Overview
EC-Council maintains a comprehensive Certification Examination Security & Integrity Framework designed to protect the validity, reliability, fairness, confidentiality, defensibility, and integrity of all certification examinations delivered through:
- EC-Council Testing Centers (ETC)
- EC-Council Remote Proctoring System (RPS)
- Authorized third-party examination delivery providers
This framework applies across all examination delivery models and includes operational monitoring, candidate authentication, examination supervision, audit controls, statistical analysis, behavioral monitoring, psychometric forensics, compliance reviews, and post-examination investigations intended to preserve the integrity and credibility of EC-Council certification programs.
EC-Council reserves the right to review, audit, investigate, validate, suspend, invalidate, revoke, deny, or withhold examination results, certifications, badges, transcripts, or examination privileges where examination integrity, candidate authenticity, compliance obligations, or examination security requirements cannot be reasonably established or verified.
Accreditation, Fairness & Certification Integrity
EC-Council’s certification programs are designed and administered in alignment with internationally recognized personnel certification principles and examination security practices, including applicable requirements associated with ANSI National Accreditation Board (ANAB) accreditation and ISO/IEC 17024 standards for personnel certification bodies.
In support of ISO/IEC 17024 principles relating to examination validity, reliability, fairness, impartiality, confidentiality, candidate authentication, and certification integrity, EC-Council maintains examination security and compliance controls intended to ensure that:
| Certification Integrity Objective | Purpose |
|---|---|
| Valid & Defensible Certification Decisions | Certification decisions are supported through secure, fair, reliable, and defensible examination processes. |
| Fair Candidate Evaluation | Examination results accurately reflect candidate competency without unfair advantage or compromise. |
| Examination Security & Confidentiality | Examination content, systems, intellectual property, and delivery processes remain secure and protected. |
| Candidate Authentication & Session Integrity | Candidate identity, examination participation, and session integrity are appropriately validated and monitored. |
| Examination Integrity Monitoring | Examination irregularities, misconduct risks, operational anomalies, and security concerns are appropriately identified, reviewed, and addressed. |
| Ongoing Accreditation Alignment | Examination delivery and security controls support ongoing alignment with applicable accreditation and certification governance expectations. |
EC-Council may utilize internal review teams, authorized delivery partners, forensic methodologies, automated monitoring systems, session recordings, identity verification systems, behavioral analytics, psychometric analysis, statistical analysis, artificial intelligence-assisted monitoring systems, and other examination security controls to protect the integrity of its certification programs.
Candidates, proctors, Authorized EC-Council Testing Centers (ETCs), partners, vendors, and examination personnel are expected to uphold the integrity, impartiality, professionalism, confidentiality, and ethical obligations associated with accredited certification programs.
Any activity that may compromise examination validity, impartiality, fairness, confidentiality, examination security, or public trust in EC-Council certifications may result in compliance review, investigation, administrative action, examination invalidation, suspension, revocation, permanent restrictions, or other corrective measures deemed appropriate by EC-Council.
EC-Council reserves the right to continuously enhance, revise, implement, expand, or modify examination security and compliance controls in response to evolving examination security risks, accreditation expectations, operational requirements, technological developments, and certification integrity obligations.
Examination Delivery Models
| Delivery Model | Description | Applicable Security Controls |
|---|---|---|
| ETC – EC-Council Testing Centers | Examinations delivered within approved onsite testing environments, academic institutions, or authorized partner facilities operating under supervised and controlled examination conditions. | Candidate identity verification, controlled testing environments, authorized proctor supervision, examination access controls, image capture, session monitoring, session logging, IP validation, VPN Checks, testing location validation, network activity review, device authentication, operational audits, behavioral analysis, statistical analysis, psychometric forensics, post-exam forensic review, and additional examination security controls as determined by EC-Council. |
| RPS – Remote Proctoring System | Examinations delivered through live remote proctoring technologies and remote supervision processes designed to validate candidate identity, examination integrity, and examination environment compliance. | Live remote monitoring, webcam supervision, candidate authentication, environment validation, continuous visibility monitoring, session recording, image capture, IP address validation, VPN and proxy detection, geographic validation, geolocation analysis, device authentication, browser and system integrity checks, network activity analysis, behavioral monitoring, statistical analysis, psychometric forensics, post-exam forensic review, and additional examination security controls as determined by EC-Council. |
| Authorized Third-Party Delivery Providers | Examinations delivered through approved third-party examination providers operating under authorized examination delivery, monitoring, and examination security procedures. | Identity verification, session monitoring, forensic analysis, statistical analysis, Authorized Third-Party Delivery Providers Examinations delivered through approved third-party examination providers operating under authorized examination delivery, monitoring, and examination security procedures. Identity verification, session monitoring, forensic analysis, statistical analysis, psychometric review, behavioral analytics, session recording, operational audits, proctoring controls, IP and network analysis, geographic validation, anomaly detection, and additional examination security controls implemented by the provider and/or EC-Council. |
Candidate Identity Verification & Authentication
All candidates are subject to identity verification and authentication requirements prior to and/or during examination delivery.
At the time of examination registration, scheduling, onboarding, check-in, and/or prior to the start of an examination session, candidates may be required to upload, present, validate, or otherwise provide a copy of an approved government-issued photo identification document for candidate authentication and examination security purposes.
Depending on the examination delivery model, candidates may additionally be required to complete live verification, facial validation, image capture, environment validation, or additional authentication procedures before or during examination delivery.
| Security Control | Description |
|---|---|
| Government-Issued Identification Verification | Candidates may be required to upload, present, or validate approved government-issued photo identification documents before examination access is granted. |
| Facial / Image Validation | Examination systems and/or proctors may capture candidate images or perform facial validation procedures for identity confirmation. |
| Live Authentication Procedures | Candidates may be required to complete additional live verification or authentication procedures during remotely proctored or monitored examinations. |
| Environment Validation | Candidates may be required to validate their testing environment, workspace visibility, and compliance with examination conduct requirements. |
| System & Device Validation | Examination systems may perform hardware, browser, network, or device integrity checks before or during examination delivery. |
| Geographic & Access Validation | Examination systems may validate candidate location, IP information, access patterns, VPN/proxy indicators, and related session authentication records. |
EC-Council reserves the right to request additional information or supporting documentation where candidate identity, examination activity, examination location, or examination integrity cannot be reasonably verified.
EC-Council reserves the right to utilize additional advanced examination security, monitoring, forensic, analytical, behavioral, psychometric, artificial intelligence-assisted, identity validation, or investigative technologies, including technologies, platforms, systems, or services provided by authorized third-party vendors, partners, examination delivery providers, or forensic solution providers, for the purpose of protecting examination integrity, validating candidate authenticity, identifying operational or behavioral anomalies, detecting potential examination misconduct, supporting audit and investigation activities, and maintaining compliance with applicable accreditation, certification governance, and examination security requirements.
Audit Selection & Examination Review Process
As part of EC-Council’s examination security program, quality assurance processes, accreditation expectations, and ISO/IEC 17024 aligned examination governance practices, examination sessions may be selected for audit, monitoring, compliance assessment, operational review, or forensic analysis before, during, or after an examination session.
Examination reviews help ensure that:
| Examination Review Objective | Purpose |
|---|---|
| Certification Decisions Remain Reliable | Certification outcomes remain fair, valid, reliable, and defensible. |
| Candidate Competency Is Properly Assessed | Examination results accurately reflect demonstrated candidate competency. |
| Examination Fairness Is Maintained | No candidate receives an unfair advantage through misconduct or compromise. |
| Examination Delivery Standards Are Followed | Proctoring, monitoring, and examination administration requirements are consistently enforced. |
| Examination Systems Remain Secure | Examination content, systems, infrastructure, and delivery mechanisms remain protected. |
| Examination Risks Are Identified & Mitigated | High-risk examination behaviors, anomalies, or integrity concerns are appropriately reviewed and addressed. |
Examination sessions may be selected for review through:
| Review Trigger Type | Description |
|---|---|
| Random Audit Selection | Routine random examination quality assurance reviews. |
| Risk-Based Monitoring | Reviews triggered through operational or behavioral risk indicators. |
| Intelligence-Led Reviews | Reviews initiated through internal intelligence, reporting, escalations, or investigative indicators. |
| Statistical or Psychometric Analysis | Reviews associated with forensic analysis, score anomalies, behavioral correlations, or response pattern irregularities. |
| System-Generated Alerts | Reviews initiated through automated monitoring systems or examination security controls. |
| Proctor or Operational Escalations | Reviews initiated through proctor observations, operational concerns, or examination delivery anomalies. |
| Post-Exam Forensic Review | Reviews conducted after examination completion as part of ongoing examination security analysis. |
Selection for review does not automatically indicate misconduct, wrongdoing, examination compromise, or policy violation.
Examination Security Reviews
EC-Council may conduct routine, targeted, random, intelligence-led, operational, or risk-based examination security reviews before, during, or after examination delivery.
Review activities may include analysis of:
| Review Area | Examples |
|---|---|
| Session Monitoring Records | Session recordings, webcam activity, monitoring observations, visibility controls, and monitoring continuity. |
| Identity Verification Records | Identification records, authentication data, biometric comparisons, and facial validation procedures. |
| System & Examination Logs | Examination telemetry, metadata, operational logs, access records, network activity, and session continuity indicators. |
| Behavioral & Operational Indicators | Candidate behavior, inactivity patterns, navigation anomalies, unusual response behavior, or irregular operational activity. |
| Statistical & Psychometric Analysis | Score anomalies, response similarity, timing irregularities, psychometric forensics, or statistical examination indicators. |
| Proctor & Operational Reports | Escalation records, supervision concerns, monitoring anomalies, or operational findings. |
| Device, Location & Network Indicators | IP analysis, geographic inconsistencies, VPN/proxy indicators, device authentication, geolocation analysis, or network-related anomalies. |
| Other Examination Integrity Information | Any additional information deemed relevant to protecting examination validity and certification integrity. |
Examination reviews may be conducted regardless of whether an issue was identified, escalated, interrupted, or actioned during the live examination session.
Security & Compliance (SC) Review Categories
The following Security & Compliance (SC) categories represent examples of examination security conditions, integrity concerns, operational irregularities, or policy violations that may trigger review, audit escalation, investigation, result hold, invalidation, suspension, revocation, or disciplinary action.
| SC Code | Category | Description |
|---|---|---|
| SC-01 | Candidate Visibility & Monitoring Interruption | Failure to maintain continuous visibility, approved camera positioning, or uninterrupted monitoring presence during examination delivery. |
| SC-02 | Identity Verification Irregularity | Inconsistencies, mismatches, or inability to reasonably validate candidate identity or authentication records. |
| SC-03 | Unauthorized Assistance or Third-Party Presence | Any indication of unauthorized support, prompting, collaboration, or presence of unauthorized individuals within the examination environment. |
| SC-04 | Prohibited Materials or Device Usage | Access to or use of unauthorized devices, applications, communication methods, browsers, recording mechanisms, or prohibited materials. |
| SC-05 | Examination Environment Non-Compliance | Failure to maintain a compliant examination environment or workspace as required under examination delivery procedures. |
| SC-06 | Location, Network, or Access Anomaly | Irregularities associated with geographic validation, VPN/proxy usage, IP inconsistencies, unauthorized access indicators, or abnormal network behavior. |
| SC-07 | Behavioral or Session Integrity Anomaly | Operational, behavioral, or telemetry patterns inconsistent with expected examination conduct or examination integrity standards. |
| SC-08 | Statistical or Psychometric Forensic Flag | Examination activity identified through statistical analysis, psychometric review, behavioral correlation, or forensic analysis as potentially inconsistent with expected examination integrity standards. |
| SC-09 | Proctoring or Supervision Irregularity | Potential irregularities associated with proctor conduct, supervision quality, monitoring failures, or examination oversight concerns. |
Examination Monitoring & Security Controls
EC-Council and/or its authorized examination delivery providers may implement security and monitoring controls before, during, and after examination delivery.
| Security Control | Description |
|---|---|
| Live or Recorded Monitoring | Examination sessions may be monitored in real time and/or recorded for security, audit, compliance, investigation, and certification integrity purposes. |
| Session Event Logging | Examination systems may record operational and security events associated with examination activity. |
| Image & Webcam Monitoring | Candidate images, webcam feeds, or session snapshots may be captured and reviewed for examination integrity validation. |
| IP & Geographic Validation | Examination systems may review IP address information, geographic indicators, VPN/proxy activity, network activity, and access validation records. |
| Behavioral Monitoring | Examination activity may be reviewed for irregular behavioral patterns, anomalous navigation behavior, inactivity trends, or operational inconsistencies. |
| Statistical & Psychometric Analysis | Examination results may undergo statistical, psychometric, forensic, or behavioral analysis regardless of examination outcome. |
| Audit & Investigation Reviews | Examination sessions may be selected for operational review, audit escalation, forensic investigation, or compliance assessment based on risk indicators or security findings. |
Administrative Holds
EC-Council reserves the right to place examination results, score reports, digital badges, certifications, transcripts, examination records, or related credentials under administrative hold pending completion of a compliance, audit, operational, or examination security review.
An administrative hold does not constitute a final determination of misconduct, policy violation, examination compromise, or disciplinary action. However, examination results or certifications may remain unreleased, unvalidated, uncertified, suspended, or restricted until the review process has concluded.
During this process:
| Administrative Review Activity | Description |
|---|---|
| Candidate / Proctor Contact | Candidates, proctors, ETCs, partners, vendors, or examination personnel may be contacted for clarification or additional review. |
| Documentation Requests | Additional supporting information, identity verification records, travel records, examination environment information, or related documentation may be requested. |
| Additional Security Review | Examination security, compliance, psychometric, audit, or operational review teams may conduct further assessment and analysis. |
| Examination Integrity Validation | Examination activity may undergo additional behavioral, statistical, forensic, operational, or investigative review procedures. |
EC-Council reserves the right to determine the final disposition of examination results, certification status, or related actions following completion of the applicable review process.
Candidate Responsibilities
Candidates are responsible for complying with all examination security, authentication, monitoring, supervision, and conduct requirements applicable to the selected examination delivery method.
Candidates must not:
- impersonate another individual,
- permit unauthorized assistance,
- interfere with monitoring controls,
- use unauthorized materials or devices,
- attempt to compromise examination content,
- misrepresent identity or location,
- violate examination delivery procedures,
- or engage in conduct inconsistent with EC-Council examination security requirements.
Candidates participating in remotely or on site proctored examinations are additionally responsible for:
- maintaining continuous visibility throughout the examination session,
- ensuring appropriate lighting and workspace visibility,
- complying with all proctor instructions,
- and maintaining an approved and compliant examination environment.
Failure to comply with examination security requirements may result in review under one or more Security & Compliance (SC) categories.
Examination Security Actions
Security reviews, audit findings, operational irregularities, or confirmed violations may result in actions including, but not limited to:
| Action Type | Description |
|---|---|
| Warning Notice | Formal notification regarding examination security observations or compliance concerns. |
| Result Hold | Temporary hold of examination results pending review or investigation. |
| Delayed Score Release | Delayed publication of examination results pending additional verification procedures. |
| Examination Invalidation | Invalidating examination results where examination integrity cannot be reasonably verified. |
| Mandatory Review or Investigation | Escalation for additional operational, behavioral, statistical, psychometric, or forensic review. |
| Suspension or Revocation | Suspension or revocation of examination eligibility or certification status. |
| Permanent Restrictions | Permanent restriction from future examination participation or certification activities. |
EC-Council reserves the right to independently assess examination integrity and make final determinations regarding examination validity, certification status, and applicable corrective or disciplinary actions.
Appeals Process
Candidates may submit an appeal relating to a final examination security determination, examination invalidation, administrative action, certification action, or examination compliance outcome in accordance with EC-Council’s applicable appeals procedures, timelines, and review requirements.
Appeals must be submitted in writing (https://cert.eccouncil.org/appeal-procedure.html ) and may require supporting documentation, clarification records, identity verification materials, examination-related information, or other evidence deemed relevant to the review process.
As part of the appeals process, EC-Council reserves the right to:
| Appeals Review Activity | Description |
|---|---|
| Reassess Examination Records | Review examination recordings, system logs, session telemetry, authentication records, operational data, and related examination activity. |
| Conduct Additional Forensic Analysis | Perform additional behavioral, statistical, psychometric, technical, operational, or forensic review procedures. |
| Request Additional Information | Request clarification, supporting documentation, identity records, travel documentation, network information, or related materials deemed necessary for review. |
| Consult Internal or External Stakeholders | Engage authorized internal teams, examination delivery providers, forensic specialists, legal advisors, or operational stakeholders where appropriate. |
| Validate Examination Integrity Findings | Reevaluate examination security observations, operational anomalies, policy concerns, or integrity indicators relevant to the appeal. |
Submission of an appeal does not automatically suspend, reverse, invalidate, or delay any interim or final action taken by EC-Council, including but not limited to:
- examination result holds,
- delayed score releases,
- examination invalidations,
- certification restrictions,
- suspensions,
- revocations,
- or other examination security actions.
EC-Council reserves the right to make final determinations regarding examination validity, examination integrity, candidate eligibility, certification status, and applicable corrective or disciplinary actions following completion of the applicable review and appeals process.
Definitions
| Term | Definition |
|---|---|
| Administrative Hold | Temporary restriction placed on examination results, certifications, score reports, transcripts, digital badges, or related credentials pending review. |
| Compliance Review | A formal assessment relating to examination integrity, candidate conduct, proctoring compliance, operational anomalies, or examination security observations. |
| Security Observation | Any identified activity, behavior, anomaly, irregularity, operational event, or monitoring indicator requiring additional review or assessment. |
| Examination Irregularity | Any event, activity, condition, operational concern, anomaly, or behavior that may impact examination integrity, fairness, security, validity, reliability, or compliance. |
| Proxy Testing | Any attempt by an individual to test, appear, authenticate, or participate on behalf of another candidate. |
| Psychometric Forensics | Statistical, behavioral, analytical, or examination response analysis used to identify potential examination irregularities, anomalies, misconduct, or compromised examination activity. |
| Behavioral Analytics | Operational or behavioral analysis techniques used to identify irregular examination patterns, anomalies, suspicious activity, or examination integrity concerns. |
| Examination Security Review | Any operational, compliance, forensic, psychometric, behavioral, or investigative assessment conducted before, during, or after examination delivery. |
| Authorized Delivery Provider | Any approved third-party examination delivery organization, testing vendor, proctoring provider, or operational examination partner authorized by EC-Council. |
Data Privacy & Confidentiality
EC-Council may collect, process, monitor, review, retain, analyze, and store examination-related information including candidate identity records, authentication data, session recordings, examination telemetry, behavioral indicators, system logs, IP information, operational metadata, geolocation indicators, and related examination activity for examination security, operational, audit, investigation, compliance, accreditation, and certification integrity purposes.
All examination-related data handling, monitoring, retention, processing, confidentiality, and security practices are conducted in accordance with applicable laws and EC-Council data privacy, confidentiality, information security, and records management policies. (https://www.eccouncil.org/legal/privacy-policy/)
EC-Council maintains appropriate administrative, operational, organizational, and technical safeguards designed to protect examination-related information and preserve the integrity, confidentiality, defensibility, and reliability of its certification programs and examination security processes.
Contact
If you have questions, concerns, information, or reports relating to examination security, misconduct, examination integrity, proctoring concerns, operational irregularities, or compliance matters, please contact: [email protected]
EC-Council reserves the right to amend, revise, interpret, expand, enforce, or update these policies, procedures, controls, requirements, review methodologies, examination security measures, and compliance obligations at any time without prior notice.