Top 10 security tips for exams officers
Thursday 31 Aug 2023
As an exams officer, you handle confidential and sensitive information throughout the year, so it’s important that you handle data securely and that your school or college’s systems are as secure as possible.
Cyber security attacks have unfortunately become more common and sophisticated over the years, so it’s more important than ever that you know how to protect your centre and your learners’ data.
To help you at the start of the new term, we’ve put together these top 10 security tips.
1. Check your Centre Services account permissions
Regularly check the users registered to your centre on Centre Services – make sure the roles and permissions are appropriate, and remove any accounts that are no longer needed. It’s particularly important to check this in the run-up to key series milestones such as Entries, Exams, and Results days. If you have any concerns over an account, please get in touch with us.
2. Use different passwords for every system
Do not use the same password across multiple different accounts, platforms, or services – use unique passwords or passphrases for each one. Use modern password policy approaches if you can, such as 'Three random words', and consider using a password manager.
3. Never share your password with anyone
Do not share your password with any of your colleagues and avoid writing passwords down. We’d never contact you and ask you to confirm your password.
4. Change your password if you think it has been compromised
If you suspect your password might have been compromised, change it immediately using the password reset/forgotten password functionality.
5. Remember that we’ll never ask you for your multi-factor authentication code
We’ll never ask you for your Centre Services multi-factor authentication (MFA) code – not over the phone, by email, or any other method. You’ll only ever need to enter it directly on Centre Services when logging in.
6. Be careful with the information you give out over the phone
The only time we’d ask you to confirm the telephone number configured for your Centre Services MFA would be when we need to validate your identity after you’ve requested to change your MFA telephone number. We may, however, ask you for a telephone number when you contact us, but this is not related to MFA in any way and the two numbers may be different or happen to be the same.
7. Look out for phishing emails
Unfortunately, schools, colleges and awarding organisations are targets for malicious individuals who attempt to spoof. If an email looks suspicious, call the organisation it claims to be from directly to verify the request.
8. Stay vigilant with unexpected contact from us
If you receive a suspicious or unexpected email or telephone call claiming to be from AQA, please contact Customer Services on 0800 197 7162 or email eos@aqa.org.uk
9. Check your invoices are valid
If you have any concerns about an invoice that claims to be from AQA or on behalf of AQA, or any communication claiming to be from AQA about a change of our banking details, you can validate our bank details on our 'Invoices and how to pay' page.
10. Familiarise yourself with cyber security
Take a look at the National Cyber Security Centre guidance for schools for some practical resources to help improve your cyber security.
Related content
- Increased security measures from Summer 2024
- GCSE English Literature Paper 2 (specification 8702)
- Ofqual's letter to schools and colleges on exams and grading arrangements in summer 2024
- Submitting examined and moderated NEA files in summer 2024
- Updated JCQ guidance: use of artificial intelligence in assessments