Module 6: Protective Questions
Security, Privacy, and Risk Management
Keeping Assessment Safe
- Duration: 30 minutes
- Focus: Use targeted questioning to strengthen security, safeguard privacy, and manage risk in RM Compare
- Goal: Equip yourself to use your LLM to identify vulnerabilities, set robust policies, and ensure compliance every step of the way
Key Benefit:
By asking the right protective questions, administrators can avoid costly mistakes, strengthen trust, and ensure RM Compare supports institutional responsibilities.
Slide 2: Why Protective Questions Matter
- Protects sensitive learner and organizational data from threats and misuse
- Ensures compliance with legal, regulatory, and institutional policies
- Reduces exposure to operational, reputational, and legal risk
- Builds a culture of security awareness and shared responsibility
Challenge:
Security and privacy are not “one and done” issues. They require ongoing vigilance, review, and adaptation—driven by sharp, proactive questioning.
Lessons
- Lesson 1: Five Types of Protective Questions
- Lesson 2: Scenario Questions – Protecting in Practice
- Lesson 3: Protective Question Creation
- Lesson 4: Building Your Protective Question Library
- Lesson 5: Validating Security and Privacy Measures
- Lesson 6: Module 6 Wrap-Up & Next Steps
Lesson 1: Five Types of Protective Questions
- Data Protection Questions
"What safeguards exist for data at rest, in use, and in transit in RM Compare?" - Access and Permissions Questions
"How are permissions structured to prevent unauthorized access to sensitive data?" - Policy and Compliance Questions
"Which policies and regulations govern our use of RM Compare, and how do we ensure compliance?" - Incident and Response Questions
"What steps should we follow if a security or privacy incident occurs?" - Ongoing Review Questions
"How do we regularly test, update, and communicate our security and privacy controls?"
Question Framework #1 – Data Protection
The Template:
"How does RM Compare protect data at every stage (storage, transfer, processing), and what encryption or safety measures are in place?"
Examples:
✅ "What encryption protocols and storage solutions does RM Compare use to secure uploaded assessment content?"
✅ "How are backups handled and who can access them?"
Question Framework #2 – Access and Permissions
The Template:
"What access controls and permission hierarchies restrict sensitive RM Compare functions and data to authorized roles only?"
Examples:
✅ "How are admin, creator, and judge permissions managed to minimize risk of accidental or deliberate misuse?"
✅ "How can we audit permission grants and changes across the system?"
Question Framework #3 – Policy and Compliance
The Template:
"What legal and organizational requirements apply to our RM Compare usage, and what controls and documentation ensure we meet them?"
Examples:
✅ "How does our use of RM Compare comply with GDPR, FERPA, or local data protection laws?"
✅ "What policy documentation, consent procedures, and training should we mandate for all RM Compare users?"
Question Framework #4 – Incident Response
The Template:
"If we suspect or detect a privacy or security breach in RM Compare, what is our incident response workflow?"
Examples:
✅ "What are the immediate steps if a Judge accesses data outside their remit?"
✅ "How do we communicate and log incidents, and when do we notify affected users or authorities?"
Question Framework #5 – Ongoing Review and Audit
The Template:
"How do we continually monitor, test, and update our RM Compare privacy and security posture?"
Examples:
✅ "What regular audits, tests, or drills should we schedule in partnership with IT and RM Compare support?"
✅ "How do we keep users informed of evolving risks and policy changes?"
Lesson 2: Scenario Questions – Protecting in Practice
Scenario 1:
"If a departing administrator neglects to revoke their access, what questions help ensure no lingering risk?"
Scenario 2:
"After launching a new large-scale DataShare collaboration, what ongoing privacy checks should be scheduled?"
Practice:
Craft a protective scenario relevant to your institution—a risk, breach, or change—and develop a sequence of questions for reviewing, resolving, and learning from the situation.
Lesson 3: Protective Question Creation
Exercise 1: Data Protection (6 min)
- Write an LLM prompt to explore how RM Compare protects at least one type of sensitive data.
Exercise 2: Access Control (6 min)
- Develop a question about reviewing or updating user permissions for security.
Exercise 3: Policy Compliance (6 min)
- Formulate a question to check your organization’s compliance with data/privacy laws on the platform.
Exercise 4: Incident Response (6 min)
- Draft an incident response question addressing what should happen during a breach.
Exercise 5: Review and Communication (6 min)
- Create a question about maintaining user awareness and regular security reviews.
Lesson 4: Building Your Protective Question Library
- Keep an up-to-date file of critical questions (and best answers) for data, security, privacy, and compliance
- Review and revise after audits, incidents, or policy changes
- Share effective prompts with administrators as part of onboarding or periodic training
Lesson 5: Validating Security and Privacy Measures
- Confirm responses with official RM Compare security documentation and support
- Consult IT or legal advisors for complex regulatory or technical questions
- Schedule regular reviews and drills, documented for accountability
Lesson 6: Module 6 Wrap-Up & Next Steps
What You’ve Mastered:
✅ Questioning to uncover and address security, privacy, and risk gaps in RM Compare
✅ Designing and maintaining robust controls and response workflows
✅ Encouraging a culture of shared vigilance across your organization
Next Module Preview:
Module 7: Improvement Questions – Continuous Learning and Optimization
Your Assignment:
Pick one real RM Compare process and run a security, privacy, or risk review using the question templates. Document issues found and the actions or policy updates taken.
This module places you at the frontline of RM Compare’s safe and responsible use—helping your team and users thrive in a secure, compliant environment through expert questioning and practical vigilance.