CBSE Re-evaluation 2026: The Central Board of Secondary Education (CBSE) has decided to retain COEMPT Eduteck Pvt Ltd for scanning answer sheets during the ongoing re-evaluation process, even as the Board has moved all On-Screen Marking (OSM) data from COEMPT Eduteck Pvt Ltd’s servers to its own infrastructure following a security review, an IIT official associated with the audit said.
The decision comes after vulnerabilities were flagged in the OSM platform and days after CBSE disclosed that its re-evaluation portal had faced large-scale cyberattacks.
“COEMPT will continue to scan the answer sheets meant for re-evaluation,” the official said.
Defending the move, the official argued that the number of disputed pages was minuscule compared to the scale of the operation.
“Nearly 40 crore pages were scanned, and only around 30,000 were found to have issues. That works out to roughly one problematic page in every 10,000. For re-evaluation, only those disputed pages have to be scanned, so we do not anticipate any difficulty,” the official said.
CBSE Takes Control Of Data
While retaining the vendor for scanning, CBSE has shifted all answer-sheet records and related data from COEMPT’s servers to infrastructure managed by the Board.
“The scanned answer scripts were earlier hosted on the vendor’s servers. We migrated the entire database to CBSE servers and modified the OSM code to run on the Board’s own infrastructure. From a security standpoint, it is preferable for CBSE to have direct control rather than depend entirely on a vendor-hosted system,” the official said.
As of June 4, CBSE had received 70,433 applications under its post-result grievance mechanism, including 7,314 requests for verification of marks and 63,119 applications for re-evaluation.
IIT Teams Audited the Platform
COEMPT’s continued involvement comes amid scrutiny over the OSM portal used for verification of marks, obtaining photocopies of answer books, and re-evaluation.
Following reports of security vulnerabilities and attempted cyberattacks, CBSE engaged teams from IIT Kanpur and IIT Madras to assess the platform.
The IIT official said the cybersecurity exercise lasted more than 10 days and covered both the CBSE registration portal and the OSM re-evaluation system.
The audit involved a “blue team” tasked with strengthening the code and a “red team” that attempted to identify vulnerabilities and breach the system. While the Digital India Corporation (DIC) led the code-hardening process, IIT Kanpur carried out penetration and vulnerability testing.
According to the official, COEMPT engineers remained involved during the transition by helping technical teams understand portions of the codebase, supporting data migration, and implementing security measures.
No Evidence of Data Breach
The security review followed a series of cyberattacks on the re-evaluation portal, including a Denial-of-Service (DoS) attack involving nearly 3.8 million packets on June 3, which CBSE said was successfully mitigated.
The exercise was also prompted by vulnerabilities identified by ethical hacker Nisarga. The IIT official said the student was invited to explain the findings and was appreciated for the work, though no additional audit responsibilities were assigned.
“At this stage, we have not found any evidence of a data breach in the systems that have been put in place,” the official said.
