Three layers are better than one
Exam recordings are secured and processed using three layers of encryption:
More exam administrators are expanding their courses and exams to online platforms. This leads to an increase of test-taker data being transferred and stored. It also leads to concern over the security of that data.
At Proctorio, keeping test-taker information and data secure is our top priority. This means making an active effort to protect individual, recording, and personally-identifiable information.
Exam recordings are secured and processed using three layers of encryption:
The end-to-end encryption layer is secured using AES-GCM.
Transmission of data into the data center is only over TLS 1.2 or 1.3 and if the client supports it, we are able to use Perfect Forward Secrecy (PFS).
Recording data at rest within the data center is encrypted using AES-256 and is FIPS 140-2 compliant. All data centers are ISO 27001 certified, SOC 2 attested.
Proctorio utilizes end-to-end encryption, which means encrypted audio, video, screen recordings and images cannot become unencrypted until they are unlocked by an institution-approved representative.
Our platform goes through daily vulnerability scans and semi-annual penetration tests to assess the strength of our systems against a potential attack. Partnered institutions can see these daily vulnerability scans under an NDA. This creates a security system you can trust.
Proctorio never requires test-takers to provide additional Personally Identifiable Information (PII) to access an exam. Test-takers simply sign in their Learning Management System (LMS) with their institution’s credentials and access their Proctorio exam. For third-party assessment platforms, a unique passcode is generated and managed by Proctorio, so that the test-takers can access the exam effortlessly.
All recordings are transferred and stored with end-to-end encryption, and can only be accessed by institution-approved representatives.
Learn more about Proctorio’s Privacy standards in our comprehensive Privacy Policy.
View Privacy PolicyProctorio engaged a leading information security consulting company to perform a Security Assessment of our software and cloud environment on June 24th, 2020.
With industry-leading tools, techniques, and penetration testing processes, the security consultant only identified a single low-impact issue. They also concluded that Proctorio appropriately implements end-to-end encryption and never possesses the encryption keys for the audio/video recordings they store. In addition to securing the encryption keys, the audit concluded that the cryptographic functionality was implemented appropriately using industry standard and vetted algorithms and their implementation libraries.
The third-party security consulting company determined that video and audio for exams are stored in the proper geographical regions based on the institution in accordance with local privacy and security laws. The regions tested include the USA, Canada, the European Union, the Middle East, and Australia.
We have partnered with Hackrate, a leading ethical hacking company. This partnership allows us to ensure that our software remains secure, private, and accessible for our end users: test-takers and exam administrators.
To keep user data safe and ensure privacy is protected, Proctorio is looking forward to working with the security community to help identify vulnerabilities.
If you're a security researcher or ethical hacker and you've found a vulnerability in our service, please let us know by using the Hackrate form linked below.
As of July 1, 2024, we have updated our program with Hackrate. In light of our quick response time and in an effort to be more transparent, Proctorio will have the option to publish any patched vulnerabilities in a shortened window.
Report a vulnerability