This article was originally featured on Security Journal UK.
There is an assumption baked into a lot of online exam security: that if some monitoring is good, more must be better. Turn on the webcam, record the screen, track the eyes, lock down the machine, flag every anomaly. It feels rigorous. But more surveillance does not automatically produce more integrity — and past a certain point it starts to cost you the very trust you were trying to protect.
Monitoring is not the same as integrity
Integrity is the outcome you actually want: results that reflect what a candidate genuinely knows and can do. Surveillance is one of several means to that end, and a fairly blunt one. A wall of video and behavioural flags generates a lot of data, but data is not evidence, and evidence is not the same as a fair, defensible decision. Piling on monitoring can create an impression of rigour while doing very little to change whether the result is trustworthy.
The costs of over-monitoring
Excessive surveillance is not free, even when the software is. It carries real costs that rarely appear in the business case.
Candidate trust
Candidates who feel watched and distrusted do not perform as themselves. Intrusive monitoring raises anxiety, and anxious candidates make more of the innocent movements that then get flagged as suspicious — a feedback loop that undermines both the experience and the data.
Fairness and accessibility
Blanket surveillance tends to fall hardest on the people least able to conform to it: candidates with disabilities, atypical movement patterns, poor lighting, shared living spaces or older devices. What looks like a neutral control is often a source of bias, creating accessibility problems that quietly skew who passes and who gets flagged.
Legal and regulatory exposure
Regulators are paying closer attention to intrusive proctoring — biometric processing, always-on recording, automated decisions about people's futures. Collecting the maximum amount of personal data on every candidate, regardless of the stakes, is exactly the posture that attracts scrutiny and complaints. The compliance risk of over-monitoring is now often larger than the integrity risk it was meant to address.
Risk-based, proportionate security
The alternative is not to abandon security. It is to match the controls to the actual risk of each assessment. A low-stakes practice test, a formative quiz and a licensing exam that gates someone's career do not need — and should not get — the same level of monitoring.
Proportionate security means asking, for each assessment: what is genuinely at stake, what threats actually apply, and what is the least intrusive control that addresses them? Sometimes that is full proctoring with lockdown. Often it is much less — good assessment design, randomised question banks, sensible time limits and access controls that make cheating hard without treating every candidate as a suspect.
Designing for trust as well as integrity
A few principles help keep the balance right:
- Privacy by design: collect the minimum data needed for the stakes involved, and be deliberate about what you don't collect.
- Transparency: tell candidates what is monitored, why, and what happens to the data. Surveillance people understand and consent to erodes far less trust than surveillance that feels hidden.
- Governance, not just tooling: decisions that affect someone's result should have a human in the loop, a clear appeals route and an audit trail — not an automated flag standing in for a judgement.
The real goal
The point of exam security is a result everyone can believe in — the candidate, the awarding body and the people who rely on the credential. Maximum monitoring is a tempting proxy for that, but it is only a proxy, and an expensive one. Integrity, trust and proportionality are not in tension when security is designed well; they reinforce each other. The organisations that get this right are not the ones watching the most. They are the ones watching the right things, for the right reasons, at the right stakes.
This article was originally featured on Security Journal UK.

-min.png)