Paper and digital exams fail in different ways, so the security question is not which format is inherently safer, but which risk profile each format exposes. Paper can reduce dependence on candidate devices and browsers, while digital delivery can improve control, logging, and scale if the platform and governance are strong. The sources point to a practical trade-off: format choice should follow the construct, the threat model, and the programme’s ability to operate the chosen model well;;;;.

This page compares paper-based and onscreen digital assessment as security models. It focuses on how each format handles item exposure, device misuse, operational controls, fulfilment, monitoring, and the possibility of AI-assisted cheating;;.

Format choice is now a security decision. A paper exam may reduce some digital threats, but it introduces print, packing, delivery, and storage risks. A digital exam can be more scalable and observable, but it creates more dependency on browsers, platforms, network stability, and anti-bypass controls;;;.

- **Paper chain**: printing, packing, transport, storage, and distribution of physical materials. - **Digital chain**: platform security, identity checks, browser restrictions, logging, and monitoring. - **Construct fit**: whether the format still measures what the assessment claims to measure. - **Residual risk**: the risk that remains even after security controls are applied.

The source set suggests that neither format is automatically secure. Paper can still leak, be forged, or be mishandled, which is why secure print and fulfilment remain relevant;;. Digital exams can be tightly controlled, but only if the programme can manage platform resilience, identity assurance, and item security at scale;. Another shared point is that the construct should drive the format. If the assessment needs unaided recall under controlled conditions, paper or tightly locked digital delivery may work. If the assessment should allow source use, collaboration, or tool use, the security model needs to be designed around that reality rather than pretending it does not exist;.

The contest is between convenience, control, and authenticity. Supporters of paper argue that it is harder to outsource through live AI tools or browser bypass methods, and that it can simplify the integrity story for high-stakes testing. Supporters of digital delivery argue that better logging, monitoring, adaptive item management, and faster operational response can improve assurance when the system is well run;. The unresolved question is not whether one format has advantages. It is whether the programme has the operational maturity to make that format defensible without distorting the construct or burdening candidates unnecessarily.

- **Paper risk**: leakage in printing, packing, transport, or storage; - **Digital risk**: platform failure, browser bypass, insecure endpoints, and network instability; - **AI-assisted misuse**: digital tasks can be outsourced or assisted more easily if the format does not require authentic reasoning - **Operational overload**: either format can become expensive if governance is weak - **Equity concerns**: digital access and device quality vary, while paper formats may create different access and distribution burdens

1. Start with the assessment purpose. - Decide what the candidate must demonstrate and whether that evidence needs to be unaided, tool-allowed, or fully open. 2. Map the threat model for each format. - For paper, focus on fulfilment, storage, and chain-of-custody. - For digital, focus on identity, platform security, browser control, item exposure, and fraud analytics. 3. Check whether the format changes the construct. - If security controls make the task less realistic, the format may be weakening validity. 4. Compare operational maturity, not just theory. - Ask whether the team can actually run the chosen model well at the required scale. 5. Use format-specific controls. - Paper: secure print, tracking, packing, and verification after issue. - Digital: layered monitoring, recovery routes, and item-security governance.

| Option | Security strength | Main weakness | Best fit | |---|---|---|---| | **Paper-based delivery** | Stronger resistance to device-based AI misuse | Fulfilment and storage risks; slower logistics | High-stakes tests where device use must be minimised | | **Onscreen digital assessment** | Better logging, scalability, and automated controls | More exposed to browser, platform, and network failure | Programmes with mature platform governance | | **Mixed model** | Flexibility across cohorts and contexts | Harder to govern consistently | Large programmes with varied candidate needs |

A qualification body is deciding whether to keep a high-stakes exam on paper or move it online. It realises the paper route would require stronger print, packing, and courier controls, while the digital route would require browser lockdown, stronger fraud analytics, and a tested fallback plan if the platform fails. The final choice depends less on ideology and more on which control chain the programme can operate reliably;;.

- Supplier note on secure exam paper printing with ISO 27001, tamper-proof features, and confidential handling. - Supplier guide comparing paper and digital exam formats under AI-era security concerns. - Supplier article on real-time exam forensics, response-time analytics, answer-change statistics, and person-fit analysis. - Supplier article warning that AI cheating tools can bypass secure browsers. - Source note on a digital exam failure and paper fallback.

The market is split between secure print suppliers, digital assessment platforms, and forensic monitoring tools. Print suppliers tend to frame security as chain-of-custody and confidential handling; digital suppliers tend to frame it as monitoring, resilience, and analytics. Buyers should separate those claims and ask which control chain matters most for the assessment in question.

### Are paper exams always safer than digital exams? No. Paper removes some digital threats but introduces its own fulfilment and logistics risks. ### Are digital exams always riskier because of AI? No. Digital delivery can be made robust, but it needs stronger platform, identity, and browser controls. ### What should I choose if my candidates need access to tools? The format should match the construct. If tools are part of the competence, security should be designed to allow and govern them rather than simply blocking them.

Tim Burnett (Admin)

`Test Community Network. "Paper versus digital exams in test security." TCN Wiki. Last reviewed 2026-05-05. https://www.testcommunity.network/wiki/test-security-paper-versus-digital-exams`

- Supplier note on secure exam paper printing with ISO 27001, tamper-proof features, and confidential handling. - Supplier guide comparing paper and digital exam formats under AI-era security concerns. - Supplier article on real-time exam forensics, response-time analytics, answer-change statistics, and person-fit analysis. - Supplier article warning that AI cheating tools can bypass secure browsers. - Source note on a digital exam failure and paper fallback.