The Central Board of Secondary Education (CBSE) has continued its association with COEMPT Eduteck Pvt Ltd for scanning answer sheets as part of the ongoing re-evaluation process, while shifting all On-screen Marking (OSM) system data and records from the vendor’s servers to CBSE-managed infrastructure, an IIT official told ANI.

According to the official involved in the security audit, COEMPT’s OSM platform is still being used during the re-evaluation exercise. The company will continue scanning answer sheets, despite concerns raised over earlier issues with the platform. Defending the decision, the official said COEMPT had previously scanned nearly 40 crore pages, with only around 30,000 pages encountering issues — roughly one problematic page in every 10,000. Since the current task involves scanning only disputed or problematic pages, the official expressed confidence that the process would proceed smoothly.

By June 4, CBSE had received 70,433 applications through its post-result grievance system, including 7,314 requests for mark verification and 63,119 requests for re-evaluation. The official also confirmed that all scanned answer sheets and related records have now been migrated to CBSE-controlled servers. The move was aimed at strengthening operational control and improving security, particularly after concerns emerged about reliance on vendor-managed infrastructure.

The transition follows controversy surrounding COEMPT after vulnerabilities were reported in the OSM portal used for verification, photocopy access and re-evaluation of board exam answer sheets. In response, CBSE brought in cybersecurity teams from IIT Kanpur and IIT Madras to assess and strengthen the platform.

The IIT Kanpur team reportedly worked for over ten days on both the CBSE registration portal and the OSM re-evaluation system. Security testing involved a “blue team” focused on improving the platform’s code and a “red team” tasked with identifying weaknesses and attempting to breach the system. While the Digital India Corporation (DIC) led the effort to strengthen the OSM code, IIT Kanpur conducted penetration testing and vulnerability assessments. COEMPT officials also assisted during the transition by helping teams understand the system, migrate data and implement security measures.

CBSE had disclosed that its re-evaluation portal was targeted by large-scale cyberattacks, including a Denial-of-Service (DoS) attack involving nearly 3.8 million packets on June 3. The Board said the attacks were successfully handled and that services related to verification, answer-book access and re-evaluation remained functional. The security review also came after ethical hacker Nisarga identified vulnerabilities in the platform. The IIT Kanpur official said the student was invited to explain the findings and was appreciated for the work, although no further auditing responsibilities were assigned. The official added that, so far, investigators have not detected any data breach in the systems developed for the process.

Disclaimer: This image is taken from CBSE website.