IRIS FAQ

Iris General FAQs

IRIS Invigilation (IRIS) is a software program that helps provide educators assurance of assessment integrity during online and remote assessment. IRIS records audio, video, and computer screen activity for the duration of a test/exam. It analyses this information using machine learning and automatically flags potential academic dishonesty through displaying the data in an easy to use reporting dashboard.
IRIS allows students to take online assessments from their home in a secure online environment.

IRIS records video of a student’s face throughout their proctored exam tracking head and eye movement. IRIS records the audio from the student computer’s microphone video from their webcam and takes successive screenshots of what the student is seeing on their computer screen. Facial markers are identified and tracked, categorising and distinguishing innocent behaviours from dishonest behaviours. Educators can then review this data at a time that is convenient to help ensure student identity verification and assessment integrity.

Firstly, the student will be required to download the IRIS Extension onto their laptop/computer using Google Chrome or Microsoft Edge. They can then log into their Learning Management System (LMS), locate their exam/test and click the assessment link. From here the IRIS plugin with open in a separate window. IRIS will now authenticate their student ID using facial recognition and ask them to share their screen and microphone. They can now begin their assessment. IRIS will record the student for the duration of the exam only.

The IRIS team will set up a demo account for you and give you remote access so you can view the IRIS dashboard and take a demo test set up in Moodle (10 questions). You will be instructed to download the IRIS Chrome or Edge Extension onto your laptop/computer, login to the Moodle platform and navigate the demo assessment (share your screen and microphone). You will be invigilated as a student would be, and post assessment you can view your recording with a full report. This process gives you a good feel for the software and you can do it in your own time with clear instructions provided.

If you take the demo and would like to move forward and become an IRIS customer the next step is connecting your Learning Management System (LMS) to IRIS.

This will require our technical team to work with your technical team. If your LMS is already connected to IRIS e.g. a past customer uses the same LMS as you it should only take a few hours to set up. If your LMS is new to IRIS it may take extra time to connect the two systems. Contact the IRIS team for more technical information on this connection.

IRIS pricing depends on student numbers and how many assessment hours you require per student. We offer tiered bronze-platinum pricing, the more students you have the cheaper the assessment hour pricing.

Please complete the form on the Pricing Page and we will respond with pricing and options.

Students will need to use a Windows or Mac desktop or laptop that has a camera, microphone and speakers connected. Reliable internet connection is required.

We recommend the minimum specifications for your computer to be 4GB RAM and Windows 7 64bit. Mobile devices, tablets, iPads and phones are not currently supported.

If a student’s computer crashes or internet goes down during an exam, then the file will try to upload to the internet once a connection has been detected again. If the computer entirely crashes, then the user will have to manually upload the outstanding files via the manual upload feature in IRIS once their internet is working again. IRIS records in 10-minute blocks, therefore if a crash occurs and a student doesn’t use the manual upload feature, then 10 minutes of footage may be missing.

Right click on the IRIS plugin icon in your Chrome or Microsoft Edge browser. Select “Finalise Recordings”. This will open the IRIS plugin again and allow you to upload any outstanding assessment recordings.

An average 3-hour assessment size is approximately 400MB. This can naturally fluctuate, but it is a safe indication for students to accommodate.

The IRIS technical team will offer initial setup technical support of 6 hours to train the tech staff of the institute. The IRIS tech team will empower the institute’s tech staff to facilitate the immediate support, and then they will provide ongoing support via contact form support and email (24 hour turn around).

If an institute cannot in-house their own ongoing tech support, then we would consider that a custom solution and additional training charges will apply. Furthermore, if an institute requires more than 6 hours training, we can offer this as an add-on ad-hoc service.

We facilitate the disposal of recordings after a year. IRIS customers will be given the option to self-store their data after a year if they wish. After a month of contract cancellation, we will wait a month, and then we will delete instance and all institute data. Upon request we can delete any outstanding data on the server

Iris Security FAQs

IRIS Invigilation software is a safe, secure and necessary method of maintaining academic integrity at a university/institute. The proctoring/invigilation of online assessments is necessary when conducting online learning to ensure educational standards are maintained and to avoid academic dishonesty. Students that share their data are helping to protect the quality and reputation of their institution.
The privacy and protection of students and their personal information is paramount. IRIS ensures that data security, protection laws, privacy legislation and regulation are priority. IRIS uses AWS Cloud Security to protect student data and host all data in Sydney, Australia. IRIS does not sell or use any student assessment data; only IRIS technical administrators have access to this for maintenance and security purposes.
IRIS Security Infrastructure:

  • Two-factor authentication is enabled for the cloud services account that hosts IRIS
  • Strict firewall schemes protect all IRIS related services to protect user data and prevent nefarious access to the IRIS infrastructure
  • Only ports and services that need to communicate with each other and to the outside world will be kept open. These ports/services have strict IP security groups for inbound and outbound traffic
  • IRIS will never share or sell student personal data to a third party.
  • Google Chrome or Microsoft Edge will ask student permission before installing the IRIS extension on their computer.
  • IRIS will only invigilate a student during their exam. The permissions they agree to are only for the duration of the exam.


For more information on our privacy policy:

Enterprise grade security measures are in place to make sure the IRIS Invigilation servers are protected against data theft or accidental loss. All outgoing and incoming data is made via encrypted (HTTPS) protocol. Firewall and Intrusion Prevention Systems (IPS) protection have been implemented to prevent attacks, and root access to the servers are only permitted via AWS security groups.

AWS virtual firewall is already in place to restrict and mitigate any attempted intrusions. As an additional security measure, the IRIS management dashboard will only be accessible via the client’s IP address.  

Monitoring applications keeps logs on any suspicious activities and administrators are notified immediately once detected.
Daily snapshots of the servers are facilitated for disaster recoveries or any accidental deletion of data.

IRIS has a series of alerts set up on the servers to indicate any unusual activity; these are facilitated via the AWS service Cloudwatch which keeps a log of all traffic to assess what is defined as “unusual activity”. Non-repudiation is also key to ensuring a secure environment; IRIS implements logging on varying levels; the students, the administrators, and the servers.

All the student recordings are kept on the IRIS Invigilation storage servers for 1 year. IRIS will facilitate the disposal of recordings after a year. Following this period, the client institution can decide to keep copies of the data for safe keeping. IRIS Invigilation will not be held responsible for any mishandling of the data once the recordings are collected by the institute.

After a month of contract cancellation, we will wait a month, and then we will delete instance and all institute data.

Alerts are currently in place to automatically assess any malicious activity. As an additional security measure, we have implemented a comprehensive anti-virus platform that will scan and monitor all file activity within the servers. Any unusual activity will be identified, and server administrators will be notified to act accordingly.

IRIS will not be liable for any viruses or malware on the end-user’s computer. The plugin is scanned consistently by the Google Chrome and Microsoft Edge webstore to identify if any code within the IRIS extension installed on the end-user’s PC is malicious. With regards to the IRIS management dashboard, there are no functionalities that need files to be uploaded to the system. This ensures that no virus from the end-user’s system can be uploaded to the server and vice-versa.

For instant disaster recovery, IRIS takes daily AWS Snapshot backups. This enables the IRIS technical team to instantly restore to a previous day in the change of a major system disaster.

In the unlikely event of getting hacked, IRIS would lock down all ports, shut down any data flowing in and out of our servers, and conduct a forensic examination of the server to identify where a compromise or incident took place. Our chief of security would perform a thorough investigation and assess avenues to restore service as quickly as possible. We would also patch the system accordingly to ensure the reason for the incident doesn’t occur again. To minimize downtime, we would spin up a parallel cloned instance that is safe for the client to use. Thorough investigation would be conducted in the infected instance.

Physical security is facilitated by Amazon Web Services (AWS). AWS implements a range of comprehensive security initiatives to ensure that data is protected against external threats. IRIS’s strict IP whitelisting of IRIS services ensures that IRIS data can only be accessed within organization allowed locations.