Secure exams are not a "setting". They are a shared risk model. If you run digital assessments at scale, you’ve probably heard a familiar refrain: “Why can’t the technology just stop misconduct?”.
It’s a fair question because from the outside, “security” can look deceptively simple: lock down the environment, monitor activity, and the problem goes away.
But secure exams are not a single control. They are a system of trade-offs across law, privacy, accessibility, pedagogy, operations, and a threat landscape that changes every semester. And that is exactly why the most important first step is not choosing a tool, it is choosing (and documenting) a risk profile.