New Delhi, June 6:The Central Board of Secondary Education (CBSE) has decided to continue using COEMPT Eduteck Pvt. Ltd. for scanning answer sheets during the ongoing re-evaluation process, while shifting all Onscreen Marking (OSM) system data and records from the vendor’s servers to CBSE-managed infrastructure.
According to an IIT official involved in the security audit of the system, COEMPT’s OSM platform remains operational for re-evaluation activities. Defending the decision, the official noted that the company had previously scanned nearly 40 crore pages, with only around 30,000 pages facing issues, representing a very small error rate. Since the current task involves scanning only disputed answer sheets, the official expressed confidence in the company’s ability to carry out the process smoothly.
As of June 4, CBSE had received 70,433 applications under its post-result grievance mechanism, including 7,314 requests for verification of marks and 63,119 applications for re-evaluation.
To enhance security and operational control, CBSE has migrated all scanned answer scripts and related data from the vendor’s servers to its own infrastructure. The IIT official said the Board also reviewed and strengthened the OSM software to ensure it functions independently on CBSE servers, reducing reliance on third-party systems.
The move comes amid scrutiny of COEMPT following reports of vulnerabilities in the OSM portal used for verification of marks, access to answer-book photocopies and re-evaluation requests. In response to security concerns and attempted cyberattacks, CBSE enlisted experts from IIT Kanpur and IIT Madras to assess and reinforce the platform.
The IIT official revealed that cybersecurity teams spent over ten days examining both the CBSE registration portal and the OSM re-evaluation portal. A dual-team approach was adopted, with a “blue team” focused on strengthening the code and a “red team” tasked with identifying vulnerabilities through penetration testing. While the Digital India Corporation (DIC) led the code enhancement efforts, IIT Kanpur conducted extensive security testing.
COEMPT officials also assisted during the transition by helping security teams understand the existing codebase, facilitating data migration and implementing additional safeguards.
Earlier, CBSE reported that its re-evaluation portal had been targeted by large-scale cyberattacks, including a Denial-of-Service (DoS) attack involving nearly 3.8 million packets on June 3. The Board stated that the attacks were successfully mitigated and that all services related to verification, answer-book access and re-evaluation remained functional.
The security review was initiated after ethical hacker Nisarga flagged vulnerabilities in the system. The IIT official said the student was invited to explain the findings and was commended for the discovery, though no further audit responsibilities were assigned.
“So far, we have not found any evidence of data breaches in the systems that have been created,” the official said.
