Online Testing and Assessment Software

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: There are no specific constraints to the use of TestReach.
We do have minimum specifications for computers on which candidates are taking tests (these are provided on our website), however these are very standard and no specialised hardware is required.
Where the candidate requires Remote Proctoring during their exam, there is a requirement for that candidate to have access to a camera and a microphone on a desktop or laptop computer.
System requirements: For candidates, the minimum computer specification is on our website

https://www.testreach.com/exam-candidate-testreach.html

This is a standard specification and is updated when required

Proctored exams are run in the TestReach desktop app (download)

Non-proctored exams can be run in a browser

Browsers with > 5% market share are supported (http://www.w3counter.com/globalstats.php)

The latest versions of these browsers are supported (browsers auto-update)

User support

Email or online ticketing support: Email or online ticketing
Support response times: We provide standard technical support during office hours and during all remotely proctored exams via email, phone and chat service. We also offer extended support options, at an additional cost, depending on the specific requirements.

Key Metrics Include:
Call , Email & Chat quality - over 98% positive.

Average wait time via phone for Customer Support, 17 seconds (includes time spent listening to OGMs).

Average call handling time < 4 mins.

99.5% of support incidents resolved within 24 hours.

Customer satisfaction with response and incident resolution time - over 98% positive.

99.7% of candidates successfully completed their exam in 2023.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: We have tested the accessibility of the Web Chat.

The webchat service offers:
Screen reader support:
The Messenger is accessible via screen readers.

Colour contrast:
All text in the web Messenger is clearly visible when using colours with enough contrast.

Keyboard navigation:
Every component of the Messenger can be accessed using a keyboard without requiring a mouse or trackpad. — Visual indicators of focus are present for sighted users.
Onsite support: No
Support levels: Standard Technical Support (included):

- UK working hours, Monday to Friday and during any remotely proctored exams we have agreed to run outside of these times.
- Support for up to two admins and for any candidates taking remotely proctored exams.
- Telephone, Email and Chat.
- Included in the cost of the licences.

Weekend Support (optional):
- Cost per day of support provided at weekends (9am to 6pm) is £1,500.

24 x 5 Support (optional):
- For high priority issues (P1 and P2).
- 20% of license fee, subject to a min annual charge of £20,000.

24 x 7 x 365 Support (optional):
- For high priority issues (P1 and P2).
- 30% of license fee, subject to a min annual charge of £30,000.

Test Centre Extended Support (optional):
- Required for exams being run in test centres.
- Support for test centre administrators.
- £3,000 for up to 5 test centres.
- £6,000 for 5 to 10 test centres.

A customer success manager is appointed following the initial implementation of the project.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: There are two options for rolling out TestReach. (1) For clients who wish to outsource the set up and rollout of a test, we offer a QuickStart service. With QuickStart, the client provides the exam questions, signs off on exam papers and supplies candidate details, but our project managers will oversee the set up of the exam, rolling out the exam and will supply results to the client on completion of the exam. If the exam contains constructed-response questions, these will be supplied as pdf files for marking/review outside the system. COST: £1,000 per exam (2) If the client wishes to manage the set up and roll out of exams in-house, we provide a SelfServe service. The client is trained by TestReach over a series of workshops on how to manage exams on TestReach. COST: £6,000. A Management Licence is also required for each admin (different levels of access can be specified for each user) COST: £200 per Management License. Note if online marking of constructed response questions is required (e.g. essays, spreadsheets, videos, etc.) then a minimum of 20 Management Licenses must be purchased. SEE PRICING DOCUMENT FOR FULL DETAILS ON ROLLOUT SERVICES.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: If a client wishes to stop working with TestReach, then if a request is received within 30 days of the contract termination, we will return the client’s data in our standard CSV format through the use of our data exchange centre. All client data is then deleted 30 days after contract termination.
End-of-contract process: At the end of the contract, as standard TestReach will provide that customer's data in our standard format, provided a request is received for the data to be returned within 30 days of the contract termination date.
For any additional end-of-contract services required, additional charges would apply, based on the effort required on the part of TestReach.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Chrome

Safari
Application to install: Yes
Compatible operating systems: MacOS

Windows
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: The TestReach user interface is very intuitive and straightforward to use for both administrators (authors, reviewers, markers, etc) and test-takers.
The screens are very clean, and options are presented in a logical and easy to understand manner.
Even when test-takers may need to access many different resources, eg pdf documents, etc., say for a simulation test, these are all well organised and can easily be expanded and collapsed.
Our service interface is WCAG 2.1 AA for candidates
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: Testreach has engaged with an accessibility consultancy who has run user acceptance testing on our candidate experience. This organization analysed our software using various sets of tools used by users with special needs (e.g. screenreaders) and have provided a list of recommendations that form part of our compliance to WCAG 2.1 AA standard.
API: Yes
What users can and can't do using the API: Our APIs exist to enable integration with our client's existing systems. So for example, to integrate TestReach with a HR system or candidate management system. The API integration points enable candidate data to be uploaded into TestReach and for exam results to move back into a central system of record.
There is a small charge for TestReach to configure and test each standard integration point, dependant on your specific needs. There may also be some work required on the system with which we are integrating.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Standard branding includes logo and branding of the header and login page. There is also is full control over how the exam questions can be configured and added to the examination or test, and how the canvas is presented to the candidate. In addition, the organisation can create test cover pages that reflect their logos and branding when setting up their papers. The Exam Authors can make these changes through the service administrative interfaces.

Scaling

Independence of resources: Running 4M+ assessments per year, the TestReach application architecture is a secure multi-tenant system with auto-scaling, hot failover and multiple redundant systems at all levels of the application infrastructure. TestReach has a comprehensive data isolation strategy to ensure that each customer’s data is held and processed separately. TestReach has been investing significantly in scalability to allow even higher numbers of exams to be delivered concurrently. Data from our monitoring tool shows that the candidate experience currently complies with performance requirements e.g. maximum response time of 5000 milliseconds for each user action server response; 2000 milliseconds for API call response time.

Analytics

Service usage metrics: Yes
Metrics types: TestReach contains extensive data reporting and analytics tools to enable our clients to track usage of the system - number of candidates, number of exams, results of exams, question performance etc. The system includes a business analytics tool which enables our clients to access a number of dashboards and to see at a glance the service metrics they require. Note at least one Management License and Business Intelligence License is required to access the management reporting area of the system.
In addition, a remote invigilation report is provided after each session-based remotely proctored exam.
Reporting types: Real-time dashboards

Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: European Economic Area (EEA)
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: TestReach has a powerful Data Exchange Centre, which was created with an emphasis on user experience and speed. This enables administrators to export and import data associated with candidate bookings and enrolments, exam papers, questions and results. Data is exported in csv format.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: The application, backups and all other TestReach data is held within Amazon’s secure data cloud (AWS). Amazon offers by far the most secure and reliable hosting option globally, which is far superior not only to offering from other hosting vendors but also to anything that could be hosted by a company in-house. The guaranteed uptime provided by Amazon of physical network and server resources is no less than 99.95%.
To date TestReach has not had a major outage of our system, but in the event that there was a major issue that was due to a fault on the part of TestReach, which prevented all tests from being successfully completed, then we would be open to rerunning those tests at no additional charge for our customer.
Approach to resilience: The TestReach application architecture is a secure multi-tenant system with auto-scaling, failover and multiple redundant systems at all levels of the application infrastructure. TestReach has been fully certified under ISO 27001 as complying with the highest standards of data and system security. TestReach is also fully certified under ISO 9001 for Quality Management.
The application, backups and all other TestReach data is held within Amazon’s secure data cloud (AWS) within the EU. All TestReach data is held in the EU and is subject to EU data protection and processing laws. All data is encrypted using 128-bit encryption and SSL. Amazon is a Tier 1 global leader in the provision of IaaS and has completed multiple SAS70 Type II audits. AWS has the relevant BCP’s/DRP’s that cover TestReach’s platform which are built into the TestReach contract for services and is in their SOC2 reporting as well as compliance with relevant industry standards.
Amazon publishes SOC 1 / ISAE 3402 and SOC 2 Type II reports, and is certified under multiple accreditations including ISO 27001, ISO 9001, HIPAA and PCI DSS. They have been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
Outage reporting: TestReach has a full incident management process to deal with the management and reporting out any system outages. Reporting includes:
• A public status webpage is updated
• Any impacted customers running exams are notified as soon as possible.
• Automated response templates, which respond to email support requests, are updated to reflect the fact that there is an issue.
• Phone system messages are updated to reflect the fact that there is an issue.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: A role-based access control model determines which actions a user has sufficient privilege to execute in the system. In this model, permissions are assigned to user roles (Permission Assignment) which, in turn, are assigned to users (User Assignment). The set of actions a user can perform in the system is defined by the combination of all permissions assigned to all roles assigned to the user.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: CDL Group Ltd
ISO/IEC 27001 accreditation date: 25/04/2022
What the ISO/IEC 27001 doesn’t cover: The ISO 27001 covers information security management, but we also have ISO 9001, which covers quality management.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: TestReach is ISO 27001 compliant, which covers a whole range of system and procedural measures relating to data security, independently audited each year. TestReach has a comprehensive data isolation strategy to ensure that each customer’s data is held and processed completely separately. A role-based access control model that determines which actions a user has sufficient privilege to execute in the system. Permissions are assigned to user roles (Permission Assignment) which, in turn, are assigned to users (User Assignment). The set of actions a user can perform in the system is defined by the combination of all permissions assigned to all roles assigned to the user.
A data ownership mechanism determines the specific datasets to which a user has access. TestReach implements interceptors that check the relationship between users and objects, in order to identify the objects on which a user can perform the actions as defined.
Also, TestReach has a detailed Logical Access Handbook which assigns team members access only on basis of least privilege (users are provided with the least possible access level to allow them to perform their duties) and all employees sign non-disclosure agreements. Also we have a detailed Information Security Policy.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: As a SaaS software application, TestReach has a continuous release cycle. All updates go through rigorous design, review and testing procedures which ensures adherence to best practice and includes non-functional requirements such as maintainability, reusability, reliability, security, performance and scalability.
There are also multiple gated steps in the release cycle, each of which includes additional cycles of testing, such as: release to Staging Environment, deployment to the Performance Environment, etc.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: TestReach security practices are aligned with the industry best practices and with the IGRM Secure Development Principles. Performing regular penetration tests (at least annually), applying static code analysis tools in the continuous integration process, timely patch application, mapping out STRIDE mitigation strategies, amongst others have been embedded in TestReach's development process
Procedures exist to protect against infection by computer viruses, malicious codes, and unauthorized software.
TestReach follows OWASP protocols to ensure that hacking/malware/viruses do not impact our clients' data. Also, our servers are hosted in the Amazon Cloud, whose physical infrastructure is protected by the highest safety and security restrictions.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: TestReach runs in AWS data centres, which have controls and monitoring in place to secure and protect assets. Hardware monitoring is based on AWS CloudWatch and some custom metrics are also provided by additional monitoring agents running in each of the servers, which include monitoring related to both performance and security.
Application-level monitoring tracks factors such as response time, error rate, latency breakdown by service, log errors occurrence, as well as some other security related metrics.
Incident management type: Supplier-defined controls
Incident management approach: TestReach has a detailed incident management process with pre-defined actions. Users may report an incident to our customer support team, who will monitor this to see if it is an isolated issue or will flag this to the management team if it is a wider issue. The incident management process will be activated which includes the technical team working to resolve the issue & regular updating of the system status website. Support phone messages and automated support email responses are also updated. In the case of a major incident during an exam, an incident report is produced for impacted customers.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Equal opportunity

There are many ways which TestReach supports considerations of Equality (EDI) in terms of recruitment, staffing and content production. Some key items:
Gender Representation and Equal Opportunity: TestReach is proud to support equality across genders in the company and to tackle workforce inequality. In TestReach 75% of management roles are held by women. The two TestReach co-CEOs, Head of Services, Head of Marketing, Head of Growth, Head of Customer Success, Development Manager, Head of Bookings & Operational Insights and
Head of Customer Support are all women.
•Tackle Workplace Inequality and Create New Businesses: The TestReach co-CEO Louella Morton is an Ambassador for Going for Growth, an organisation that assists women to set up their own businesses. Louella speaks at an average of 5 events per year in support of this role. In the first two months of 2024 she has presented twice at events set up by Inspiring Women Entrepreneurs (an off-shoot of Going for Growth). This is a positive support in tackling economic inequality, helping the creation of new businesses and improving health and well-being for female entrepreneurs.
Award for Supports for Equality: In recognition of her efforts to tackle workplace inequality and to provide community support for female entrepreneurs, Louella Morton has twice been acknowledged by Deloitte Fast 50 Awards as an Advocate for Women in Technology
•Equal Opportunity: TestReach staff include a substantial representation from the LGBTQIA+ community
TestReach has inbuilt functionality to allow content to be authored to support equity, diversity and inclusivity for all candidates. Question content can be authored using our very intuitive and straightforward authoring interface and presented to candidates in our service interface which is WCAG 2.1 rated. Content created in TestReach supports EDI through several features that allow all candidates to access content in a fair and easy to understand manner.

Pricing

Price: £5.50 to £16 a unit
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Taking a "dummy" exam on TestReach can be arranged, where an existing sample exam that we already have on our system is used.

Online Testing and Assessment Software

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Online Testing and Assessment Software

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents