Choosing a remote proctoring provider is one of the most critical decisions a testing program can make. On the surface, many providers appear similar by promising secure browsers, monitoring, and deterrence. But beneath these assurances, the stakes are much higher: a single breach can undermine years of trust and damage your program’s reputation.
The Complex Threats Behind Remote Proctoring
Blocking copy-and-paste is easy. Stopping screen captures is table stakes. But candidates intent on cheating have more sophisticated tools at their disposal, and the list is growing. Virtual environments, duplicate input devices, and hidden remote sessions can all slip past providers who only lock down at the surface level.
Many remote proctoring providers are working hard to keep pace with increasingly sophisticated threats, but even well-established solutions can have gaps. These challenges are industry-wide, and that’s why rigorous evaluation is so important.
The Proof: Capability Matrix
This matrix is more than a guide—it’s a reality check. If your provider cannot demonstrate coverage across these capabilities, your program may be at risk. Our remote proctoring solution, ProctorNow™, addresses not only the easy gaps but also the advanced threats that many solutions overlook.
| Criteria Number | Criteria | Conformance | Notes |
|---|---|---|---|
| 1.0 | Prevent access to unauthorized tools | ||
| 1.1 | Display test full screen | Supports | Lockdown mode; controlled window focus |
| 1.2 | Block remote desktop | Supports | |
| 1.3 | Block virtual machines | Supports | Detects common VM/anti-detect signals |
| 1.4 | Block applications (process allow/deny) | Supports | Policy-based exceptions |
| 1.5 | Block printing | Supports | |
| 1.6 | Block unauthorized websites | Supports | URL/domain allowlist |
| 2.0 | Prevent content from being stolen or exposed | ||
| 2.1 | Block screen captures | Supports | OS-level and app-level hooks |
| 2.2 | Clear cut, copy, and paste buffers | Supports | During and on exit |
| 2.3 | Clear cache before and after testing | Supports | Configurable |
| 2.4 | Block man-in-the-middle attacks | Supports | TLS pinning & connection hardening |
| 3.0 | Required features | ||
| 3.1 | Block assistive technologies not related to accessibility | Supports | Allows approved AT only |
| 3.2 | Browser identification via JavaScript | Supports | Fingerprint & integrity checks |
| 3.3 | Block content on additional monitors | Supports | Single-display enforcement |
| 3.4 | Block gestures that allow access to content | Supports | OS/hardware gestures |
| 3.5 | Upload security events (blocked processes, invalid keys) | Supports | Centralized telemetry |
| 3.6 | Automatic software updates | Supports | Silent where permitted |
| 3.7 | Automatic configuration updates pre-test | Supports | Policy sync at launch |
| 4.0 | Optional features | ||
| 4.1 | Detect virtual video/microphones and duplicate input devices | Supports | Aids remote proctoring |
| 4.2 | Suppress authorization requests for microphones during exam | Supports | Policy-controlled |
| 5.0 | Platforms | ||
| 5.1 | Support all major platforms | Supports | Windows, macOS; roadmap for others as applicable |
| 5.2 | Configurable rendering engines | Partially supports | Where security posture allows |
| 6.0 | Privacy | ||
| 6.1 | Support uninstall | Supports | Clean removal post-exam |
| 6.2 | Limit tracking | Supports | Collect minimum necessary |
| 6.3 | Disclosure of all information captured | Supports | Policy and candidate notice |
| 7.0 | Accessibility | ||
| 7.1 | Compatibility with assistive software for accessibility | Supports | Approved AT via accommodation |
Core Capabilities Every Provider Must Prove
When evaluating providers, don’t stop at “does it lock down the browser?” Press further:
- Does it detect and block advanced cheating environments like virtual machines and remote desktops?
- Does it protect data in transit against interception?
- Does it log and escalate suspicious activity or simply block it silently?
- Does it strike a balance between accessibility and integrity, allowing only approved assistive technologies?
- Does it update automatically, keeping defenses ahead of emerging threats?
If the answer is no to any of these, your program may be exposed to risk.
The Bottom Line for Your Program
Choosing a remote proctoring provider is a decision that impacts the integrity of your entire program. Don’t settle for surface-level protection. If you’d like to review the full Remote Proctoring Capability Matrix or discuss how these defenses apply to your program, let’s schedule a technical review of your current defenses.
About the Authors
Ron Lancaster is the Chief Technology Officer with nearly 30 years of experience in product and technology leadership, including 20 years in the assessment industry. With a passion for artificial intelligence and engineering excellence, he is focused on advancing ITS’s AI, cloud, and new product strategies. Ron holds a master’s degree in software engineering from the University of Minnesota and has earned several patents. He has also mentored technology startups through Techstars and the Minnesota Cup. When he isn’t working, you can find Ron spending time with his family, snowboarding in the winter, and cycling all year round.
Chris Glacken is the Director of Innovative Technologies at ITS. Chris has nine years of experience in assessment with over a decade of experience in business and technical system requirements. He’s responsible for the ITS Secure Browsers and developed an in-house ‘white hat’ tool to identify Secure Browser vulnerabilities. He’s also the mastermind behind the ITS remote proctoring technology, ProctorNow™. He earned his bachelor’s degree in information science/studies at Salisbury University, Perdue School of Business. When he’s not pioneering innovative ideas for testing software, you can find him playing Minecraft with his two sons.
Leave a Reply