Inspera Assessment

Digital Assessment Platform

Inspera Assessment is a complete assessment platform for planning, authoring, delivering, marking, analysing, and reporting. Inspera Assessment works PC, Mac, iOS, for both high stakes and low stakes exams, Android for low-stakes exams, and meets regulatory requirements for universal design. The multi-tenant solution covers all forms of assessments.

Features

• Item banking and online authoring
• Assessment planning and assessment process management
• Onscreen assessment delivery
• Test taker monitoring and support
• Marking, grading, feedback and moderation
• Results determination and issue
• Assessment data analysis and reporting
• Lockdown browser examination delivery
• Remote proctoring

Benefits

• Control and collaboration for content creation and item banking
• Secure delivery of online exams and assessments
• Control assessment processes with roles and contributors, deadlines and tasks
• Easy and safe submission of assessment responses onscreen
• User management including tasks and deadlines
• Construct assessments for onscreen and paper submission in same test
• Holistic platform to manage all assessment forms
• Use advanced analytics tools for question quality and results determination

£10 a user

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at harvey@inspera.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

208118379642203

Contact

Harvey Tayman
+44 20 7438 2060
harvey@inspera.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Planned maintenance and monthly release schedules are available from: https://status.inspera.no/
• System requirements:
  • Supports latest 3 versions of Microsoft Windows
  • Supports latest 3 versions of Mac OS
  • Supports latest 2 versions of Google Chrome
  • Supports latest 2 versions of Mozilla Firefox
  • Supports latest 2 versions of Microsoft Edge
  • Supports latest 2 versions of Apple Safari
  • Support.inspera.com/hc/en-us/articles/360018510132-System-requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard support hours are 8am - 5pm Monday to Friday, UK time. Response times vary due to incident priority.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Inspera provide 2nd line product support to customers as standard. Enhanced support can be purchased at extra charge. ; ; Inspera provide a named Account Manager who oversees customer support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training is done according to a train-the-trainer concept where Inspera trains the client’s super users, who will then train faculty staff.; ; Basic onboarding includes asynchronous training workshops. ; ; Enhanced onboarding includes synchronous online training webinars based on the different modules of Inspera Assessment:; - Author; - Deliver; - Monitor; - Grade; ; The training sessions are typically 2-3 hours online workshops. Onsite training packages are available on request for an additional price.; ; Students do not need training sessions to adopt Inspera Assessment. The platform contains practice exams that students can take to familiarise themselves with the tool and to verify that their laptop meets technical requirements.; ; Training and onboarding can be tailored to meet your specific product use case.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: On the termination or expiry of any agreement with Inspera, the customer is entitled to require that Inspera destroys all the customer data or returns this via data dump to the customer. Inspera will certify that is has been done.
• End-of-contract process: Data extraction or deletion is included in any subscription level.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Inspera Assessment is accessible through mobile devices (iOS and Android). ; ; Inspera Exam Portal (lockdown browser) is not supported on mobile devices.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Customers can use Inspera open APIs to integrate with Inspera. This feature requires activation.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Login pages for staff and students can be customised.

Scaling

• Independence of resources: Inspera Assessment is a resilient and scalable solution for high-stakes, high-volume testing. It caters for institutions that have large number of students, subjects and exams. The technical architecture places no restrictions on the scalability of the service. Release plans, test environments and the possibility for customers to reject upgrades in the service gives customers control over the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics can be viewed both in the UI and via data reports.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Inspera Assessment supports the import and export of structured questions in XML-format through the industry standard IMS QTI v2.2, import via QTI 1.2 and QTI 2.1. This enables the bulk exchange of questions both from and to third-party item banks. All question types except Documents are supported.; ; Question text can also be copied by the use of shortcut keys Ctrl+C, Ctrl+V (PC), or the corresponding command on the Mac devices in order to copy text from MS Excel/Word and other files.; ; Student can sign out their submissions in pdf, which will delete the submission from all servers.
• Data export formats:
  • CSV
  • Other
• Other data export formats: QTI 2.2
• Data import formats:
  • CSV
  • Other
• Other data import formats: QTI 2.2

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Guaranteed service availability for Inspera SLAs are:; ; Standard SLA:; 99.8% (measured monthly, but excludes planned maintenance); ; Premium SLA:; 99.9% (measured monthly, but excludes planned maintenance); ; ExamDuty SLA:; 99.9% (measured monthly, but excludes planned maintenance); ; Penalties for breaches are contractually agreed with each customer.
• Approach to resilience: Available on request
• Outage reporting: Service Uptime and significant incidents can be monitored at any time through the status pages at: status.inspera.no.; ; Status pages show the status of the most important modules of Inspera Assessment and key integrations. Any unexpected outage or decreased quality of service, will be announced on our status page immediately. Customer´s employees can subscribe to updates to receive email notifications whenever Inspera creates or updates an incident, and hence be alerted instantly.; ; The status page messages can also be integrated into a customers monitoring console through an RSS-feed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Authentication and authorisation for students are usually done through integration with:; ; Identity and Access Management System (IAM) for authentication; Student Information System (SIS) / Student Records System (SRS) for authorisation; In the Nordics enrollment happens automatically through integration with an SIS such as FS and LADOK, and in the UK, through an SRS such as SITS.; ; For institutions without SIS integration, the students can either be manually registered and enrolled, or they can be enrolled through exam PIN codes given to the students after sign-up/login.
• Access restrictions in management interfaces and support channels: Management interfaces are protected with strong password requirements, optionally with MFA, and all traffic is using secure communications.; ; Third party systems used for support have similar access arrangements. Specifically, service desk is using Atlassian Service Desk to communicate with clients regarding reported issues.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: "Inspera Information Security Policy" (currently version 1.3) is the official guiding document here and can be provided on request. It covers organisation, Asset classification and control, Personnel security, Discrepancy Processing, Physical and Environmental security, Communications and operations management, Access control, Systems development and maintenance, Compliance, Role and responsibilities Inspera (including joining/leaving procedures), Business Continuity Management and more.
• Information security policies and processes: Information Security Policies and Processes are governed by the Security Governance Board (SGB) which meets quarterly. The SGB ensures that all Security Policies and Processes are upheld, including: ; ; Acceptable Use Policy; Data and Information Systems Backup Requirements; Email Disclaimer Requirements; Endpoint Security Requirements; Granting access to data in/from Inspera Assessment; Identity and Access Management Requirements; Information Management Standard; Information Security Classification; Infrastructure Security Requirements; Mobile Device Management Requirements; Physical Security Requirements for Offices; Secure Development Requirement; Supplier Security Requirements; Vulnerability Management Requirements

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Inspera Assessment is a flexible platform which has been designed to allow bespoke configuration per customer tenancy. Inspera track the market place configuration of each tenancy.; ; Inspera have a Change Advisory Board (CAB) responsible for the evaluation of potential security impacts for each change request.; ; Inspera can provide further information about our Change Management process on request.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Potential threats are evaluated as part of every new functionality developed and as part of every monthly release. In addition to these application-level threat assessments, we follow security bulletins and keep up with AWS Security Best Practices. For critical security issues, we do hotfixes between monthly releases - often in a matter of days. Issues from our regular third party penetration tests are categorized and followed-up. No issues classified as "medium" or higher are currently outstanding from these reviews.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We combine industry best practices for infrastructure monitoring with AWS GuardDuty and application-specific monitoring, including machine learning for detection of anomalies. Being a service used to deliver exams and other high-stakes tests, Inspera Assessment has had security as one of the principle guidelines when building the service with strict requirements from many of our clients and with attack vectors being evaluated by both researchers and students as well as third parties.; ; Incident response time is determined by criticality, with the highest category being worked on 24/7 until solved - typically deployed within days of discovery.
• Incident management type: Supplier-defined controls
• Incident management approach: User report incidents to our service desk via web formular, email or phone, where they follow this general Incident Management Process (taken from the table of contents chapter 3 of "Inspera Incident Management" version 3.2, that can be shared on request):; ; 3.1 Identify and log the incident; 3.2 Categorise; 3.3 Prioritise; 3.4 Respond; 3.4.1 Inspera Incident Resolving Process; 3.4.2 Pro-Active User Information and Monitoring; ; The service desk gives a single point of contact and the reporter follows the issue from start to end. In addition aggregate reports are available as agreed upon.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Inspera takes its commitment to environmental matters seriously and it is for this reason that we have formalised our commitment and become an EcoLighthouse certified company (certificate available on request). For further information please also see www.eco-lighthouse.org
• Equal opportunity:

  Equal opportunity

  Inspera is committed to eliminating discrimination and encouraging diversity amongst our workforce. Our aim is that our workforce will be truly representative of all sections of society and each employee feels respected and able to give of their best.; ; To that end, the purpose of Inspera's Equality policy is to provide equality and fairness for all in our employment and not to discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion or age. We oppose all forms of unlawful and unfair discrimination.
• Wellbeing:

  Wellbeing

  The wellbeing of employees, contractors and others working for Inspera shall always be a priority. We shall have a safe working environment and not put life or mental or physical health in jeopardy. We shall comply with local Health, Safety and Environmental (HSE) legislation and ensure that Inspera has a low environmental footprint through various initiatives.

Pricing

• Price: £10 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at harvey@inspera.com. Tell them what format you need. It will help if you say what assistive technology you use.