The number of digital and remote examinations increased as a result of the coronavirus measures. Radboud University used proctoring software to prevent digital fraud. This approach was a subject of discussion at the university, as it was elsewhere. Not only because fraud would still be possible, but mainly because of students’ privacy.
Based on research, the Data Protection Officer concluded that online video surveillance during assessment using Cirrus and Proctorio software is suitable within the framework of the General Data Protection Regulation (GDPR) and the guidelines from the Personal Data Authority (Autoriteit Persoonsgegevens). Cirrus and Proctorio software are made available, but they should only be used if no feasible alternatives exist for administering the examination. This evaluation is made per assessment by the Examining Board. According to the board, it is not ideal but it is necessary, especially in view of study progress. However, degree programmes must clarify why the assessment is necessary and why alternative assessment methods are not available.
Students who do not want to participate in an examination using proctoring software, on principle or because of other obstacles, are not forfeiting an examination opportunity. Within the existing capacity constraints, these students will be given an alternative or will take the examination later. If students do not have a suitable test location – for example, due to noisy surroundings – other alternatives will be considered in consultation with the university. A webpage has been set up about the step-by-step plan, the use, and the house rules for administering tests using Cirrus and Proctorio. It also includes notes on the processing of personal data.
Information Security is High on Our Agenda
The ransomware attack on Maastricht University at the end of 2019 caused quite a stir. Information security is therefore high on the agenda of the Executive Board. In 2020, a lot of time and energy was spent on continuing to improve and ensure information security: for example, ethical hackers investigated vulnerabilities in the ICT infrastructure. An internal and external audit of information security was also carried out.
In addition, a multi-year information security improvement programme was launched in 2020 with the aim of strengthening the organisation and improving and better ensuring security on campus. This year, attention was mainly paid to technically oriented ICT projects, such as deploying anti-phishing software and setting up a security operations centre (SOC) and security incident and event management (SIEM). To this end, the university will connect to SURF's 24/7 service (SURFsoc) from 2021.
A multi-year information security improvement programme was launched in 2020.
The European tender for acquiring an information security management system (ISMS) has been initiated and will be completed in early 2021. A pilot project was conducted among a limited group of end users to raise awareness of information security. A follow-up to the pilot will be implemented for all students and staff members in 2021. The strengthening of the information security organisation will be further shaped by the recruitment of new staff.
General Data Protection Regulation
The GDPR has been enforced since May 2018, with a dedicated data protection officer verifying compliance with the regulation. In 2020, PwC conducted a quick scan within a faculty that looked at the implementation of the GDPR and thus the handling of personal data. Their recommendations have been translated into the ‘Personal Data Protection Improvement Programme’, which aims to better organise the handling of such data, among other things by further harmonising (administrative) processes and functions.
The university provides clear information (e.g. in a privacy statement) to the person whose data is being collected about the use of that data. Any exchange of personal data is set out in special agreements. In 2020, 45 requests were submitted in the context of the GDPR, mainly requests for inspection and deletion, also from external parties. This is more than double the number of requests received in 2019.
Preparations for Microsoft 365
Radboud University is a comprehensive, internationally oriented, student-focused research university that is committed to digitisation. A substantial part of the public and private lives of current generations of (future) lecturers, staff members and students takes place online. The work and study environment offered by the university must reflect this reality. Collaboration not only takes place between students and staff members, but also with partners like government authorities, the business community and civil society organisations. And, in view of increasing internationalisation, collaboration also takes place across borders.
This multifaceted reciprocal international collaboration requires a digital platform that fits the expectations and perceptions of all participating parties. That platform should be accessible to everyone, anytime and anywhere; available, safe and easy to use with any device. With such a digital environment, scientists, staff members, lecturers and students can pursue their ambitions in their own modern and professional manner, adding strength to a stimulating and inspiring work and study environment at Radboud University.
In 2019, preparations began for the implementation of Microsoft 365 as the digital collaboration environment for Radboud University. In early 2021, this resulted in the creation of one universal digital identity for staff, students and external parties, with the aim of using this new identity for all our information services in the coming years. The new digital identity is an important precondition for being able to offer Microsoft 365 to the staff and students of Radboud University. Microsoft 365 will be made available to staff members and students in 2021, thereby making an important contribution to the stimulating and inspiring work and study environment at Radboud University.