Module 6: Protective Questions

Security, Privacy, and Risk Management

Keeping Assessment Safe

Key Benefit:
By asking the right protective questions, administrators can avoid costly mistakes, strengthen trust, and ensure RM Compare supports institutional responsibilities.

Slide 2: Why Protective Questions Matter

Challenge:
Security and privacy are not “one and done” issues. They require ongoing vigilance, review, and adaptation—driven by sharp, proactive questioning.

Lessons

Lesson 1: Five Types of Protective Questions

  1. Data Protection Questions
    "What safeguards exist for data at rest, in use, and in transit in RM Compare?"
  2. Access and Permissions Questions
    "How are permissions structured to prevent unauthorized access to sensitive data?"
  3. Policy and Compliance Questions
    "Which policies and regulations govern our use of RM Compare, and how do we ensure compliance?"
  4. Incident and Response Questions
    "What steps should we follow if a security or privacy incident occurs?"
  5. Ongoing Review Questions
    "How do we regularly test, update, and communicate our security and privacy controls?"

Question Framework #1 – Data Protection

The Template:
"How does RM Compare protect data at every stage (storage, transfer, processing), and what encryption or safety measures are in place?"

Examples:
✅ "What encryption protocols and storage solutions does RM Compare use to secure uploaded assessment content?"
✅ "How are backups handled and who can access them?"

Question Framework #2 – Access and Permissions

The Template:
"What access controls and permission hierarchies restrict sensitive RM Compare functions and data to authorized roles only?"

Examples:
✅ "How are admin, creator, and judge permissions managed to minimize risk of accidental or deliberate misuse?"
✅ "How can we audit permission grants and changes across the system?"

Question Framework #3 – Policy and Compliance

The Template:
"What legal and organizational requirements apply to our RM Compare usage, and what controls and documentation ensure we meet them?"

Examples:
✅ "How does our use of RM Compare comply with GDPR, FERPA, or local data protection laws?"
✅ "What policy documentation, consent procedures, and training should we mandate for all RM Compare users?"

Question Framework #4 – Incident Response

The Template:
"If we suspect or detect a privacy or security breach in RM Compare, what is our incident response workflow?"

Examples:
✅ "What are the immediate steps if a Judge accesses data outside their remit?"
✅ "How do we communicate and log incidents, and when do we notify affected users or authorities?"

Question Framework #5 – Ongoing Review and Audit

The Template:
"How do we continually monitor, test, and update our RM Compare privacy and security posture?"

Examples:
✅ "What regular audits, tests, or drills should we schedule in partnership with IT and RM Compare support?"
✅ "How do we keep users informed of evolving risks and policy changes?"

Lesson 2: Scenario Questions – Protecting in Practice

Scenario 1:
"If a departing administrator neglects to revoke their access, what questions help ensure no lingering risk?"

Scenario 2:
"After launching a new large-scale DataShare collaboration, what ongoing privacy checks should be scheduled?"

Practice:
Craft a protective scenario relevant to your institution—a risk, breach, or change—and develop a sequence of questions for reviewing, resolving, and learning from the situation.

Lesson 3: Protective Question Creation

Exercise 1: Data Protection (6 min)

Exercise 2: Access Control (6 min)

Exercise 3: Policy Compliance (6 min)

Exercise 4: Incident Response (6 min)

Exercise 5: Review and Communication (6 min)

Lesson 4: Building Your Protective Question Library

Lesson 5: Validating Security and Privacy Measures

Lesson 6: Module 6 Wrap-Up & Next Steps

What You’ve Mastered:
✅ Questioning to uncover and address security, privacy, and risk gaps in RM Compare
✅ Designing and maintaining robust controls and response workflows
✅ Encouraging a culture of shared vigilance across your organization

Next Module Preview:
Module 7: Improvement Questions – Continuous Learning and Optimization

Your Assignment:
Pick one real RM Compare process and run a security, privacy, or risk review using the question templates. Document issues found and the actions or policy updates taken.

This module places you at the frontline of RM Compare’s safe and responsible use—helping your team and users thrive in a secure, compliant environment through expert questioning and practical vigilance.