ProctorExam, European market leader in online proctoring, has been Security Verified by the ICT Institute, an independent IT audit firm. This achievement is a confirmation that ProctorExam goes beyond being just GDPR compliant. Guaranteeing data protection and security for both exam takers and organisations is a top priority. ProctorExam continuously investigates how to take the extra mile to meet that urgency. Security Verified is an open standard for information security similar to ISO 27001, with an emphasis on GDPR. Any company that handles valuable or personal data is obliged to take care of information security. Security Verified makes it easy for organisations to prove that they have taken such steps. It is a renowned and open standard for the information security of organisations, especially for innovative tech champions of today and tomorrow. The structure is similar to ISO 27001 and contains many of the control measures from ISO 27002. However, Security Verified integrated GDPR compliance even more, since these are the current legal requirements within the European Union.
To be issued with the certificate, ProctorExam had to go through the Security Verified standard process, which consists of two requirements. The first one, thus general requirements, is a list of the must-have elements for a functioning Information Security Management System (ISMS). An organisation must address all these elements in order to have an effective ISMS. The second requirement, thus example controls, is a list of recommended best practices. The organisation should evaluate these controls and implement those that are relevant and valuable. ICT Institute requested evidence of the implementation for more than 50% of these controls. The ISMS met the requirements of both parts. ProctorExam was qualified for the Security Reviewed certificate and was included in the Security Verified register.
Beyond the bare minimum
To ensure that security procedures are permanently adhered and to go beyond solely being GDPR compliant as the bare minimum, ProctorExam takes extra measures. For example, all new employees receive privacy and security training during their onboarding. Also, there is annual security training for all employees. Moreover, the quarterly security team meeting is in place to review new updates or changes. Besides, information is never kept longer than needed. Last, there is a biennially security test and there are business continuity checks built in on a sustaining basis.
Information security policies are an organisational standard
Information security is extremely important in higher education. Students deserve to have their information protected, especially when it comes to digital education. Therefore, the policies of ProctorExam take into account the technical aspects, as well as the organisational aspects with great precision. The policies are documented on a sustaining basis and shared with the entire team of ProctorExam. The policies apply not just as a products and services standard, but also as an organisational standard. In short, consistency, transparency and reliability are at the heart of data protection.
“ProctorExam takes the privacy and information security of exam takers very seriously. During the audit, we found out that everyone at ProctorExam is aware of the importance of information security. We could notice that ProctorExam is taking data privacy and security into account for years now. The ProctorExam leadership was directly involved in all the workshops, which is underlining that information security gets the attention it deserves and within all levels of the organisation. As to our society and privacy statements – we believe that exam takers and organisations should be able to request the policies at any time. ProctorExam has the same view on transparency and delivers over and over again,” says Sieuwert van Otterloo, co-founder ICT Institute.
“We are incredibly proud of the fact that external auditors of ICT Institute confirmed our excellent Information Security practices. We will continue to strive to be the market leader in data privacy in our domain and use it as a company differentiator. Key words can be risk workshops and policies around behavioural risk, securing our website, apps and platforms, advanced functional management, testing and much more. Especially since integrity software is a central element in exam taking, data privacy and security should be ingrained in our company DNA. It is and it will continue to be,” says Daniel Haven, CEO ProctorExam.
For additional information, you can watch the following two YouTube videos: one on Dirk Groten, CTO at ProctorExam, who list the reasons why ProctorExam aimed to become Security Verified.
And the other is on Sieuwert van Otterloo, co-founder of ICT Institute, who explains how ProctorExam became Security Verified.
