Data security you can trust

More exam administrators are expanding their courses and exams to online platforms. This leads to an increase of test-taker data being transferred and stored. It also leads to concern over the security of that data.

At Proctorio, keeping test-taker information and data secure is our top priority. This means making an active effort to protect individual, recording, and personally-identifiable information.

Three layers are better than one

Exam recordings are secured and processed using three layers of encryption:

A shield in front of another shield layer, this one overlaid in binary

End-to-end

The end-to-end encryption layer is secured using AES-GCM.

Transmission

Transmission of data into the data center is only over TLS 1.2 or 1.3 and if the client supports it, we are able to use Perfect Forward Secrecy (PFS).

Data at rest

Recording data at rest within the data center is encrypted using AES-256 and is FIPS 140-2 compliant. All data centers are ISO 27001 certified, SOC 2 attested.

A padlock emblazoned on a shield protecting a background of binary

End-to-end encryption

Proctorio utilizes end-to-end encryption, which means encrypted audio, video, screen recordings and images cannot become unencrypted until they are unlocked by an institution-approved representative.

Daily vulnerability tests

Our platform goes through daily vulnerability scans and semi-annual penetration tests to assess the strength of our systems against a potential attack. Partnered institutions can see these daily vulnerability scans under an NDA. This creates a security system you can trust.

A machine scanning pages of data and analyzing them

A friendly reminder

Proctorio never requires test takers to provide additional Personally Identifiable Information (PII) to access an exam. Test takers simply sign in their Learning Management System (LMS) with their institution’s credentials and access their Proctorio exam. For third-party assessment platforms, a unique passcode is generated and managed by Proctorio, so that the test takers can access the exam effortlessly.

All recordings are transferred and stored with end-to-end encryption, and can only be accessed by institution-approved representatives.

Learn more about Proctorio’s Privacy standards in our comprehensive Privacy Policy.

View Privacy Policy

Keeping us accountable

Proctorio engaged a leading information security consulting company to perform a Security Assessment of our software and cloud environment on June 24th, 2020.

End-to-End Encryption Audit

With industry-leading tools, techniques, and penetration testing processes, the security consultant only identified a single low-impact issue. They also concluded that Proctorio appropriately implements end-to-end encryption and never possesses the encryption keys for the audio/video recordings they store. In addition to securing the encryption keys, the audit concluded that the cryptographic functionality was implemented appropriately using industry standard and vetted algorithms and their implementation libraries.

Data Privacy Compliance Audit

The third-party security consulting company determined that video and audio for exams are stored in the proper geographical regions based on the institution in accordance with local privacy and security laws. The regions tested include the USA, Canada, the European Union, the Middle East, and Australia.

Hackrate

We have partnered with Hackrate, a leading ethical hacking company. This partnership allows us to ensure that our software remains secure, private, and accessible for our end users: test takers and exam administrators.

To keep user data safe and ensure privacy is protected, Proctorio is looking forward to working with the security community to help identify vulnerabilities.

If you're a security researcher or ethical hacker and you've found a vulnerability in our service, please let us know by using the Hackrate form linked below.

As of July 1, 2024, we have updated our program with Hackrate. In light of our quick response time and in an effort to be more transparent, Proctorio will have the option to publish any patched vulnerabilities in a shortened window.

Report a vulnerability
A person wearing headphones reclined on a beanbag, computer on lap. Above, we see their screen, populated with lines of code.