to provide an opportunity to gauge how this operates in practice.

With the above representing a very simplified summary of just three important recent developments in the data protection and privacy law field, organizations that control and process personal data clearly need to maintain a heightened level of vigilance to be positioned to respond to the shifting landscape. Check back here for updates on these and other relevant developments in future blog posts.

Disclaimer: This blog post is provided for general information purposes only and does not constitute legal advice. Any views included are personal to me.

For more on Questionmark’s commitment to security, check out the video below:

Security, Reporting and Online Testing in Academia: A Q&A with Don Kassner

Julie ProfileI recently spoke with Don Kassner, who has joined Questionmark as vice president of academic markets. I wanted to take a moment to welcome Don and to ask him a few questions about his extensive background, his new job role and his hopes for the future. Here’s a snippet of our conversation:

Don Kassner, VP of academic markets, Questionmark

You have had an extensive career. What is your background, and how has it influenced the insight you have on the learning and assessment world?

At heart, I am an entrepreneur.  I started my first business when I was 8 years old and have been starting and building things ever since. In the last 15 years or so I have focused on technology, training and education. During that time, I have served as the CFO for an auto dealership training company and as president of a small university in addition to founding and building the largest online proctoring company. I have also served on the faculty of San Jose State University (economics) and have been an active member of multiple onsite accreditation evaluation teams.

Now that you are part of the Questionmark team, can you share a little about your new role and the goals you have for this position?

I am excited to reach out to the academic markets and address ongoing concerns around testing.

Colleges and universities want to deliver tests and exams that are consistent, fair, reliable and defensible. They want to deliver and monitor course evaluations, identify knowledge gaps and place students in appropriate courses, and be able to analyze questions to determine which ones are valid and fair. They want to do this while increasing student satisfaction and reducing cheating.

With Questionmark’s extensive security, reporting and analytics tools, that’s all possible.  My focus is to leverage my insight and experience and put this secure and easy-to-use tool in the right hands.

Can you share some of the important topics surrounding the academic markets that are on your radar?

In academia, there are real issues related to online testing. These are the top two:

  • Is the student doing the work? – With technology comes flexibility and as the stakes become higher, students will naturally look for ways to enhance their scores.
  • Are the exam results fair?  Did all the students face the same conditions with the same opportunities and were the exam rules followed?

Questionmark OnDemand, especially its analytics and reporting tools, can provide reports that can uncover the meaning hidden within assessment results, such as an item or assessment’s reliability and defensibility. In regards to security, Questionmark Secure’s lock-down browser plays a huge role in helping organizations provide a secure environment in which to deliver high stakes assessments. This can significantly help reduce the risk of cheating when deployed along with other defenses to combat impersonation and content theft.

We’re very excited to have you on board! What are your plans for keeping in touch with us on The Questionmark Blog?

Once a teacher, always a teacher! I look forward to turning back the clock to my university days and speaking on the hot-button topics that surround academic testing. My experience in education and entrepreneurship will help me as I share my thoughts on current market trends and the future of assessment and testing.

Thank you Don for taking the time to speak to us today!

You can follow Don on Twitter and connect with him on LinkedIn

« Previous PageNext Page »