What is DI4OL?
DI4OL is an acronym for Digital Identity for Online Learning. The service will allow learners to sit online exams and check their Record of Achievement using their normal school login credentials (user ID and password). This reduces the need to remember an additional login.
Why do we need DI4OL?
DI4OL is needed to improve digital access to education websites and applications for secondary school learners. Learners currently have multiple logins to remember, causing stress at exam time. Enabling NCEA learners to use their school’s identity provider provides them with a single, easy way to log in to NZQA’s online exams and access their Record of Achievement. This will also reduce the administrative burden on school staff and exam supervisors.
What is an identity broker and what is the underlying technology used by DI4OL?
DI4OL is based upon Microsoft Azure B2C identity broker. An identity broker is a proxy service that lets users access cloud-based applications using one or more accounts with common identity providers such as Microsoft, Google, or Apple, or, as in our case for online exams, an existing school account.
When are the pilots happening?
The first pilot took place at the end of September 2022, involving learners in years 11 and 13. We are aiming to complete the second pilot with more schools in mid-2023.
When will the full rollout to schools happen?
Feedback and lessons from the two pilots will help inform the full rollout of DI4OL to more schools. The full rollout will be progressively implemented over a three-year period, commencing in 2023.
When will other year groups get DI4OL?
We are currently investigating additional applications to connect to the DI4OL identity broker. This would allow us to implement DI4OL for year groups in addition to learners in years 11 and 13.
Did you involve schools, learners and teachers when building this?
Yes, we have had strong engagement with schools, their learners and exam supervisors. Delivery of the first pilot is well informed by their information and feedback.
Information for learners
What does this mean for me?
You will no longer have to create a specific NZQA login using your NSN, which is only used for accessing NZQA applications.
You will be able to access the assessment tool for online exams and your Record of Achievement using your school account login. You will no longer need to provide your NSN when you log in.
If you have a personal account like an Apple or Google account (or both) you can link these to your school account. This means you could access your Record of Achievement using your personal or school account.
Is there a risk to my personal identity data?
One of the main reasons The Ministry of Education, Te Tāhuhu o te Mātauranga is launching the DI4OL service is to reduce the risk of learners having their passwords compromised on the websites they access. One less password to remember is one less password that is at risk.
The DI4OL service collects only the minimum personal identity information required for the service to operate. Some of this will already be available on social media websites or through public records, such as your name and date of birth.
The NSN is only used in the education sector. There are strict rules about who can use an NSN and for what purposes. For more information, see National Student Numbers (NSN) – Education in New Zealand.
If you would like more technical information on how the DI4OL uses and protects personal information, please email us at Digital.Identity@education.govt.nz.
Where is my data stored?
All data remains stored either within school IT systems or the online services used by a school. The very limited copy of information shared by a school with The Ministry of Education, Te Tāhuhu o te Mātauranga is stored as part of the service in the Te Tāhuhu Azure presence in Australia. This means we adhere to NZ Government rules relating to where data can be stored.
If the project does not get implemented, are we at greater risk of our data being hacked?
No. Schools and the online services they use to deliver education to learners have existing information security controls that protect the information stored and exchanged. The DI4OL service adds an additional layer of protection focused on the learners.
Information for parents
How will this help my child?
We have heard that having to remember a separate login at exam time causes additional stress at an already stressful time. This system will allow your child to access their online exams and Record of Achievement using the login that they use frequently at school, reducing the need to remember additional login details.
What if I don’t want my child to use this system?
You can discuss this with your school, and your child should be able to complete their exam using the traditional paper method.
What information is collected?
Schools will be sharing with The Ministry of Education, Te Tāhuhu o te Mātauranga a learner’s full name, their school email address, date of birth and NSN. For more information about the NSN, see National Student Numbers (NSN) – Education in New Zealand
Learners can choose to add a personal email address to enable them to access their Record of Achievement. This is completely optional.
Doesn't the Ministry of Education, Te Tāhuhu o te Mātauranga already know this information about my child?
Yes. Schools are required to provide the same information, along with additional information, to The Ministry of Education, Te Tāhuhu o te Mātauranga when a learner is enrolled at school. This information is held securely in other Te Tāhuhu IT systems.
In this case we are asking schools to provide only a limited amount of information, which the school can choose to provide by opting-in. This ensures that schools know what information is being used and why (in privacy terms, the ‘purpose’ for collection of personal information).
What information is shared?
When a school opts in to the DI4OL service, they choose to share with The Ministry of Education, Te Tāhuhu o te Mātauranga the information identified in the ‘What information is collected?’ section above.
The Ministry of Education, Te Tāhuhu o te Mātauranga then shares this information with NZQA so that NZQA can check that the person taking an online exam or looking at NCEA results is the correct person.
In the future, limited and only necessary information can be shared with additional online service providers that connect to The Ministry of Education, Te Tāhuhu o te Mātauranga DI4OL service.
Who is The Ministry of Education, Te Tāhuhu o te Mātauranga sharing my child’s data with?
Currently, only NZQA. NZQA already receives the same information directly from schools when learners are registered for NCEA. NZQA will use this information to check that the person taking an online exam or looking at NCEA results is the correct person.
Currently schools share this information directly with the online service providers for educational purposes. In the future, limited and only necessary information may be shared with additional online service providers that connect to The Ministry of Education, Te Tāhuhu o te Mātauranga DI4OL service.
How long will this information be kept for?
Information is stored throughout the educational journey of the learner, in line with schools’ archival policy under the Public Records Act.
For DI4OL in practice this means that if a learner does not undertake further learning after school or tertiary education, we will delete the minimal information we hold in their account after five (5) years.
Information stored in DI4OL can be updated if it is incorrect.
If the information is wrong, how do we correct it?
Most of the information within DI4OL is provided by schools. If information is incorrect, then in the first instance you should discuss this with your child’s school as they have probably got the same incorrect information.
The only piece of information that can be updated by the learner directly in the DI4OL service is their personal email address. If this is wrong, they are able to correct it themselves.
What about advertising or tracking cookies?
The Ministry of Education, Te Tāhuhu o te Mātauranga DI4OL service will not store any persistent cookies on a learner’s computer. We will not track learners or other websites they access from their computer.
We will store a session authentication cookie while the learner’s browser is open. This is essential for learners to use the DI4OL service and the online education services they access. When the browser is closed or the computer shut down, that cookie is deleted.
Except where necessary for the DI4OL service to perform authentication, The Ministry of Education, Te Tāhuhu o te Mātauranga does not share any information related to DI4OL with Apple, Google, or any other third-party advertising companies.
Will The Ministry of Education, Te Tāhuhu o te Mātauranga be able to see which online services learners are accessing at school?
No. The Ministry of Education, Te Tāhuhu o te Mātauranga DI4OL service does not record which websites are accessed by a learner.
Is this single sign-on?
Yes. The DI4OL service achieves the same outcome as single sign-on – fewer user IDs and passwords for your child to remember, and seamless access to all applications linked with DI4OL once they have logged in.
Information for schools
What is changing?
We have heard that having to remember a separate login at exam time causes additional stress at an already stressful time. This system will allow learners to access their online exams and Record of Achievement using the login that they use frequently at school, thereby reducing the need to remember an additional login.
What difference will this make to administration for NCEA exams?
Schools will not have to “manage” learners to create an NZQA login which includes the learners having to know their NSN.
Schools will not have to encourage learners to check they know their NZQA login details before exams. They may need to encourage them to ensure they know their school user ID and password.
There will be no change to how exam supervisors currently deal with a learner who cannot remember their NZQA login. The same process will be in place should a learner not remember their school login or be locked out for some reason when they sit an online exam.
Has the technology been tested?
Yes, the technology has been well tested with the most commonly used devices, operating systems, and browser options.
Will there be training and support available?
We will provide the direction and support you need to implement DI4OL. Existing guidelines are being updated and new material developed in conjunction with NZQA, to ensure you have the information you need to adopt DI4OL successfully.
Will this work for all schools?
DI4OL will work for most schools. Almost all schools use a cloud identity provider from Google or Microsoft, which is the core requirement for DI4OL. If a school is unable to adopt DI4OL, they can continue to offer paper-based exams.
Does it matter which SMS Provider our school uses?
No, we have engaged with all SMS vendors who currently service secondary schools.
What happens if this can’t be rolled out to our school?
If your school is unable to adopt DI4OL, you can continue to offer paper-based exams.
How can our school move to online exams?
In the first instance, advise NZQA that you would like to offer online examinations. An NZQA School Relationship Manager can help you from there. You can contact NZQA on 0800 697 296.
What happens to the existing NZQA user IDs and log in process?
The existing NZQA user IDs that learners use to access online exams and their Record of Achievement will remain in place until after the full rollout to secondary schools.
Why is DI4OL opt in?
The Tomorrow’s Schools reforms provided schools with a wide degree of autonomy and most initiatives with The Ministry of Education, Te Tāhuhu o te Mātauranga are opt-in. In addition to this, some schools do not currently use a cloud identity provider, which is a requirement for DI4OL, and are not able to opt in at this point.
Which online services applications can this service be used for?
Initially, online services offered will be access to NCEA online exams and the NZ Record of Achievement (for exam results). Our intention is to add more applications in the future, to which registered learners will have immediate access using their school account.
How is this different from the Education Sector Logon (ESL)?
The Education Sector Logon (ESL) is used by teachers and staff at schools to access online services required by The Ministry of Education, Te Tāhuhu o te Mātauranga, like ENROL, and other education sector services that support learning.
DI4OL will be used by learners when accessing online learning services.
When can teachers and staff use this?
The initial release is targeted at learners sitting NCEA online exams and accessing their NZ Record of Achievement. However, we expect that some of the applications to be added to the service in the future will be of interest to teachers and school support personnel.
Where is the service hosted?
The DI4OL service itself is hosted in Australia, as part of the Te Tāhuhu Azure presence.
What is The Ministry of Education, Te Tāhuhu o te Mātauranga doing to help schools with cyber security?
In addition to the support currently provided to schools, The Ministry of Education, Te Tāhuhu o te Mātauranga is developing work which aims to strengthen cyber security to protect against cyber-attacks, lower the administrative burden for schools through centralised provision of cyber security and online services, and improve the quality and consistency of digital learning environments. Further information can be found here: Budget 2022 Education Summary of Initiatives.
The Ministry of Education, Te Tāhuhu o te Mātauranga is part of Safer Technologies for Schools(external link) (ST4S). ST4S provides assessments of online products and services used in schools against an agreed security and privacy controls framework. This is managed by Education Services Australia (ESA) on behalf of participating education jurisdictions. ST4S assessment reports are available for authorised staff in state and state-integrated schools and kura to access via the Taku portal. Alternative arrangements are available for private schools to access the reports.
What steps has the DI4OL Project taken to protect privacy?
We have taken a ‘privacy by design’ approach with the DI4OL service, including minimising the information that needs to be shared for the service to work. We have undertaken a Privacy Impact Analysis, with extensive consultation and feedback from the Office of the Privacy Commissioner.
This document has been proactively released to provide transparency and information about the DI4OL service.
Due to the technical nature of the PIA, a plain language summary has also been released to enhance the understanding of the PIA, particularly for teachers, learners and whānau.
If you would like to know more in technical jargon, feel free to email us at Digital.Identity@education.govt.nz.
Is the DI4OL service secure?
Yes. The DI4OL service provides additional security features. This reduces the work required by schools to exchange information with online service providers. It also limits the information online service providers can query from school systems.
DI4OL has completed comprehensive security testing to ensure that it has no known security vulnerabilities with the service.
It is important that learners and schools continue to exercise appropriate security around login information and choose a good password. Advice on choosing a good password can be found here Password policy – best practices – Education in New Zealand. The Ministry of Education, Te Tāhuhu o te Mātauranga hub for Cyber Security information for schools is here: Digital Technology – Education in New Zealand.
I'd like more information, who can I talk to?
For more information, email Digital.Identity@education.govt.nz
Last reviewed: Has this been useful? Give us your feedback