In 2021, Proctorio became the first fully remote proctoring service to achieve the ISO 27001 certification, which was created to standardize the process for establishing, implementing, operating, monitoring, reviewing, and maintaining an information security management system (ISMS). Now, with privacy and data security still at the forefront of its mission, Proctorio has both renewed its ISO 27001 certification and achieved ISO/IEC 27018:2019 certification. It is the only remote proctoring service to comply with such high levels of privacy protection.
Proctorio has received third-party accreditation per the published International Standards Organization (ISO) criteria. ISO 27018, developed by ISO and the International Electrotechnical Commission (IEC), is comparable to the European Union’s GDPR certification, which has more stringent privacy requirements than most American policies.
A-LIGN—the third-party auditor that completed both Proctorio’s SOC 2 Type 1 security audit and their ISO 27001 audit last year—also performed Proctorio’s initial audit to certify Proctorio’s ISMS against the more strict ISO 27018 standard.
“In this industry, compliance with privacy standards is often viewed as optional,” said Mike Olsen, founder and CEO of Proctorio. “Proctorio treats it as mandatory. That’s why we always have a third party audit our software to confirm that we are following the guidelines set forth by the International Standards Organization.”
To ensure compliance with numerous industry standards, Proctorio has worked with outside parties like iKeepSafe since 2015, which certifies the company for the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA). The company works with Deque for its annual Voluntary Product Accessibility Template (VPAT). Proctorio also complies with the California Consumer Privacy Act (CCPA) of 2018 and the Student Online Personal Information Protection Act (SOPIPA) of 2016 in the U.S., and the Freedom of Information and Protection of Privacy Act (FIPPA) and Alberta's Freedom of Information and Protection of Privacy Act (FOIP) in Canada.
Earlier this year, the California State Legislature introduced bill SB 1172, which targeted online proctoring companies that collect and sell test takers’ personal information. To the surprise of some, Proctorio came out in support of the bill and worked with Senator Richard Pan (D-Sacramento) to strengthen the bill’s language. Proctorio was the only online proctoring company to argue for stricter standards around its users’ privacy.