Proctorio Blog Proctorio Blog

A padlock with a green shield on its surface

Setting the Record Straight: On Privacy

You don't need us to tell you that misinformation campaigns run rampant online. One of the most frequent yet avoidable issues in the digital sphere is the spread of false information by individuals who do little to no research before reposting.

In this weekly blog series, “Setting the Record Straight,” we will debunk several of the more egregious myths about Proctorio that circulate online, in the news, and on social media. This week, we're setting the record straight on Proctorio's approach to privacy.


Anyone who reads our blog will notice a clear theme: privacy. Privacy, privacy, and more—yep, you guessed it—privacy. To some, it may seem like we've exhausted the topic, but at Proctorio, privacy isn't just a requirement. It's at the core of our mission and our ethical responsibility.

When Proctorio was founded in 2013, we set out to develop a privacy-conscious software users could trust. In a digital world rife with data mining and theft of PII, we know how important privacy and data security are to our users.

In 2019, a Pew Research study found more than 60% of Americans believe it isn't possible to live their lives without having their data harvested. What's worse, at least 79% are “very/somewhat concerned” about how companies use the data they collect.

Proctorio hears those concerns and is more dedicated than ever to protecting your data and personal information. We use end-to-end encryption so third parties (Proctorio included) can't view PII like your name, email address, and IP address.

To prove our commitment to user privacy and give Proctorio test takers peace of mind, we enlisted the help of A-LIGN, a third-party auditing company with more than 10 years of experience. After examining our software in a multi-step review process, A-LIGN approved us for the ISO 27018:2019 certification, which expands on our existing ISO 27001:2013 certification.

Proctorio is the first remote proctoring service to achieve ISO 27018. Combined, ISO 27001 and ISO 27018 are comparable to another one of our compliances, the General Data Protection Regulation (GDPR).

We know what you're thinking. What does all this certification mumbo jumbo mean? How does Proctorio protect test-taker data? In the name of transparency, another one of our guiding principles, here are the certifications Proctorio has achieved and what, exactly, they mean for user privacy and data security:

  • Remote proctoring services have historically circumvented strict data security requirements with reports like the SOC by instead supplying the SOC for their data center, like AWS or Google Cloud. While these reports confirmed little about a vendor's security, many institutions accepted them. Proctorio wasn't satisfied with minimal security requirements, so we became compliant with the SOC Type 1 and SOC Type 2 audits. The SOC 2 (System and Organization Controls) cybersecurity audit assesses a company's security, availability, processing integrity, confidentiality, and privacy. Being SOC 2-compliant means Proctorio is designed to keep our users' private data secure.
  • Last year, Proctorio achieved ISO 27001:2013, an information security certification developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to standardize the process for establishing, implementing, operating, monitoring, reviewing, and maintaining an ISMS (information security management system). ISO 27001 focuses on data confidentiality, integrity, and availability and certifies that our ISMS was implemented and managed effectively.
  • Proctorio's newest certification, ISO 27018:2019, examines our cloud's capacity to handle personally identifiable information (PII) and assures user information and data are protected. This extension of the ISO 27001 certification provides 25 additional privacy and security controls and supplements the guidelines outlined in ISO 27001.
  • Proctorio is also GDPR-compliant. GDPR is a data protection law in the European Union that seeks to protect user PII by preventing companies from abusing that personal information. Known for being one of the strictest data protection laws, GDPR also states that individuals should not have to "restrict or prohibit" the transfer of their data to protect it.
  • One of Proctorio's most important certifications is our VPAT (Voluntary Product Accessibility Template). VPATs affirm compliance with ADA and accessibility standards, but companies traditionally create them internally. To avoid bias (and without being required to do so), Proctorio worked with third-party auditor Deque to examine the software's degree of user accessibility. VPAT compliance affirms Proctorio's high level of digital inclusivity.

Proctorio also works with iKeepSafe to verify our compliance with several of the more prominent industry standards. In the United States, those standards include:

We also comply with similar standards in Canada, including:

To further protect the data security of Proctorio's users, we hired HackerOne in 2020. By enlisting these “ethical hackers” to inspect our software for potential security breaches, we ensure malignant sources never get the opportunity to access our users' sensitive data. Proctorio continues to work with HackerOne to identify and repair possible software vulnerabilities.

Enlisting third parties like A-LIGN, Deque, iKeepSafe, and HackerOne to examine Proctorio's software holds us accountable and provides objective confirmation that Proctorio continues to exceed privacy and data security standards in the remote proctoring industry.

Proctorio works diligently to ensure test-taker data remains secure, but misinformation spread by a few mercurial critics has lumped Proctorio in with data-scrubbing software companies. These allegations could not be more false.

Proctorio's dedication to data security far surpasses our competitors' and industry requirements. But neither regulations nor competition motivates us. Instead, we go the extra mile to protect the privacy of test takers and everyone who visits our website.

Proctorio never uses privacy-invading cookies, nor do we falsely claim they "enhance your online experience." We even licensed our own font and invented a video player to prevent Proctorio website users from being tracked by ad companies like Google.

When Proctorio says we're dedicated to your privacy, we mean it. Still not convinced? Read more about our privacy policy here.

Stay tuned for next week's post to see us debunk another myth about Proctorio.

November 3, 2022

PRIVACY & SECURITY

Setting the Record Straight: On Financial Information

June 03, 2022

PRIVACY & SECURITY

Our Commitment to Protecting Your Privacy

January 5, 2022

PRIVACY & SECURITY

Security in an Unsecured World

June 25, 2021

PRIVACY & SECURITY

Proctorio achieves ISO 27001:2013 Information Security Certification

April 14, 2021

PRIVACY & SECURITY

Proctorio becomes SOC 2 Type 1 compliant proctoring provider

November 01, 2020

PRIVACY & SECURITY

Enhanced encryption and security features for Fall Semester 2020

October 06, 2020

PRIVACY & SECURITY

Why Proctorio requests certain browser permissions

August 16, 2020

PRIVACY & SECURITY

Why Proctorio does not use facial recognition

August 15, 2020

PRIVACY & SECURITY

How Proctorio approaches data security and test-taker privacy