The strength of a chain depends on its weakest link. When it comes to assessment, how strong is the weakest link within your institution? Do lecturers send exam questions back and forth via e-mail? Is the item bank secured with two-factor authentication? Are you sure no one has left a copy of an exam in the printer? SURF, the collaborative ICT organisation for Dutch education and research, has developed a workbook to help security officers and employees involved to securely organise the entire assessment process.
More and more educational institutions are discovering the merits of digital testing and assessment, which makes digital assessment the logical next step. Moreover, digital testing and assessment offers advantages in terms of improving the efficiency and quality of testing and delivering tests in a more authentic way. However, with the increasing popularity of this digitisation in Dutch higher education institutions, concerns about the security of the process have grown concomitantly.
Risks in the various stages of the assessment cycle
Institutions tend to focus on securing test administration as being the key moment where fraud might occur. However, other steps in the assessment life cycle also bear significant fraud and security risks. To help explain this, the various steps in the assessment life cycle and the possible risks involved are illustrated below.
The planning stage of the process does not involve many critical security elements. The assessment matrix is usually not secret, making security threats small. In the construction stage, risks are much higher. Lecturers usually construct questions on their PCs (laptop, tablet), after which they store drafts ‘somewhere’ (local hard drive, unsecured network drive, in the cloud, USB stick, etc.) and e-mail them to colleagues for review. None of this is very secure at all unless measures are taken. If examination material is leaked ahead of time, the damage can be significant.
While the examination is underway, many things can go wrong: cheating, unauthorised tampering with digital assessments, losing or deleting results, etc. During the scoring process, it is conceivable that there could be (digital) tampering with the results or that assessments could go missing or otherwise become corrupted. During analysis, the risk primarily comes from tampering with results and the pass mark (standardised set). Reviewing, especially on paper, is a step that is especially susceptible to fraud. This includes things like tampering with the replies or unauthorised copying of assessment questions. In addition, the reported results are confidential. Evaluation involves all of the exam programs, assessment materials and test results. Although integrity and confidentiality are important elements, they are implemented after a delay and are not traceable to an individual. Given that a period of revision and potential recovery is available between evaluation and reuse, risk is low during the evaluation stage.
Finally, in the management stage, risks include unauthorised tampering during the storage of assessment questions; tampering with examination scripts or assessment results; and potential negative impact on the assessment’s demonstrability and legitimacy if materials get lost.
Five steps toward secure assessment
Securing the assessment process is complex; within the various stages of the cycle, a number of stakeholders and systems are involved. Also, the need for security goes beyond digital assessment alone, if only because when lecturers prepare paper-based tests, they generally make use of IT as well.
Unfortunately, there are no comprehensive measures that can solve all these problems in one go. In order to support institutions in making the assessment process secure, SURF has been working with experts from various higher education institutions to develop a workbook that helps to improve security along five steps:
To achieve a secure assessment process, the workbook consists of tools to map out the institution’s procedures in writing, to work out roles and responsibilities for all those involved, and to set up a list of measures that contribute to security during the entire endeavour.
Want to secure your own institution’s assessment process?
At OEB 2017, on December 6th, SURF is organising a preconference workshop on secure assessment. The event will give participants insight into how to use the workbook (available in English: www.surf.nl/secure-assessment-workbook) and provide examples of practice in Dutch higher education.