CBSE May Impose Penalty On OSM Service Provider Over Evaluation Portal Vulnerabilities: Reports

New Delhi: The Central Board of Secondary Education (CBSE) is expected to take action against its On-Screen Marking (OSM) service provider after vulnerabilities were reported in the digital platform used for evaluating Class 12 answer sheets.

According to various News 18 reports, the board is likely to impose financial penalties on Hyderabad-based Coempt Edu Teck, the company responsible for operating the online evaluation system. The move comes after cybersecurity concerns regarding the portal were flagged publicly, triggering scrutiny of the platform's security architecture.

CBSE on Sunday acknowledged that vulnerabilities had been identified in the OnMark portal and said corrective measures had already been implemented. In a statement, the board said cybersecurity experts from different government agencies and Indian Institutes of Technology (IITs) had been engaged to strengthen the system and prevent further risks.

The board stated that the identified weaknesses had been contained and that efforts were underway to ensure no additional exploitable vulnerabilities remained in the platform.
According to reports, the issue gained attention after ethical hackers highlighted potential security flaws that allegedly allowed access to certain data stored on cloud infrastructure. The claims prompted an immediate review of the system's security framework.

Media reports said that CBSE officials have maintained that while vulnerabilities existed, the board has taken steps to secure the portal and patch identified loopholes. Officials have also indicated that penalties would be imposed if the service provider is found to have failed in meeting contractual obligations related to data security and system maintenance.

As per the News 18 report, the proposed action is expected to be taken under provisions contained in the tender issued by CBSE in August 2025 for the OSM project. Reports suggest that the agreement contains strict service-level requirements, including monetary penalties for delays in resolving technical issues and addressing security concerns.

Under the contract terms, vendors may face substantial fines for failing to rectify problems within prescribed timelines. The agreement also reportedly includes provisions for forfeiture of security deposits and termination of contracts in cases of serious violations.

However, according to multiple reports, the possibility of blacklisting the vendor appears unlikely. While the original tender document reportedly included blacklisting as a potential consequence for severe lapses, that provision was removed through a corrigendum issued before the contract was awarded. As a result, CBSE's available options are largely limited to financial penalties and contractual action.

The controversy has emerged at a crucial time, with CBSE preparing to open its post-result services for Class 12 students seeking verification and re-evaluation of answer books. Reports indicate that lakhs of students have already accessed scanned copies of their evaluated answer sheets through the board's digital platform.