Live/Human invigilation (no AI/no biometrics) and Record&Review (AI/no biometrics)
Examity is the market leader for online invigilation with 24/7 assessment access and support worldwide.
As your online quality assurance partner, we have the lowest candidate to proctor ratio in the world, delivered with the lowest proctor waiting times.
Online invigilation is our only focus; and we love it!
Features
- Live / Human invigilation (no AI / no biometrics)
- Record & Review / Automated invigilation (AI / no biometrics)
- Lowest average candidate to proctor ratio (2:1 in 2021)
- Lowest average proctor waiting times (51 seconds in 2021)
- Lowest average assessment launch times (under 5 minutes in 2021)
- 100% post-assessment human auditing
- Video recording of candidate's environment + desktop
- c. 1,500 invigilators and support staff
- Global exam access and service support 24/7/365
- GDPR compliant with EU based storage and hosting
Benefits
- Save time and money when delivering secure online assessments
- Align your online quality assurance with a market leader
- Improve user experience with our lowest candidate to proctor ratio
- Reinforce key stakeholder trust with online proctoring evidence
- Comply with regulators around the world
- Greener and cleaner assessments than test-centre experiences
- Easy to use with 24/7/365 exam access and support worldwide
- Easy access to meaningful reports for your stakeholders
- 100% accountability with recorded videos of assessments
- 100% compatible with online and on-campus learning
Pricing
£4 to £23.50 an instance
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
7 2 6 6 1 2 8 1 0 9 4 1 1 6 8
Contact
Examity Inc.
Mark Woodcock
Telephone: 07886090645
Email: mwoodcock@examity.com
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- Google Chrome add-on extension
- Cloud deployment model
- Hybrid cloud
- Service constraints
-
Online invigilation solutions are not compatible with tablets and smartphones (only ID authentication).
We are platform agnostic and will integrate with all LMS / e-assessment systems, but we do not provide exam management software. - System requirements
-
- Laptop or desktop camera
- Built-in microphone
- Desktop, laptop, or Chromebook
- Google Chrome
- Internet connectivity of 2Mbps upload / download
- MacOS, Windows, ChromeOS
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We offer 24/7/365 support. All queries are managed and responded to within 24 hours. In case of emergencies, support requests can be addressed within the hour.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- We have delivered services to users with assistive technology. We are compatible with most assistive technologies in education.
- Onsite support
- Yes, at extra cost
- Support levels
-
Standard support will include (at no extra cost):
- 24/7/365 phone, email and live chat support
- A dedicated account manager (incl. training)
- A dedicated project manager for successful platform integration - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Examity is dedicated to ensuring all users are comfortable with our software and processes. With this in mind, we look at training as an ongoing process for our clients at no additional cost. At the start of the engagement, we will offer complete training for all team member. Understanding that team members change, and programs may grow, we always offer additional training for your team.
As part of the onboarding process, administrators are given unlimited, live training sessions with a dedicated account manager. Group sessions last between one to one and a half hours and one-on-one trainings last between 15 and 30 minutes. As your programs grow, the Examity account manager will also provide one-on-one or group trainings to all future users. In addition, the Examity account manager is accessible for any questions that may arise once training is complete. At the conclusion of the training, administrators are provided everything user guides, video tutorials, and toolkits. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Client data is stored (including PII and ID images) for the duration of the contract. Examity will deliver data in pipe-delimited encrypted format. Following the handover, we follow standard data purge and destruction protocols and confirm in writing when completed.
- End-of-contract process
-
Examity will deliver client data in pipe-delimited encrypted format for consumption upon the termination of contract/service with the client.
Examity will follow standard procedures to decommission the product tenant and all integrations.
There is no cost for the end of the contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Chrome
- Application to install
- Yes
- Compatible operating systems
-
- MacOS
- Windows
- Other
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile phones and tablets represent an assessment security risk and provide a weak vehicle for a robust service and invigilation delivery. Laptops are the best mobile devices organisations and exam candidates use for online invigilation.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
- Test-takers have a dedicated dashboard
- Administrators or instructors have a dedicated dashboard
- During live invigilation, all test-takers are served by a live proctor
- During automated invigilation, all test-takers follow the process
There are 5 key stages in serving test-takers:
1. Setting up a test-taker profile and scheduling an assessment
2. Connecting to proctoring service on the scheduled date
3. ID authentication
4. Taking the exam or assessment
5. Submitting the assessment and ending the proctoring session - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We are compatible with most assistive technologies in education and have delivered online invigilation services using these technologies since 2013.
- API
- Yes
- What users can and can't do using the API
-
Our standard RestAPIs can:
- Help users schedule assessments
- Help users transfer test-taker data from their platform to their profile
- Help test-takers take their assessments from their dashboard into the the user's chosen platform
We also have the capability to create APIs to deliver a customisable service. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Upon request and depending on the value of the agreement:
- We can deliver a branded integration
- We can integrate with proprietary platforms
- We can customise to multiple languages
- We can customise the ID authentication process
- We can customise the use of our technology
- We can customise proctor training to meet local/global needs
Scaling
- Independence of resources
- We always plan for a scalable service delivery. Customers only pay for what they use on a monthly basis.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
- Candidate to proctor ratio (e.g. 1:1 or 2:1)
- 100% delivery of recorded videos
- 100% delivery of post-assessment human auditing
- Proctor waiting times
- Assessment launch times
- Blue, green, yellow and red flags (e.g. broken rules and violations)
- No shows, incomplete/ completed exams
- Scheduled or not scheduled assessments - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
- Excel
- PDF
- Video - Data export formats
-
- CSV
- Other
- Other data export formats
-
- Excel
- Video
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Our standard SLA: In the event of an unplanned outage of the Services of any duration, Examity shall notify the client within sixty minutes of the outage and update the client every four hours. Examity will credit the client commencing on the date and time of the opening of a “trouble ticket” or similar mechanism and ending at the close of the same by Examity's technical support as follows, provided however that no credit shall be given for an outage directly or indirectly resulting from: (i) the negligence of University; (ii) scripts, applications, equipment or services provided by University; (iii) outages initiated by Examity at the request or direction of the client for maintenance, back up or other purposes; or (iv) any force majeure event.
Outage
Credits per Outage - % of monthly charges for affected products
0-8 hours duration
No Credit
8-16 hours
2.5%
16-24 hours
5%
In excess of 24 hours
7.5%
Wait Time
Credits per average monthly Wait
Time - % of monthly charges for affected products
0-9 minutes and 59 seconds
No Credit
10 min-14 min and 59 sec
2.5%
14 min-19 min and 59 sec
5%
In excess of 20 minutes
7.5% - Approach to resilience
-
Our high-availability environment mitigates the risk of unplanned service disruptions through a combination of system processes, software, hardware, and infrastructure components, all backed by our dedicated 24/7/365 engineering support team. Our design eliminates single points of failure and decreases the impact of planned disruptions, such as upgrades or maintenance windows.
Examity maintains 99.99% up-time and has a robust configuration, patch, and change management process with full redundancy in place for performance and scalability. Examity maintains a 24-hour RPO and 72-hour RTO.
We manage redundancy to handle power outages by providing redundant datacenter power and onsite diesel generators. Our data centers deliver a zero-downtime network, and our servers receive continuous internet connectivity, providing an unparalleled experience for our customers and their end-users. Engineers are on-site 24/7/365 to ensure backups are always running and to conduct emergency restores if needed. Our provisioning system allows us to deliver faster operating system re-installs for our customers as needed. Our datacenter has dedicated personnel that maintains onsite part inventories and guarantee the replacement of failed hardware within a single hour. - Outage reporting
- In the event of an unplanned outage of services, Examity will notify client contacts within 60 minutes of the outage and provide updates to client contacts every four hours that detail the corrective actions taken and the status of such actions.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Credentials for platform administrators are closely managed with a strict revocation process for any changes in staff or their roles.
Authentication of Exam administrators on the platform uses two-factor authentication.
Our Authorization model for administrators of the SaaS platform implements strict separation of duty, and principle of least privilege concepts. Access for system administrators is further restricted to VPN access into the datacenter(s), only from specific approved locations. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Our Security Governance begins with the Security Committee: CISO, CTO, COO, VP of Products and VP of Operations. We organize our Security Program using the NIST CSF and self-audit against the ISO/IEC 27001 standard. Our program includes best-practices and administrative, physical, and technical controls: e.g., firewalls, encryption, intrusion detection, and platform monitoring. We limit all access to any PII on a "need to know" basis.
Examity complies with international privacy regulations including FERPA, FIPPA, GDPR, COPPA and HIPPA.
The CISO and CTO of Examity are the contact points for GDPR-related information requests, assessment and discussions. - Information security policies and processes
-
The following are the core components of our overall Cyber Security Program:
• Cyber Security & Risk Management Committee: Examity has established an executive level Committee to oversee its corporate governance of Cyber Security. That team is led by the Examity CISO, CTO, VP of Products, VP of Center Operations, and Chief Administrative Officer.
• Cyber Security & Risk Management Governance: Examity has adopted the ISO/IEC 2700x and NIST Cyber Security “Frameworks” to organize and govern our overall Cyber Security efforts.
• Cyber Security & Risk Management Assessment: Company-wide security assessments are performed annually, using the NIST CSF and ISO/IEC 27001 standards as our benchmarks. Our SaaS platform security assessments are now performed continuously in our DevSecOps, and annually via 3rd party pen testing (e.g., Veracode in 2019). These inform more specific assessments such as PCI DSS, GDPR, CSA CAIQ, etc., for which Examity publishes attestations on an annual basis. Our CISO holds an ISACA "CISA" certification and has established a process for continuous improvement.
• Cyber Security & Risk Management Program: Examity has a corporate-wide CS/RM Program that includes a broad set of traditional administrative, technical, and physical controls applied to company-wide, and specifically to the Examity SaaS platform.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Our process is in place to ensure the customer is given ample time for review, plan, assessment and adoption of new releases. We have a defined roadmap of upgrades and patches. This includes planned patch management, with minor releases and major annual upgrades with proper alignment. Patch management for application, infrastructure, network, OS and databases follow the same stringent protocols.
Dedicated staff are assigned to handle updates in the Examity infrastructure and systems as a result of platform and browser releases. We manage communications and rollback procedures to handle software updates, security patches to ensure no disruption to normal operations. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Examity employs a strict vulnerability/patch lifecycle management of all systems, basic patch/computer hygiene, etc.
Patching of all components of our production systems is well coordinated with operations, and any downtime is carefully scheduled with proper notification to affected stakeholders in advance.
We perform annual Penetration Testing on both our SaaS platform and the corporate network using top-tier vendors.
Our DevSecOps environment and processes continue to mature, incorporating DAST (blackbox), SAST (whitebox), and SCA (software component analysis) directly into the development, testing, and deployment stages of our SDLC. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We perform active 24x7 monitoring for security events, including but not limited to, regularly reviewing and analyzing audit logs, logging for ingress and egress communication, monitoring and login attempts and authentication failures, security monitoring and logging for access to critical system files, security monitoring and logging for suspicious activity (e.g. on the network, database, IDS, IPS), logging for access to personal or sensitive information, access to critical system files, account changes, configuration changes, and all web requests.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
A dedicated communication and resolution team handles our Incident Response Plan (IRP) which is reviewed annually. The main phases of our IRP are based directly upon industry recognized best practices as described in the SANS Incident Management Handbook, the NIST Special Publication 800-61, ISO/IEC 27035 (Security Incident Management, 3 part series), and AICPA guidelines. These phases include: Preparation, Detection / Identification, Containment, Forensics, Eradication, Notification, Recover, Restoration, and Continuous Improvement.
Client-dedicated managers handle all communications through the life cycle of an incident, including root cause and resolution documentation.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Online invigilation and digital assessments considerably reduce carbon footprint because:
- Test takers or exam candidates don't need to travel repeatedly in order to take an exam (e.g. the exam can be taken at home or in the office)
- Assessors don't need to fly around the country or around the world in order to set exam parameters, collect exams or invigilate exams
- Exam logistics no longer require postal services if assessment is 100% online and quality assured by online proctoring / invigilation - Covid-19 recovery
-
Covid-19 recovery
Examity can help organisations move to online assessment in severe cases such as Covid-19 or other natural disasters. - Equal opportunity
-
Equal opportunity
Examity is an equal opportunity employer but also believes in equal opportunities for fair and valid online assessments for all, regardless of backgrounds or beliefs or learning needs. To this aim, Examity can configure its online invigilation requirements to meet the needs of specific cultures, national policies and / or learners with specific accessibility requirements.
Pricing
- Price
- £4 to £23.50 an instance
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Depending on business volume, we can provide:
a. a demo environment which allows customers to navigate the administrator and/or test-taker dashboard without taking an exam (smaller clients) OR
b. 500 - 1,000 live or automated proctored exams for free (larger clients with 10,000 - 50,000+ exams per year)