ITC Guidelines

International Test Commission

International Guidelines on Computer-Based and Internet Delivered Testing

 

Make appropriate provision for security and safeguarding privacy in CBT and Internet testing

 

Take account of the security of test materials
  1. Design features into the CBT/Internet system that minimise the risk of test items, scoring keys, and interpretation algorithms being illegitimately printed, downloaded, copied, or sent electronically to another computer. For example, software c an be developed that controls browser function by disabl ing access to menu selections (such as copy, paste) .
  2. Design features into the system (e.g., firewalls) that protects the CBT/Internet test system and associated databases from illegal hacking and computer viruses.

 

Consider the security of test-taker’s data transferred over the Internet
  1. When designing an Internet test , build in features that safeguard test-taker data and maintain the security of test material transferred over the Internet.
  2. Make use of proxy servers, where appropriate, and embed transactions within secure socket layers.
  3. Design data management systems to enable users to access, check, and/or delete data from the server in accordance with local data protection and privacy legislation.
  4. Design features that ensure regular and frequent backups of all collected data and that allow for recovery of data when problems emerge.

 

Maintain the confidentiality of test-taker results
  1. Design features to allow secure storage of CBT/Internet test data on computer, disks or server.
  2. Maintain the integrity of CBT/Internet test data by providing technology that does not allow unauthorised altering of information and that can detect unauthorised changes to information.
  3. Devise encryption devices and password protection that restrict access to test data.

 
  Copyright ©2005 International Test Commission. All Rights Reserved.