Product security
Customers need the confidence that assessments are getting valid, reliable and defensible results. We’ve built security into our products from day one and continuously strengthen and improve security features across our assessment management system.
- Secure locked-down browser Significantly minimize the risk of cheating and content theft.
- Online, onsite and record and review proctoring Flexible proctoring solutions for both on-site and live-online (remote) proctoring.
- Roles-based access Ensure your assessment administrators only see what you permit them to see.
- Single sign-on using SAML Provide users with streamlined access, simplify administration and strengthen security.
- Define password policies Create custom password policies that vary by role, tailored to your organization’s internal policies.
Service security and transparency
Questionmark operates a trustable, scalable and robust OnDemand Service for managing, delivering and reporting on assessments. Questionmark’s OnDemand Service contains multiple layers of security, including physical safeguards, access control, environmental management and uninterruptible power supply, and is protected by firewalls to appropriately restrict access.
Access Control & Physical Security
- Our infrastructure is hosted in the Microsoft Azure cloud with independent service offerings provided from the following locations – the EU, EU Central, AU, US, US Gov.
- Every data center has 24-hour manned security, and access is restricted to select personnel with appropriate identification
- Video surveillance, motion detectors and intruder alarms are located throughout each facility
- Redundant power grid connections, batteries, multiple generators, tier-one internet connections and secure off-site backups
Network Protection
- Internet traffic in and out of the data centers is encrypted using TLS
- A custom Intrusion Detection System (IDS) monitors network traffic and finds malicious attacks before they occur
- Each server in the various tiers is protected by a host-level firewall
- A Bastion Host is used to allow system maintenance without damaging system security or integrity
- Antimalware technology is used and updated on a regular basis
Application Monitoring and Transparency
Servers are continuously monitored for downtime and designed to notify the Network Operations Center for action to be taken immediately. The service is monitored from around the world to track performance and connect, processing and transfer times. We believe in transparency. Questionmark is willing to provide penetration test results for customers under NDA. For up-to-date details about the status of the OnDemand service, please refer to: status.questionmark.com
People Security
Systems and processes are only as secure as the people who manage them. That’s why security is embedded into Questionmark’s company culture.
- Independent background checks are carried out on every employee
- Dedicated security team that reports directly to a board member to provide independence from operations
- Employees are required to log on with two-factor authentication for key systems of record
- Regular employee training and assessments are given on data security
- Regular phishing tests are administered to check and optimize employee awareness