Menu

Security is no accident

COVID-19 Response

Learn how to keep your organization up and running during COVID-19.

Data Security You Can Trust

More test takers and their exam administrators are expanding their courses and exams to online platforms. This leads to an increase of test-taker data being transferred and stored. It also leads to concern over the security of that data.

At Proctorio, keeping test taker’s data secure is our top priority. This is why our security has gone through years of testing and is tailored to protect you and your exam data.

Keeping Us Accountable

Proctorio engaged a leading information security consulting company to perform a Security Assessment of our software and cloud environment on June 24th, 2020.

Zero Knowledge Encryption Audit

With industry-leading tools, techniques and penetration testing processes, the security consultant only identified a single low impact issue. They also concluded that Proctorio appropriately implements Zero-Knowledge Encryption and never possesses the encryption keys for the audio/video data they store. In addition to securing the encryption keys, the audit concluded that the cryptographic functionality was implemented appropriately using industry standard and vetted algorithms and their implementation libraries. Lastly, it was determined that the software was adequately hardened to resist tampering and intrusion.

Data Privacy Compliance Audit

The third party security consulting company determined that video and audio for exams are stored in the proper geographical regions based on the institution in accordance with local privacy and security laws. The regions tested include USA, Canada, European Union, Middle East and Australia.

Read the full report

Three Layers are Better Than One

Our Test-Taker’s data (including all video, screen and audio recordings) is secured and processed through three layers of encryption:

  1. Transmission into the datacenter is only over TLS 1.2 or 1.3 and, if the client supports it, we use Perfect Forward Secrecy (PFS).
  2. Data at rest within the data center is encrypted using AES-256 and is FIPS 140-2 compliant. All data centers are ISO 27001 certified, SOC 2 attested.
  3. Lastly, the zero-knowledge layer is secured using AES-GCM, using encryption keys never shared with Proctorio.

Let’s breakdown that last and most important layer: zero-knowledge encryption.

Zero-Knowledge Encryption

Proctorio utilizes zero-knowledge encryption, which means we have zero access to the encrypted data on our own servers. This unique design allows nothing to leave your computer until after it is encrypted. Data never becomes unencrypted until it's unlocked by an authorized school official. It’s not just end-to-end encryption, it’s a zero-knowledge system.

Daily Vulnerability Tests

Our platform goes through daily vulnerability and penetration tests to assess the strength of our systems against a potential attack. Partnered institutions can see these daily vulnerability scans under an NDA. This creates a security system you can trust.

A Friendly Reminder

Proctorio never requires test-takers to provide additional personal information (PII) to access an exam. Students simply sign in their LMS with their institution’s credentials and access their assessment. For third party platforms, a unique passcode is generated and managed by Proctorio, so that the students can access the exam effortlessly even when taking the exam outside of their LMS and/ or testing platform.

The exam data is transferred and stored with zero-knowledge encryption, and can only be accessed by your exam administrators.

Learn more about Proctorio’s Privacy standards and measures.

Questions regarding data storage, recovery, and deletion should be directed to:

Proctorio
6840 E. Indian School Road
Scottsdale, Arizona 85251
Email: [email protected]

Experience the difference Proctorio can make

Get Started

Tell us who you are

Sign up to experience Proctorio

Please provide your email address so we can connect you with a team member.