Assessment Maturity Model

A descriptive model that provides a way for organizations' executives and managers to monitor, chart and improve their use of assessments.


As the Assessment Maturity Model is a descriptive model it requires a common vocabulary to maintain clarity during discussions, documentation, planning and  implementation of assessment strategies. Please feel free to contact Eric Shepherd should you wish to see this vocabulary updated.


An individual who declares interest in earning a credential offered by a certification program, usually through a request for information and the submission of materials.


Any systematic method of obtaining evidence from tests, examinations, questionnaires, surveys and collateral sources used to draw inferences about characteristics of people, objects, or programs for a specific purpose.

authoring system

A generic name for one or more computer programs that allow a user to author and edit items (i.e. questions, choices, correct answer, scoring scenarios and outcomes) and maintain test definitions (i.e. how items are delivered with a test).


Questions and Answers taken from exams or other tests that have been copyrighted for purposes of protecting Confidential or Trade Secret Information and distributed for purposes of cheating or profit.


An individual who has met the eligibility qualifications for, but has not yet earned, a credential awarded through a certification program or a person that participates in a test, assessment or exam by answering questions.


An individual who has earned a credential awarded through a certification program.


A process, often voluntary, by which individuals who have demonstrated the level of knowledge and skill required in the profession, occupation, role or the competent use or support of a product, are identified to the public and other stakeholders. See also licensing, credentialing.

certification agency

The organizational or administrative unit that sponsors a certification program. See also licensing, credentialing.

certification board

A group of individuals appointed or elected to govern one or more certification programs as well as the certification agency, and are responsible for all certification decision making, including governance.

certification body

The organizational or administrative unit that sponsors a certification program and maintains certification records. See Registration Body

certification committee

A group of individuals appointed or elected to recommend and implement policy related to certification program operation.

certification process

All activities by which a body establishes that a person fulfils specified competence requirements, including application, evaluation, decision on certification, surveillance and recertification, use of certificates and logos/marks.

certification processing

The process of matching an individual's accomplishments against the requirements for a certification program, and awarding certifications when all requirements have been met.

certification program

The standards, policies, procedures, assessment instruments and related products and activities through which individuals are publicly identified as qualified in a profession, occupation, role or for the competent use or support of a product.

certification scheme

Specific certification requirements related to specified categories of persons to which the same particular standards and rules, and the same procedures apply.

certification system

Set of procedures and resources for carrying out the certification process as per a certification scheme, leading to the issue of a certificate of competence including maintenance.


The process whereby someone acts dishonestly or practices fraud in order to circumnagivate the certification process.

data controller

The data processing agencies in most countries require organizations processing data to fulfill very specific requirements. Specifically, they must appoint a "data controller" responsible for all data processing, who must register with the data processing authorities and notify them before processing any data. They must include in the notification, the purpose of the processing; a description of the data subjects; the recipients or categories of recipients to whom the data might be disclosed; proposed transfers to third countries; and a general description that would allow a preliminary assessment of whether requirements for security of processing have been met.

data processor

The data processor is an entity that is charged by the data controller to collect, transfer, store and process such personal data that belong to the data controller only in accordance with their instructions. Such instructions will normally require them to comply with the Principles and applicable local data protection laws. In each country that organizations are filing their notices, they should take care to determine what role test sponsors should play and what roles test vendors should play.


A method or procedure to access an individual's knowledge, skills and abilities. Such procedures may involve written or oral responses, or by observation of the candidate performing tasks.


A person deemed by the certifying agency to posses the relevant technical and personal qualifications to conduct an examination as part of the certification process.

exam security agreement

An agreement between the certification agency and the candidate (or certificant in many cases) that specifically prohibits the release of confidential information provided on the certification exam.

high-stakes test

A test whose results has important, direct consequences for examinees, program, or institutions tested.


Primarily British term for “proctor”.

non-disclosure agreement

See Exam Security Agreement


An individual who supervises a written examination/test to maintain a fair and consistent testing environment, but takes no part in the examination. Synonymous with British term “invigilator.”


A candidate that solicits the services of a proxy test-taker.

proxy-test taker

A person who tests for candidates by proxy, impersonating the candidate in return for financial gain. Also known as Gunmen or Hired Gunmen.


A formal process where an individual is recognized for having been through a certification process or provided evidence of attributes, education, training and/or work experience.


Requirements and procedures established as part of a certification program that certificants must meet in order to ensure continuing competence and renew their certificate. See Continuing Competence and Continuing Education.

rogue test center

A test center that intentionally allows or condones the illegal practices that violate Exam Security Agreements / Non-Disclosure Agreements.

SafeHarbor (7 principles)

The seven principles of SafeHarbor are Notice, Choice, Onward Transfer, Access, Security, Data Integrity, Enforcement.

SafeHarbor Notice:

Organizations must notify individuals about the purposes for which they collect and use information about them. They must provide information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.

SafeHarbor Notice and Consent at Test Center Sign in

During candidate sign-in at the test center, obtain affirmative, explicit ("opt-in") consent for collecting and transferring registration data and test responses to Test Sponsor/Vendor (including Onward Transfer across international borders).

SafeHarbor Online Notice

During online registration, provide clear notice and links to applicable policies, including Test Vendor and Test Sponsor privacy policies

SafeHarbor Choice

Organizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice must be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual requires all privacy inquiries, including opt-out requests and complaints, to be immediately acknowledged.

SafeHarbor Onward Transfer (Transfers to Third Parties)

To disclose information to a third party, organizations must apply the notice and choice principles. Where an organization wishes to transfer information to a third party that is acting as an agent(1), it may do so if it makes sure that the third party subscribes to the safe harbor principles. As an alternative, the organization can enter into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant principles.

SafeHarbor Access

Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.

SafeHarbor Security

Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

SafeHarbor Data Integrity

Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.

SafeHarbor Enforcement

In order to ensure compliance with the safe harbor principles, there must be (a) readily available and affordable independent recourse mechanisms so that each individual's complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide; (b) procedures for verifying that the commitments companies make to adhere to the safe harbor principles have been implemented; and (c) obligations to remedy problems arising out of a failure to comply with the principles. Sanctions must be sufficiently rigorous to ensure compliance by the organization.

summative assessment

An assessment where the primary purpose is to give a quantatitive grading and make a judgment about the participant's achievement.


Any specific number resulting from the assessment of an individual; a generic term applied for convenience to such diverse measures as test scores, estimates of latent variables, production counts, absence records, course grades, ratings, and so forth.

sensitive information

Countries have varied rules based on the different types of data. Data is often classified as sensitive and non-sensitive. Organizations must apply stricter controls on data that is deemed sensitive by the data processing authorities in different countries.


The various groups with an interest in the quality, governance, and operation of a certification program, such as the public, employers, customers, clients, third party payers, etc.

test center

A facility that provides computers and proctoring services in which to conduct tests.

test center administration system

The generic name for one or more computer programs used by a test center to administer tests to candidates. This may include, but is not limited to, starting tests, stopping tests and communicating item, test and results data back and forth.

test development system

A generic name for one or more computer programs that allow a user to author, and edit items (i.e. questions, choices, correct answer, scoring scenarios and outcomes) and maintain test definitions (i.e. how items are delivered with a test).

test equivalence

Ensures that examinees taking one version of a test do not have a relative advantage over those taking another version.

test specification

A framework that specifies the proportion of items that assess each content and process/skill area; the format of items, responses, and scoring protocols and procedures; and the desired psychometric properties of the items and test such as the distribution of item difficulty and discrimination indices.


A secure online listing of a candidate's certification history, which can be printed or shared with others.

undue influence

Control of decision making over essential certification policy and procedures by stakeholders or other groups outside the autonomous governance structure of a certification program.

web based assessments

Assessments delivered via the Internet, or an Intranet, in which the items reside on a server and are packaged with HTML to allow a participant to respond using a browser.