The Integrity Talks

ProctorExam is Security Verified by ICT Institute

The Integrity Talks

ProctorExam, European market leader in online proctoring, is Security Verified by the ICT Institute, an independent IT audit firm. This achievement is another confirmation that ProctorExam goes beyond being just GDPR compliant. Guaranteeing data protection and security for both exam takers and organizations is a top priority. ProctorExam investigates continuously how to take the extra mile to meet that urgency.

Security Verified is an open standard for information security similar to ISO 27001, with an emphasis on GDPR

Any company that handles valuable or personal data is obliged to take care of information security. Security Verified makes it easy for organizations to prove that they have taken such steps. Security Verified is a renowned and open standard for the information security of organizations, especially for innovative tech champions of today and tomorrow. The structure of Security Verified is similar to ISO 27001 and contains many of the control measures from ISO 27002. However, Security Verified integrated GDPR compliance even more, since these are the current legal requirements within the European Union.

Information Security Management System should meet two parts

To be issued with the certificate, ProctorExam had to go through the Security Verified standard process, which consists of two parts. Part one, thus general requirements, is a list of the must-have elements for a functioning Information Security Management System (ISMS). An organization must address all these elements in order to have an effective ISMS. Part two, thus example controls, is a list of recommended best practices. The organization should evaluate these controls and implement those that are relevant and valuable. ICT Institute requested evidence of the implementation for more than 50% of these controls. The ISMS met the requirements of both parts. ProctorExam was qualified for the Security Reviewed certificate and was included in the Security Verified register.

Beyond the bare minimum

To ensure that security procedures are permanently adhered and to go beyond solely being GDPR compliant as the bare minimum, ProctorExam takes extra measures. For example, all new employees receive privacy and security training during their onboarding. Moreover, there is annual security training for all employees. Likewise, the quarterly security team meeting is in place to review new updates or changes. Besides, information is never kept longer than needed. Last, there is a biennially security test and there are business continuity checks built in on a sustaining basis.

Information security policies are an organizational standard

Information security is extremely important in higher education. Students deserve to have their information protected, especially when it comes to digital education. Therefore, the policies of ProctorExam take into account the technical aspects, as well as the organizational aspects with great precision. The policies are documented on a sustaining basis and shared with the entire team of ProctorExam. The policies apply not just as a products and services standard, but also as an organizational standard. In short, consistency, transparency and reliability are at the heart of data protection.

“ProctorExam takes the privacy and information security of exam takers very seriously. During the audit, we found out that everyone at ProctorExam is aware of the importance of information security. We could notice that ProctorExam is taking data privacy and security into account for years now. The ProctorExam leadership was directly involved in all the workshops, which is underlining that information security gets the attention it deserves and within all levels of the organization. As to our society and privacy statements – we believe that exam takers and organizations should be able to request the policies at any time. ProctorExam has the same view on transparency and delivers over and over again,” says Sieuwert van Otterloo, co-founder ICT Institute.

“We are incredibly proud of the fact that external auditors of ICT Institute confirmed our excellent Information Security practices. We will continue to strive to be the market leader in data privacy in our domain and use it as a company differentiator. Key words can be risk workshops and policies around behavioral risk, securing our website, apps and platforms, advanced functional management, testing and much more. Especially since integrity software is a central element in exam taking, data privacy and security should be ingrained in our company DNA. It is and it will continue to be,” says Daniel Haven, CEO ProctorExam.

About ProctorExam

ProctorExam is the largest online proctoring company in Europe and the global leader in providing SaaS proctoring technology. The company was founded by Daniel Haven in 2014, to provide institutions high-quality proctoring services, across various customer verticals. ProctorExam has its headquarter in Amsterdam, the Netherlands. The ProctorExam platform is fully web-based and highly customizable, making use of a wide range of APIs. All modes of online proctoring are possible, from live proctoring to automated. The ProctorExam Proctoring Infrastructure as a Service includes the first 360-degree monitoring capabilities, by using the webcam and the smartphone camera simultaneously. More via