JCQ requires centres to have contingency plans in place in the event of the absence of their exams officer at critical stages of the exam cycle - namely entry submission, preparing for exams, exam time, results day(s) and post-results.
Exam contingency planning - Covering the absence of your exams officer
The NAEO suggests the following measures as part of a centre's contingency plan:
Online calendar
Ask your exams officer to complete the online calendar contained within The Exams Office Hub with the tasks they will be undertaking. This should be completed one month in advance to allow colleagues to view upcoming tasks.
Information should also include links to support materials and deadlines.
As senior leader/line manager, you should have a login to The Exams Office Hub - preferably the second centre administrator - to enable you to access all documents, online tools and the latest stakeholder information.
Exams Manual
Ask your exams officer to maintain all key documents within their Exams Manual.
The Exams Manual is sent to all centres (with a membership to The Exams Office) on a biennial basis, and requires an exams officer to retain the following information for contingency and succession planning and JCQ inspection purposes:
- General information – e.g. key dates; awarding body contact details; MIS provider guides/information etc.
- Key documents – templates/forms, guides, checklists etc as used within your centre each academic term
- Compliance – records of inspection reports
- Policies – a repository for exams-related policies/procedures
- Invigilation – a record of training given to invigilators and copies of certificates
- Professional Development – a record of professional development activities undertaken/events attended by the exams officer/exams office staff
Joint Council for Qualifications
In November 2023, JCQ published Guidance for centres on cyber security which should be adhered to by all staff engaged in the management, administration and conducting of examinations.
Senior leaders should ensure that all staff follow the best practice outlined in this guidance:
- Create strong unique passwords
- Keep all account details secret
- Enable additional security settings wherever possible
- Update any passwords that may have been exposed
- Set up secure account recovery options
- Review and manage connected applications
- Stay alert for all types of social engineering/phishing attempts
- Monitor accounts and review account access regularly
Senior leaders should ensure that they stay informed about the latest security threats and trends in account security and educate staff on how to identify phishing attempts, secure devices and protect systems and data.
The National Cyber Security Centre (NCSC)
The NCSC provides the excellent and comprehensive cyber security advice and guidance for schools/colleges which senior leaders should ensure is being observed for any IT systems used within a centre, particularly those where learner information, learner work or assessment records are held.
In addition to the areas covered by JCQ guidance, other topics covered by the NCSC training and guidance include:
- Establishing a robust password policy
- Enabling multi-factor authentication (MFA)
- Keeping software and systems up to date
- Implementing network security measures
- Conducting regular data backups
- Educating employees on security awareness
- Developing and testing an incident response plan
- Regularly assessing and auditing security controls
If centres experience a cyber attack which impacts any learner data, assessment records or learner work, contact with their awarding body should be made immediately for advice and support.
Cyber Security Policy template
The Exams Office has produced a Cyber Security Policy (Exams) template which is available in the Key Documents area of The Exams Office Hub.
Although there is no current JCQ requirement for centres to specifically have a cyber security policy in place, this template is designed to provide centres with a starting point/framework on which to build a cyber security policy and associated procedures relating to the management, administration and conducting of examinations.
This template is informed by guidance published by the Joint Council for Qualifications (JCQ) and the National Cyber Security Centre (NCSC).
Educating employees on security awareness
During the 2024/2025 academic year, the NAEO, in partnership with The Learning and Skills Office, will be launching an online, certificated, cyber security training and assessment programme.
Senior leaders will be able to register centre staff for this annual online training.
A student version of this training will be launched during 2025.
Resilience and contingency arrangements checklist template
This checklist has been produced to support senior leaders in meeting the requirements relating to resilience and contingency measures as set in sections 3.16-3.19 of the JCQ General Regulations for Approved Centres publication.
The head of centre/senior leader with overall responsibility for examinations/assessments should confirm completion of/adherence to each area within the checklist.
Although an exams officer may support with the compliance of these resilience and contingency measures, it is the responsibility of the head of centre/senior leader with overall responsibility to ensure that their centre is complying with these JCQ regulations and that measures are reviewed and updated on an annual basis.
How to complete the checklist
- Record the names and/or job titles of those staff with responsibility for/involved in a particular area/process
- Confirm in the relevant section when a requirement is met
- Record notes (as applicable), for example, to describe how a process works or to insert a link to relevant other documentation or further information