CBSE Drops OnMark Mid-Cycle: The Vendor Exit Risk Every University Must Plan For
CBSE terminated Coempt Eduteck's OnMark platform during the Class 12 revaluation process — a first in Indian board exam history. Here is what happens when a digital evaluation vendor is removed mid-cycle, and how universities can protect themselves.
A First in Indian Examination History
On the same week that CBSE extended its Class 12 revaluation deadline, the board quietly made a second significant move: it dropped Coempt Eduteck's OnMark platform from the revaluation process entirely. The company whose software had been used to evaluate nearly 10 million answer scripts — and which now sits at the centre of a Parliamentary inquiry — was no longer trusted to handle student grievance applications.
This is not the same story as the procurement controversy. That story, about how OnMark won the tender in the first place, has been extensively reported. This story is about what happens *after* a vendor is removed: who holds the data, how students get their revaluation results, whether records remain intact, and what contractual protections exist to make the transition smooth.
The CBSE episode is the clearest signal yet that vendor exit planning is not a footnote in a digital evaluation procurement. It is a core institutional risk that must be resolved before a single answer sheet is scanned.
---
What Actually Happened When OnMark Was Dropped
When the CBSE revaluation and verification window opened in June 2026 — initially scheduled for May 29, pushed to June 1 following technical failures — the board had already made a decision to move revaluation away from the OnMark infrastructure. Students who applied for revaluation would not have their cases reviewed through the same portal that evaluated their original scripts.
This created a set of operational questions that had no precedent:
CBSE did manage to keep the revaluation window operational. But 56,000 applications were received as of early June, and the board simultaneously had to defend against a 3.8 million-packet denial-of-service attack on its portal — all while running on infrastructure that had partially departed from its primary vendor.
---
The Three Failure Modes That Caused This
Understanding why CBSE found itself in this position requires looking at three structural failures that any institution adopting digital evaluation can replicate if it does not plan carefully.
1. No data portability clause in the contract
Industry-standard software procurement agreements require a data portability clause: all customer data must be exportable in a documented, non-proprietary format within a specified number of days of contract termination. The clause typically also specifies who bears the cost of the export and what format structured data must use — typically XML or CSV with a defined schema.
If OnMark's contract did not contain such a clause, or if CBSE's implementation stored scanned images in a format that required vendor tooling to read, the board would have had limited options when the relationship broke down.
2. Vendor-hosted infrastructure instead of institution-controlled deployment
The security flaws discovered in OnMark — a master password stored in plain text in public-facing JavaScript, login verification running client-side in the browser rather than on the server, internal administrative pages accessible without authentication — are the signature of a system built for speed-to-market rather than institutional ownership. Systems deployed on vendor-controlled cloud infrastructure with vendor-written authentication are systems where the vendor retains de facto control of data even when the contract says otherwise.
Institutions that deploy digital evaluation on their own infrastructure, or on major cloud providers under their own tenancy agreements, do not face this problem. The vendor may write the software, but the data lives on the institution's servers and the institution can revoke access immediately.
3. No tested exit plan
An exit plan is not a document. It is a tested procedure: a rehearsed sequence of steps, with named responsible parties, that can be executed within 72 hours of a vendor relationship terminating. Testing the exit plan means confirming that all scanned images can be exported, that the exported files can be read by a replacement system, that evaluation audit logs are complete, and that no student's record is inaccessible during the transition.
CBSE's experience suggests there was no tested exit plan for the OnMark deployment.
---
What Universities Should Require in Every OSM Contract
The CBSE episode translates directly into contract requirements that every university should insist on before signing:
| Requirement | Why It Matters |
|---|---|
| Full data export within 48 hours of notice | Ensures the institution can migrate without a vendor's cooperation |
| Scanned images stored in standard formats (PDF/A or TIFF) | Prevents proprietary lock-in of the core asset |
| Evaluation logs retained in institution-controlled storage | Preserves the audit trail independent of vendor systems |
| Penetration test report before go-live | Validates that authentication and access controls meet minimum standards |
| Escrow of source code | Allows the institution to operate the system if the vendor ceases to exist |
| Clear SLA for revaluation workflows | Defines what the vendor must support after result declaration |
| Named incident response contact with 4-hour response SLA | Ensures accountability during high-stakes result periods |
These are not unusual demands. They are standard in enterprise software procurement. Examination-specific vendors sometimes resist them because they protect the vendor's leverage rather than the institution's interests. Any vendor that objects to data portability clauses should be treated as a serious red flag.
---
The Broader Pattern: Why Vendor Lock-In Is an Examination Risk
Vendor lock-in in digital evaluation has a specific cost that does not exist in most enterprise software categories. If a payroll vendor becomes difficult to work with, the institution can migrate gradually. If a library management system becomes obsolete, the transition can be planned over a year.
Examination records have no such flexibility. Results for a given year must be declared within a statutory window. Revaluation applications have legal deadlines. Students awaiting mark changes to meet admissions cutoffs cannot wait for a vendor transition to complete. When a vendor relationship breaks down during an active examination cycle, institutions have almost no leverage and students pay the cost.
The appropriate response is not to avoid digital evaluation — the benefits in accuracy, audit trail, and speed are too significant to forgo. The appropriate response is to treat vendor exit planning as a first-class requirement during procurement, not an afterthought.
---
Lessons for Institutions Moving to Digital Evaluation in 2026
The CBSE OSM controversy has unsettled the digital evaluation market in India. Some institutional leaders are treating it as evidence that digital evaluation is risky. The more accurate reading is that CBSE's specific implementation choices created risks that are entirely avoidable.
Institutions adopting digital evaluation in 2026 and beyond have the advantage of learning from CBSE's experience rather than repeating it. The four principles that follow from this episode are straightforward: own your infrastructure or control your cloud tenancy, require full data portability from day one, test your exit plan before the first live cycle, and never deploy a system that has not been independently security-audited.
The technology itself is sound. The procurement and deployment decisions around it determine whether that technology serves students or exposes them.
---
Related Reading
Ready to digitize your evaluation process?
See how MAPLES OSM can transform exam evaluation at your institution.