What organizational and technical measures are appropriate in assessment delivery?

John Kleeman HeadshotPosted by John Kleeman

One of the key responsibilities of an assessment sponsor acting as data controller under European Law is to implement appropriate technical and organizational measures to protect personal data.  But what does appropriate mean?

And when you contract with a data processor to deliver assessments, you must ensure that the processor implements appropriate measures. But again what does appropriate mean?

This is not just an academic question. A  UK organization was fined £150,000 in 2013 for failing to protect personal data with the regulator commenting that a key reason for the fine was “… the data controller has failed to take appropriate technical measures against the loss of personal data”

The measures to use will depend on the risk to the data and to the assessment participant. But here are some measures  to consider. They are all met by Questionmark if you delegate service delivery to Questionmark – though some also need action by you:

For more information, you can download a complimentary version of the white paper: Responsibilities of a Data Controller When Assessing Knowledge, Skills and Abilities [requires registration]

Measure Questionmark OnDemand? Your system?
Premises access control
Data center certified against ISO 27001 or SSAE 16
Two-factor authentication for staff and visitors
24/7/365 personnel intrusion alarms
24/7/365 monitored digital surveillance cameras
23/7/365 security team on site at all times
Strong physical security in nondescript building to aid anonymity
System controls
Well configured firewalls in each tier
Intrusion Detection System or Intrusion Prevention System
Secure software development approach following best practices
Comprehensive anti-virus measures
Regular third party penetration testing
Regularly updated system and application software
24/7/365 network monitoring
Data access control (authentication and authorization)
Individual, unique high strength passwords for all users (you need to action)
Users can easily be deleted when they leave an organization (you need to action)
Store administrator passwords in encrypted form
Administrators can be given access to only functions/data needed (you need to configure)
Participant login & identity can be confirmed by monitors/proctors (you need to configure)
Data transmission control
All participant access via well configured SSL/TLS
All administrator access to results via well configured SSL/TLS
Any data copied for troubleshooting purposes strongly encrypted
No need to send data physically – all data transmitted electronically
Data entry control (keeping track of who does what)
Able to present participant with information & record consent (you need to action)
Participant answers cannot be changed except with authority
Participant submissions recorded with time-stamp
Differential privileges for administrators, control over system functions (you need to configure)
Log important activities by administrators and other users
Contractual control
Have data protection compliant contracts with processors
Processing only performed on instructions from Data Controller
Logical or physical separation of data from different customers
Availability controls (protecting against unauthorized destruction or loss)
Power supply redundancy, UPSs and onsite generators
N+1 or 2N redundancy on all hardware and Internet connections
Backup of all assessment data to offsite location
Backup assessment results frequently (e.g. hourly) to avoid losing data
Regular restore tests of such backups
Save participant answers “as you go” on server during test-taking
Tested, current service continuity plan in place in event of disasters
24/7/365 environment monitoring
Organizational measures (These are all met by Questionmark; you will also have to follow these yourselves.)
Designate a data protection officer
Personnel have written commitment to confidentiality
Background checks on new employees
Regular training of employees on data security
Regular testing of personnel on data security to check understanding
Faulty or end of life disks degaussed or otherwise safely destroyed

I hope this helps you work out what measures might be appropriate for your needs. If you want to learn more, then please read our free-to-download white paper: Responsibilities of a Data Controller When Assessing Knowledge, Skills and Abilities [requires registration].

If you are interested in seeing if Questionmark OnDemand could meet your needs, see here for more information.

Join us in London or Edinburgh for briefings on assessment security

Chloe MendoncaPosted by Chloe Mendonca

This June, we’re getting together with online invigilation leader ProctorU to deliver breakfast briefings in two UK cities.Proctor U

The briefings, to be held in London on 17th June and in Edinburgh on 18th June, will focus on innovative technologies that make it possible to deliver high-stakes tests using almost any webcam and computer, anywhere in the world .

Online courses help organisations increase accessibility to their programs, but until recently, when it came time for an exam, students had to travel to a test centre. Now, if you can study remotely, it’s equally feasible to you take exams remotely, too. Using online invigilators or proctors is a practical solution for institutions and organisations worldwide — a means of providing secure testing at a distance.

The sessions – co-presented by Questionmark and ProctorU, will explain the basics of online invigilation, discuss proven strategies for alleviating the testing centre burden and explore how the “last mile” of high-stakes test delivery can meet the goals and needs of all stakeholders.bb3

The breakfast briefings will include a complimentary breakfast at 8.45 a.m. followed by presentations and discussions until about 12:30 p.m.

These gatherings are ideal for educators, instructional designers and managers from academic institutions, businesses and other organisations.

The sessions offer an excellent way to learn about the newest online assessment technologies and services. They’re also a great opportunity to meet other assessment professionals in your area.

If you’re new to online assessment or online invigilation, this is an opportunity you don’t want to miss!

Barcelona or San Antonio or both?

John Kleeman HeadshotPosted by John Kleeman

Questionmark users conferences are unforgettable. I’ve been to all 14 of them so far and each is engraved in my memory as an empowering, enriching and mesmerising event.  We are running two user conferences in the next few months and if you have a chance to attend one (or both!) I promise you won’t regret it.barcelona

Our first upcoming conference is the Questionmark European conference in Barcelona, Spain on 10-12 November. Barcelona is one of the most exciting cities in Europe and will be a great place to learn from other assessment professionals. You can see details at www.questionmark.com/uk/conference.River Walk San Antonio

Our second upcoming conference is the Questionmark US User Conference in San Antonio, Texas on 4-7 March, 2014. San Antonio is the home of the Alamo and the conference venue is part of the River Walk — a uniquely peaceful and positive environment for a conference. You can see details at www.questionmark.com/us/conference.

Here are five reasons I think Questionmark conferences are worth coming to:

1. Learn about assessments. I’ve been working with assessments for over 25 years … I know a lot, but  I’m still learning. Quizzes, surveys, tests and exams are hugely powerful ways of measuring human behavior and helping organizations improve. There is so much to learn.

2. Learn from Questionmark.  Our best presenters and technical experts are at the conference, and they have a lot to share.

Conversation at a Questionmark user conference3. Learn from peers. Most attendees say that the best thing about a Questionmark user conference is that they meet and learn from peers who have similar issues to them. A problem shared is often a problem solved, and you can find out what other people have done in their organization to solve the problems you are facing in yours.

4. Influence the future of the product. What we learn at these conferences contributes hugely to how we improve our products and services. Our product owners (people like Jim Farrell, Austin Fossey, Doug Peterson and Steve Lay)  attend the conferences and listen carefully to what our customers say.

5. Great cities. We know that people who come to our conferences go back to their organization passionate about online assessments and enthusiastic about wider use of Questionmark. We choose great venues for our conferences, and provide memorable experiences in a great environment so the conferences are fantastic personal experiences as well as being fulfilling learning opportunities.

I look forward to meeting readers of this blog at the conferences. And if any conference attendee can name the cities where the 14 conferences prior to these ones were held, I will buy you to a drink of your choice!

Get details here for the European Conference and here for the US Conference.

Keep pace with assessment news and trends at European learning events

Chloe MendoncaPosted by Chloe Mendonca

bb2We recently held a Breakfast Briefing at London Microsoft, where Questionmark users and other assessment and measurement professionals  discussed the various ways in which online assessment helps to ensure regulatory compliance.

The briefing included some stimulating questions and answers and a demonstration of our browser-based authoring tool, Questionmark Live. Stephen Kelly from The London Fire Brigade, shared how England’s largest fire service uses Questionmark for training confirmation and high-stakes exams.

If you missed the meeting, you may view the presentation slides here.

bb1Events like this one offer an opportunity to see our technologies in action, speak with Questionmark experts, and meet with  individuals from a wide range of industries.

The 2013 Questionmark European Users Conference is another great learning opportunity. It packs two days of learning, networking and fun into one memorable occasion. This year the conference will take place November 10-12 in Barcelona.

Whether you’re new to Questionmark or have been using our technologies for years, there are plenty of reasons to attend this event! And if you sign up by July 15th you will save €130. Click here to register now.


Webinars on Mobile Assessment, Regulatory Compliance and Browser-Based Authoring

Chloe MendoncaPosted by Chloe Mendonca

Our current UK Web seminars offer technology updates and some guidance on how to use assessment to benefit your organisation.

All of these one-hour webinars are scheduled for 11 a.m. London BST

What’s New in Questionmark Live Browser-Based Authoring? – June 12 and July 4
Subject matter experts (SMEs) can easily write questions and complete assessments anytime, anywhere thanks to our easy-to-use, browser-based authoring tool. Join this session to learn about the newest authoring features in Questionmark Live.

Creating Assessments for Mobile Delivery — Wednesday, 29 May and Thursday, 20 June
You can deliver a single assessment to many different types of devices, and process the results centrally. Join this webinar to learn about a cost-effective and flexible way to provide assessments for people on the move. You will find out how to create assessments that sit well on a small screen.

Using Assessments to Mitigate Risk and Ensure Regulatory Compliance – Thursday, 6 June and Wednesday 26 June
This session will explain how assessments can help your organization demonstrate commitment to comply with laws, warn of a lack of knowledge before it impacts the business and provide evidence that appropriate precautions such as training have taken place.

Introduction to Questionmark’ s Assessment Management System – Thursday, 30 May and Wednesday, 19 June
This introductory web seminar explains and demonstrates key features and functions available in Questionmark OnDemand and Questionmark Perception. It will show how you can use our assessment management technologies within your organisation.

Click here to sign up for any of these webinars.

Spring webinars on mobile assessment, regulatory compliance and more

Chloe MendoncaPosted by Chloe Mendonca

With the start to a new season right around the corner, we at Questionmark in the U.K. are happy to offer four Web seminars on important topics for people involved in assessment.

All of these one-hour webinars are scheduled for 11 a.m. London —GMT:

What’s New in Questionmark Live Browser-Based Authoring? – Thursday, 21 March & Wednesday, 17 April

We’re excited to share with you many new assessment authoring features. Our easy-to-use, browser-based authoring tool makes it easy for subject matter experts (SMEs) to create and review assessment content.

Creating Assessments for Mobile Delivery — Wednesday, 27 March & Thursday, 25 April

With 45% of Internet users now accessing it via mobile devices, many learning professionals are considering how to leverage mobile devices such as smart phones or the iPad for delivering assessment content. Find out in this session about a cost-effective and flexible way to provide assessments for people on the go.

Introduction to Questionmark’s Assessment Management System – Thursday, 4 April & Wednesday, 1 May

Learn about the range of assessment solutions enabled by the Questionmark’s assessment management technologies. This introductory web seminar explains and demonstrates key features and functions available in Questionmark OnDemand and Questionmark Perception.

Using Assessments to Mitigate Risk and Ensure Regulatory Compliance – Wednesday, 10 April  &  Thursday, 9 May

Regulatory compliance in the financial services industry as well as other sectors has been a hot topic for the last year. This session will explain how assessments can help demonstrate an organization’s commitment to comply with laws, detect a lack of knowledge within a company and provide evidence that training has taken place.

Click here to sign up for any of these webinars.