Zoom is safe to use for exams thanks to new update and guidelines
It‘s safe for examiners and co-examiners to discuss grading, and Zoom can be used for exams involving sensitive personal data, confidential data and NDAs, a new security assessment concludes.
Zoom is so safe that it can be used for virtually any type of oral exam at Aarhus University.
This is the conclusion of an IT security review by DeiC (Danish e-Infrastructure Cooperation), which procures digital infrastructure for the Danish universities.
And AU’s own IT security review agrees, explains Søren Broberg Nielsen, AU’s DPO (data protection officer):
“A lot of the criticism Zoom has gotten has been focused on the free version or the commercial version. So it’s not that relevant for AU as long as users follow our guidelines. That’s because the Danish universities have a completely different setup – all of our data is encrypted and stays in Scandinavia on DeiC’s platform. Along with Zoom’s most recent update (version 5.0, which was rolled out on 27 April, ed.), this means that both we and DeiC have concluded that the service is perfectly safe to use, as long as you follow our guidelines – including for processing data that contains sensitive personal data or is confidential.”
It’s safe to discuss grading on Zoom
For example, the new security review means that:
- examiners and co-examiners can discuss grading and assign grades on Zoom;
- Zoom can be used in connection with exams under NDAs, for example exams that involve third parties;
- health sciences degree programmes can use Zoom for exams involving patient cases.
Anders Hyldig, head of AU’s EDU IT Hub, is pleased with DeiC’s announcement:
“During the coronavirus crisis, Zoom has become an incredibly important part of AU’s digital toolbox. It makes a big different to how exams are conducted that teachers and students can use the service for more things without having to worry about IT security.”
New exam site in the works
The EDU IT Hub is currently working on a new exam site in collaboration with the teaching development centres. The new site will present general guidelines and recommendations on conducting exams in digital formats. According to Hyldig, the site will be a resource that both teachers and students can draw on to help make sure exams can be conducted as efficiently and safely as possible.
At the same time, both he and AU’s DPO stress that all teaching staff and students must comply with DeiC’s guidelines in order to ensure adequate IT security during exams:
- Only use the Zoom client offered by DeiC through WAYF. Do not use the version you can download from the Zoom website.
- Check to make sure your Zoom installation is up-to-date, preferably every day (the 5.0 version was launched on 27 April).
- Always use the ‘waiting room’ feature in Zoom if possible, because this gives you greater control over who participates in your meetings.
- All meetings must have a password.
- Use a different channel to send the password to participants, such as email.
- Never use your personal meeting ID. Instead, select ‘one time meeting ID’ or change your settings to ‘generate automatically’.
For more information, see the DeiC’s FAQ on criticism of Zoom (in Danish)