TAO Security

TAO’s open source framework ensures an enhanced level of security for your assessment platform and testing data.

Contact Us Admin Guide
Dotted background Pattern

Trusted by Users Around the World

The TAO platform leverages an open framework, but that doesn’t mean your data isn’t secured. In fact, it’s just the opposite. TAO’s open source framework ensures an enhanced level of security for your assessment platform and testing data.

As a platform trusted around the world for high-stakes national level assessment, career-building professional certification exams, classroom assessments, and a range of other applications, the performance and security of TAO is critical.  TAO engineering approaches demonstrate a commitment to proven industry standards and best practices, as well as continual monitoring and enhancement. This diligence ensures that TAO’s capabilities and capacities are able to meet the rigorous requirements of both large and small-scale assessment programs.

TAO’s performance and security framework includes policies, practices, and protocols in the following areas:

  • Reliability and Availability 
  • Scalability 
  • Data Protection


To maintain fast, reliable, and secure performance at scale, independent of the local capacity of testing locations, the TAO Cloud™ Managed Services (including hosting, optimization, and systems monitoring) operate on commercial-grade Web infrastructure, such as Amazon Web Services and Google Cloud. 

This approach allows TAO to build upon an infrastructure proven across industries including banking, education, media, entertainment, retail, and commerce. TAO users benefit from industrial-strength infrastructure, while TAO builds best in breed components for assessment technology, allowing testing programs to focus their resources on assessment innovation. Access to our infrastructure is highly restricted. 


Our data policy enforces the use of local file system encryption by our engineers and limits persistence of any sensitive data to the strictly required. Sensitive data includes, but is not limited to, test takers’ related data, test and item content, and data collected.

Customer content is stored in encrypted form in the cloud and on-premise systems, including servers.

Network Monitoring

Potential DDoS attacks are mitigated through built-in services, which defend against the most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications. These services  provide always-on network flow monitoring, which inspects incoming traffic and uses a combination of traffic signatures, anomaly algorithms and other analysis techniques to detect malicious traffic in real-time.

In addition, OAT leverages highly scalable content delivery networks,  which allow us to absorb the load. OAT has a track record of absorbing major DDoS attacks without any interruption of service.

Security Audits, Backup & Recovery

OAT ensures compliance internally and periodically schedules penetration tests with external organizations to ensure that the deployed software and infrastructure provide sufficient security. Reports are available, or customers can commission their own security auditors with whom OAT will assist. 

OAT maintains logical segmentation of Customer’s testing assets. Additionally, OAT conducts regular back-ups, which can be configured to clients’ exact requirements.

Want to know more?

Get in touch with a TAO security expert today - ask questions or discuss security findings directly with a member of the TAO team.

Contact TAO Security