Data security you can trust

More exam administrators are expanding their courses and exams to online platforms. This leads to an increase of test-taker data being transferred and stored. It also leads to concern over the security of that data.

At Proctorio, keeping test-taker information and data secure is our top priority. This means making an active effort to protect individual, recording, and personally-identifiable information.

Three layers are better than one

Exam recordings are secured and processed using three layers of encryption:

1. Zero-Knowledge

The Zero-Knowledge Encryption layer is secured using AES-GCM.

2. Transmission

Transmission of data into the data center is only over TLS 1.2 or 1.3 and if the client supports it, we are able to use Perfect Forward Secrecy (PFS).

3. Data at rest

Recording data at rest within the data center is encrypted using AES-256 and is FIPS 140-2 compliant. All data centers are ISO 27001 certified, SOC 2 attested.

Zero-Knowledge Encryption

Proctorio utilizes Zero-Knowledge Encryption, which means encrypted audio, video, screen recordings and images cannot become unencrypted until they are unlocked by an institution-approved representative.

Daily vulnerability tests

Our platform goes through daily vulnerability scans and semi-annual penetration tests to assess the strength of our systems against a potential attack. Partnered institutions can see these daily vulnerability scans under an NDA. This creates a security system you can trust.

A friendly reminder

Proctorio never requires test takers to provide additional Personally Identifiable Information (PII) to access an exam. Test takers simply sign in their Learning Management System (LMS) with their institution’s credentials and access their Proctorio exam. For third-party assessment platforms, a unique passcode is generated and managed by Proctorio, so that the test takers can access the exam effortlessly.

All recordings are transferred and stored with Zero-Knowledge Encryption, and can only be accessed by institution-approved representatives.

Learn more about Proctorio’s Privacy standards in our comprehensive Privacy Policy.

View Privacy Policy

Keeping us accountable

Proctorio engaged a leading information security consulting company to perform a Security Assessment of our software and cloud environment on June 24th, 2020.

Zero-Knowledge Encryption Audit

With industry-leading tools, techniques, and penetration testing processes, the security consultant only identified a single low-impact issue. They also concluded that Proctorio appropriately implements Zero-Knowledge Encryption and never possesses the encryption keys for the audio/video recordings they store. In addition to securing the encryption keys, the audit concluded that the cryptographic functionality was implemented appropriately using industry standard and vetted algorithms and their implementation libraries.

Data Privacy Compliance Audit

The third-party security consulting company determined that video and audio for exams are stored in the proper geographical regions based on the institution in accordance with local privacy and security laws. The regions tested include the USA, Canada, the European Union, the Middle East, and Australia.

HackerOne

We have partnered with HackerOne, a global team of security leaders with a mission to make the Internet safer. This partnership allows us to ensure that our software remains secure, private, and accessible for our end users: test takers and exam administrators.

We welcome ethical hackers to participate within our HackerOne program by filling out their vulnerability form and clicking below.

Report a vulnerability