2016 Recap: 12 million+ assessments; 99.98% uptime

Posted by Julie Delazyn

Every day Questionmark customers around the world are deploying high stakes assessments – in 2016 alone, more than 12 million assessments were delivered through Questionmark OnDemand’s platform. 12 million + assessments is HUGE—that’s like saying every 2.5 seconds for 365 days someone is finishing an assessment. But when the stakes are high and the demand is even higher, the number one priority is making sure that your system is up and running.

Keeping up with demand has been Questionmark’s #1 priority, and we set high standards for ourselves. That’s why we’re excited to announce that in 2016, we exceeded our 99.9% uptime target on both our European-based and US-based services – averaging over 99.98% uptime for our assessment delivery service throughout the year.

And we believe in transparency— You can check out the current performance and availability status of Questionmark OnDemand at any time here: http://status.questionmark.com/

We know that obtaining optimal availability at all times is peace of mind for our customers and their test takers, and we look forward to protecting that uptime in 2017.

Seven New Year’s Resolutions to Keep Your Assessments Safe

Paper with "Resolutions" written on it implying one is about to write some resolutions downJohn Kleeman HeadshotPosted by John Kleeman

Many blogs at this time of year seek to predict the year ahead, and many of them foresee more data breaches and security incidents in 2017.  But I’m a great believer that the best way to predict the future is to create or change it yourself. So if you want to reduce the chances of your assessment data security being breached in 2017, make some of the things you’ve talked about happen.

Here are some possible New Year’s resolutions that could help keep your assessments safe and secure.

1. Audit your user accounts. Go through each of your systems that hold or give access to assessment data, and check there are no accounts for ex-employees or ex-contractors. Make sure there are no generic or test accounts that do not belong to a current individual. Dormant accounts like this are a common route to a breach. Also check that no one who has changed role has the privileges of their old role.

2. Run an incident response table-top practice exercise. This is a session where you gather together those responsible for security, pretend there is a breach or other incident and work through verbally how you’d deal with it as a team. You can do this in a couple of hours with good preparation, and it allows you to check your procedures and ensure people know what to do. It will often give useful insight into improving your preparedness.  As Benjamin Franklin once said “An ounce of prevention is worth a pound of cure”.

3. Start testing your personnel on security procedures. One of the biggest security risks for any organization is staff mistakes and accidents that compromise credentials or data. Security awareness training makes an important difference. And if you test your personnel on security after the training, you verify that people understand the training and you identify areas of weakness. This makes it more likely that your personnel become more aware and follow better security practices. If you have access to an online assessment tool like Questionmark, it’s very, very easy to do.

Photo of doctor stethoscope on computer keyboard4. Review some of your key vendors. A risk for most organizations is weaknesses in suppliers or subcontractors that have access to your data. Ask suppliers to share information on their technical and organizational measures for security and what they are doing to ensure that your data is not breached. Any reputable organization will be willing and able to provide this under NDA. See 24 midsummer questions to ask your assessment software provider on this blog for some of the questions you can ask.

 

5. Conduct a restore test from backups. How do you know your backups work? Over the years, I’ve come across a few organizations and teams who’ve lost their data because their backups didn’t work. The only way to be sure is to test restoring it from backup and check data is there. If you don’t already run restore tests, organize a restore test in 2017 (ideally once a quarter, but once is better than not at all). You shouldn’t need to do this if you use a cloud service like Questionmark OnDemand as the vendor should do it for you.

6. Run a pilot for online proctoring. Microsoft do it. SAP do it. Why shouldn’t you do it? If you run a certification program that uses physical test centers, consider whether online proctoring might work for you. Not only will it reduce the risk of collusion with proctors helping candidates cheat, but it will also be a huge boon to your candidates who will no longer need to travel to test centers.

TheCadetHonorCodeMonument7. Put in place a code of conduct for your participants. This is a simple thing to do and can make a big difference in reducing cheating by encouraging test-takers to stay honest.  See Candidate Agreements: Establishing honor codes for test takers and What is the best way to reduce cheating? on this blog for tips on how and why to do this. If you are looking for inspiration, at famous code of conduct is that of the U.S. Army West Point Military Academy which simply says: “A cadet will not lie, cheat, steal, or tolerate those who do.” Of course you need to communicate and get buy-in for your code of conduct, but if you do, it can be very effective.

Many of you will already be doing all of these things, but if you’re not, I hope one or more of these resolutions help you improve your assessment security in 2017.

And here’s a bonus New Year’s resolution to consider. Questionmark Information Security Officer David Hunt and I are giving a session on Staying Ahead of Evolving Security Threats at the Questionmark conference in March in Santa Fe. Make a New Year’s resolution to come to the conference, and learn about security and assessment!

A quiz for the Holidays?

The holidays are here; it’s time for cheer!

No matter if you’ve been naughty or nice, take this quiz and check it twice.

Scan the QR Code or click here to get started:

Wishing you a joyous holiday season and happy new year!

happyholidays_questionmark

 

Transform Your 2017 Assessment Strategy

Julie ProfilePosted by Julie Delazyn

As the year draws to close and you wrap up the final exams for 2016,  you may be thinking about your 2017 assessment strategy. Transform the way you manage learning and training in 2017 by taking advantage of these learning opportunities:

 Transforming Your Test Program with Online Proctoring

Person-taking-a-test.jpg

If you’ve been considering implementing online proctoring, 2017 is the year to make it happen. With the increase in test security threats and the growing demand for flexibility in learning and training, there’s no better time to turn to a secure and cost-effective alternative to traditional brick-and-mortar test centers.

This 45-minute webinar will cover the basics of online proctoring and describe how it manages the variety of test security threats.

WHEN: This Wednesday (Dec. 14) 3:30 p.m. UK GMT / 10:30 a.m. US EDT —  Register now

Intro to Questionmark’s Assessment Management System

WebinarIf you’d like to end this year by getting a better understanding of how Questionmark’s assessment solutions can help you gain the impact you need from your test programs, then attend this 60-minute introductory webinar. We’ll give you a live demo of Questionmark OnDemand showing you key features and functions.

WHEN: This Wednesday  (Dec. 14) 6:00 p.m. UK GMT / 1:00 p.m. US EDTRegister now

If you can’t make it to tomorrow’s webinars, check back here for new dates and themes. We look forward to helping you transform your assessment strategy in 2017!

Item Writing & Questionmark Boot Camp: Pre-Conference Workshops

Rick Ault, Questionmark Trainer

Julie ProfilePosted by Julie Delazyn

Planning for Questionmark Conference 2017 in Santa Fe, New Mexico, March 21-14 is well underway.

We have begun posting descriptions of breakout sessions and are pleased to announce two pre-conference workshops.

Both of these all-day sessions will take place on Tuesday, March 21, 2017:

assessments-2017Questionmark Boot Camp: Basic Training for Beginners

Do you want to get the most out of the Questionmark Users Conference even though you are just starting out with Questionmark?

Here’s what to do: Bring your laptop and learn directly from Questionmark expert Rick Ault.

Bring your laptop and get into gear with hands-on practice in creating questions, putting together an assessment, then scheduling it, taking it and seeing the results. Start off with some first-hand experience that will give you a firm footing for learning more at the conference.

jimparry_nov2016_xsmll

Jim Parry, Owner and Chief Executive Manager of Compass Consultants, LLC

features-functions-2017Advanced Test Item Writing Workshop: Learn how to test more than just knowledge

Writing test items is difficult, but trying to make them check more than knowledge is a huge challenge.

Join Certified Performance Technologist Jim Parry  — an expert user of Questionmark technologies — in this fast-paced, high-powered workshop, which will present a review of the basics of testing and provide hands-on practice to help you turn low complexity, knowledge-based test items into higher complexity, performance-based items following Bloom’s Taxonomy and Gagne’s Nine Events of Instruction.

Conference Registration Tuition:

  • You can save $200 by registering for the conference on or before January 18. You can sign up for a workshop at the same time or add in a workshop later. It’s up to you! Pre-conference workshop or bootcamp add-ons available during the registration process.

Many shades of grey in sensitivity of assessment data

Shades of greyJohn Kleeman HeadshotPosted by John Kleeman

Under data protection law in Europe and increasingly other jurisdictions, “sensitive” personal data has to be given special protection. What does this mean for assessments?

How is sensitive data defined?

The idea behind the concept of “sensitive” or “special” categories of data is that there are some sorts of personal data that if misused could have severe consequences on an individual’s rights or social environment. For instance, information on a living person’s health, racial origin, sexual orientation and political opinions is usually considered sensitive, and special care is needed in processing this information.

At present within Europe, there are minor national differences as to what information is considered sensitive but the forthcoming General Data Protection Regulation (GDPR) should make this more uniform.  In the US, the HIPAA patient privacy law defines the concept of protected health information (PHI). Most PHI would likely also be sensitive under European rules, but HIPAA does not protect political or other non-health information, whereas Europe’s sensitive personal data rules can.

When is assessment data sensitive?

The results of most ordinary skill or knowledge assessments is not sensitive personal data, but here are some ways in which assessment data could or will be sensitive.

  • Health diagnosis. The results of some assessments used in mental health clearly are sensitive. What about psychometric assessments that assess mental state and personality, arguably an aspect of health? This is a grey area, and results from such assessments might be sensitive.
  • Sensitive surveys. If you ask surveys about someone’s health or political views or other sensitive subjects, the assessment results will be sensitive.
  • Demographic data. Do you ask for racial or ethnic origin to accompany assessments, perhaps in order to gather information to prove your assessments are non-discriminatory? If so, that data is likely sensitive.
  • Identity information gathered to prevent cheating. Depending what information you gather to identify someone or check he/she is not cheating, this might be sensitive. For example the GDPR clearly indicates that biometric information should be considered sensitive.

There will not always be a black and white definition – it may well be grey as to whether data is sensitive or not. For example, in some countries, photographs are considered sensitive due to the fact that you can usually identify race from a photo — but in other countries this is only the case for some photos. The GDPR (which becomes law in 2018) says photos they are only sensitive if used to allow unique identification or authentication.

What does it mean for assessment users if data is sensitive?

Here are three suggestions for what to do if you may be processing sensitive data in an assessment.

Person taking a test1. Get explicit participant consent. Although there are some other legal routes, for most assessment use cases, it’s probably wise to get explicit consent from the participant to process sensitive data. For example, include a question at the start of the assessment identifying what you are going to do with the data, and get the participant’s consent.

2. Since there are consequences including fines for misusing data and in general these will be more severe for sensitive data, it would be wise to take strong technical and organizational measures (e.g. encryption) for sensitive data.

3. It’s also wise to ensure that any processors including assessment vendors are knowledgeable about data protection and that you and they have appropriate legal measures in place to cover data protection.

There are some uncertainties around what data is sensitive and how you should deal with it in an assessment context, but I hope this article helps you understand the likely shades of grey to figure out what might be important in your context.

This blog does not give legal advice – please check with your lawyer for rules that apply to your organization and use case.

« Previous PageNext Page »