Protect Program From Test Administration Myths
Test administration—it’s where the rubber really meets the road for testing programs. It’s where your test-takers have their first exposure to your tests, assuming of course that your program has good security. Test administration is a complex link in the chain of the testing process. It is so specialized that the majority of testing programs rely on business partners to manage the process.
There is a sacred trust implicit in handing over your tests to a third-party business partner for administration to test-takers. Offering high-stakes tests means that you have a high-stakes relationship. Understanding and communicating your needs is an important part of any healthy relationship. Understanding and respecting the abilities and limits of one’s partner is both fair and realistic. Over the past decade, I’ve managed prominent information technology certification programs, and I’ve been deeply involved in a testing industry trade association. As guest pundit, there are a few important observations that I’d like to share:
- If you own a test, you are ultimately responsible for the entire testing process. Even if another party has assumed responsibility for your asset, you are the one who ultimately will deal with the consequences of a problem.
- All test-delivery organizations that I’ve seen are concerned about your test security. Resources are devoted to preventing problems from occurring, and following up and fixing them when they do occur. However, they are only one link in the chain of test custody. A systematic approach to security is necessary.
- Your tests can be administered with near 100 percent security—provided you were willing to pay enough for it and your test-takers could tolerate the inconvenience. Meanwhile, back in the real world, compromises are made.
- Knowledge puts you in the driver’s seat. Good testing program managers regularly check key security metrics and periodically audit their and their partners’ security posture. Proactive management is ultimately less expensive and less demanding than putting out fires.
- Your optimal test security posture is determined by understanding your risks, your risk tolerance and your remedies. If you are uncertain of any of these important variables, get competent assistance.
- Checks and balances make for good management. We all look to impartial, independent experts to verify many aspects of our business lives and to fill in our blind spots. Due diligence is an ongoing process, not a one-time task.
As I said earlier, test administration is where the rubber meets the road for testing programs. I’ve dealt with a variety of security problems in my career and I’ve seen still more among my industry colleagues. Most security issues are like slow leaks in a car’s tire: inconvenient, distracting, a drag on the efficiency and often unnoticed. Proper maintenance and safety checks make a difference. Test administration partners perform a critical service, but you own the car.
I personally experienced a security “blowout” several years ago. I was forced by circumstance to pull a popular test from the market. I lived to tell the tale and I learned a lot about security and risk management in the process. My holiday season wish for you is that your path to knowledge is far more pleasant.
Robert Pedigo, MBA, is co-founder and senior security director at Caveon Test Security (www.caveon.com). He founded the Oracle Certified Professional Program and managed Sun Certification. He recently stepped down from his role as executive director of the IT Certification Security Council to focus his energies on test security through Caveon.
Cyndy Fitzgerald responds:
You can’t throw this one over the fence. Secure test administration is as important to the integrity of your testing program as is the development of the initial test content. Maintain the warranty on your investment by having regular service checkups.
Cyndy Fitzgerald, Ph.D., is co-founder and senior security director at Caveon Test Security (www.caveon.com) and is a member of Association of Test Publishers. Address any test security questions or recommendations to Cyndy at firstname.lastname@example.org.