Maxexam
Maxexam is a secure end-to-end exam management system designed to help healthcare educators develop high quality, effective exams, and drive improvement over time (eAssessment).
Maxexam can be used to run both written and clinical exams (OSCE). Successful exams can be run face-to-face, remotely or using a hybrid model.
Features
- Securely manage questions from anywhere
- Standard set using methodologies including Ebel, Angoff, and Borderline Regression
- Blueprint exams according to curricula, question bank or customisable fields
- Run exams onsite, remotely or within a hybrid environment
- Invigilate remote exams using Maxexam's Active Invigilation Model (AIM)
- Grant external examiners permission to securely peer review exams
- Built-in marking scheme moderation to determine grading
- Cheat analysis tools incorporated as standard
- Analysis tools include discrimination index, item reliability, Pearson's PCC
- Measure individual and group candidate performance against course objectives
Benefits
- Work seamlessly whether your team is onsite, remote or hybrid
- Map learning outcomes, identify curriculum gaps and enhance candidate feedback
- Identify suspicious behaviour quickly during marking
- Quickly get feedback on exams from all stakeholders
- Analyse question and item performance, apply findings to future exams
- Detailed personalised feedback to candidates according to performance against curricula
- Secure exam app ensures parity of delivery for candidates
- Drive continuous improvement in exam development with targeted feedback
Pricing
£20 to £50 a licence a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 5 9 9 6 2 2 6 8 1 5 2 3 4 1
Contact
MAXINITY SOFTWARE LIMITED
Geoff Hazell
Telephone: 0117 428 0550
Email: geoff.hazell@maxinity.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- There are no constraints
- System requirements
-
- Minimum requirements for devices, browsers, and internet connectivity
- Minimum base licence fees are applicable
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support via these channels is provided from 8:30am to 5:30pm (UK time) Monday to Friday, and any queries out of office hours will be responded to as soon as possible the next working day.
Full SLA's are available in our terms and conditions document.
Bespoke, out of hours and weekend support (on-site and remote), are available at additional cost. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Standard support is included in all licences, along with an assigned Project Manager as required.
Additionally, we provide tailored support options, including out-of-hours and weekend assistance, both on-site and remotely, which are available for an additional fee. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Comprehensive implementation and onboarding services are provided and organised by the Project Manager.
During the kick-off workshop, the Project Manager will work with the customer to define success factors, along with agreeing the implementation objectives and scope.
Additionally, they will identify the relevant stakeholders and associated roles, along with agreeing the timelines and necessary training and resources required.
A thorough training programme is available, with bespoke user documentation created to support this.
In addition, professional services such as consultancy are available on request. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- We can provide data at the customers request. Data is provided in a csv format or via system backup as agreed with the customer.
- End-of-contract process
- At the end of the contract, all customer proprietary data is exported, and then deleted from the Maxexam system.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Users have access to identical functionality across both the mobile and desktop services.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
-
Maxexam offers a 3-level service interface.
1) Standard user interface for managing exams, questions, scenarios, curricula and users.
2) Site management area that gives Managers access to the site's system resources and settings.
3) System management area available to System Managers only and giving access to the system state, settings, contexts, templates, standard settings, gradings, exam media, system emails, creating and restoring backups, branding, and reports. - Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- The Maxexam administrative system provides Administrators the ability to manage assessments and partially complies with WCAG 2.1 level A standards. An identified limitation within the interface involves statistical data presentations and complex tables lacking appropriately defined values. Nevertheless, the administrative system is logically structured, presenting information consistently to facilitate navigation with assistive technologies. It also offers multiple pathways to access information and includes bypass blocks to enhance navigation for users. A Voluntary Product Accessibility Template (VPAT) is available upon request. We are committed to ongoing improvements to enhance system accessibility.
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Branding can be tailored, allowing instances to integrate customer logos and colour schemes to match their organisational branding. Information fields within each instance can also be adjusted.
Additionally, certain features can be enabled or disabled as needed.
Customisation can be performed by Managers and System Managers.
Scaling
- Independence of resources
-
All customers are provided with their own separate instance or several separate instances each dedicated to their organisation's structural units.
Customers have the option to run instances on their own servers.
The system implements multilayer performance monitoring through our internal configuration management system. This system continuously evaluates instance availability by accessing it from a different server and network.
Performance is monitored internally by our third-party hosting provider (Claranet), offering extensive scalability.
Furthermore, the system architecture incorporates internal load balancing mechanisms.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Real-time dashboards and reports are readily available and are highly configurable to include candidate results, exam performance, usage, roles, progression, and access.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Managers can access exam exports anytime after the exam. This includes both raw exam data and exam results, which are available in either XLS or CSV format.
- Data export formats
-
- CSV
- Other
- Other data export formats
- XLS
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
All Maxexam instances undergo continuous monitoring, triggering alerts in case of system unavailability. Scheduled updates are exclusively performed during clients' out-of-hour periods.
For instances hosted on Maxinity secure servers, the contract with Claranet ensures a 99.95% uptime guarantee.
Moreover, Maxinity offers an emergency backup service for all Maxexam clients, providing resilience against server outages during critical time periods. - Approach to resilience
-
We mandate full server backups and offer Maxexam data backups.
If a server failure occurs before an exam, we can access your Maxexam instance on an alternate server.
The Maxexam Exam App's secondary path will seamlessly connect to the server after the primary path fails.
Further information available on request. - Outage reporting
- We continuously monitor all Maxexam instances and promptly notify affected customers of any outages through confirmed communication channels.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Maxexam accommodates a diverse array of user types, each with different access levels and permissions. Access levels are applied at every level of data structures, such as question banks, ensuring granularity.
Site-wide Managers can be easily disabled or have permissions revoked as needed. A comprehensive range of roles enables users to access only relevant information at any given time. The system supports anonymising key details, such as candidate names, to maintain impartiality.
Maxinity maintains a secure super user access to swiftly address any critical issues that may arise. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Our organisation is committed to adhering to the foundational principles outlined in ISO 27001 and is actively establishing an Information Security Management System (ISMS). Currently, we are in the process of transitioning our operational practices into documented policies. This strategic initiative underscores our dedication to protecting sensitive information and ensuring the integrity, confidentiality, and availability of data across all operations. Our goal is to continually enhance this protective layer of our organisational infrastructure against potential cyber threats and vulnerabilities.
Following the ISO 27001 standard, we seek to strengthen our resilience, foster trust among stakeholders, and demonstrate our commitment to upholding relevant standards of information security. We are dedicated to pursuing certification, which will further validate our credibility as a trusted custodian of sensitive information, as already affirmed by our customers.
To ensure adherence to information security principles, we conduct regular risk assessments, with senior management consistently reviewing the company's current infosec posture.
Our cloud services providers are certified to multiple standards, including ISO 27001, SOC 2, and other industry frameworks.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We manage the configuration and change requests within our internal ticketing systems, following our established process. All communication between us and our customers is meticulously tracked to capture request sources, reasons for change, problem statements, expected outcomes, issue type, estimated effort, impact, and reach. Additionally, we document impediments, transitions through our SDLC, assignees, and release versions.
Changes go through the 2-level refinement process where they undergo risk-benefit analysis and get assessed for their potential security impact. Changes are fully auditable, extensively tested and released within a specific version of the software for extended traceability and configuration management. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Our process begins with an initial review to understand the nature of the issue and our level of control. We swiftly address threats, with response times tailored to the issue's urgency and our ability to intervene, sometimes resolving issues in under an hour.
We offer a robust issue tracking and patching system, prioritising the system's continuity.
Resolution timing varies depending on the issue's nature. If necessary, we will implement emergency patch measures.
To stay informed about the latest threats and vulnerabilities, we draw from various sources including cyber essentials threats, security networking, and platforms like OWASP. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
1.Monitoring and logging systems to track and report suspicious activity to administrators.
2.Codebase and infrastructure security testing.
3.Adhering to secure coding and design principles.
4.Regular risk assessments.
5.Continuous evaluation and enhancement of security practices.
6.Remaining vigilant of emerging security threats.
7.Educating users on best security practices.
In the event of a security incident, immediate action is taken. Support, management, and development teams collaborate to triage the issues and devise an incident response plan. This plan outlines the necessary steps and timeline to contain the incident, minimise damage, restore normal operations, and extract valuable lessons for further enhancing security measures. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have established processes for common events, and users can report incidents through various channels, which are then captured by our support team. These incidents are documented in our internal communications tracker, categorised based on urgency and complexity, and handled accordingly.
Complex issues are triaged and resolved in collaboration with our development team, with any necessary documentation and tracking conducted as a development task.
If needed, help guides are updated upon incident resolution to enhance self-help capabilities for our clients.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
Fighting climate change
As a responsible business we are committed to integrating sustainable practices across all aspects of our operations and are currently in the process of finalising our comprehensive sustainability plan, which is being designed to align with the UK's ambitious environmental standards and guidelines. This plan encompasses a wide range of initiatives, including reducing our carbon footprint, enhancing energy efficiency, responsibly sourcing materials, and minimising waste. Our goal is not only to comply with current environmental regulations but to set a benchmark for sustainability within our industry.Tackling economic inequality
We recognise the diverse socio-economic backgrounds of the candidates and students who rely on our software. In designing our products, we are committed to ensuring equity in both performance and user experience. It is our core belief that access to high-quality technology should not be contingent upon one's financial means. Therefore, we meticulously craft our software to guarantee that no individual is at a disadvantage due to the limitations of their available systems.Equal opportunity
Maxinity is continuously monitoring its software in accordance with Web Content Accessibility Guidelines and is committed to enhancing user experience. We are dedicated to improving our users experience and ensuring that all user feedback is used to improve our product.
Pricing
- Price
- £20 to £50 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- No