Inspera Assessment is a complete assessment platform for planning, authoring, delivering, marking, analysing, and reporting. Inspera Assessment works PC, Mac, iOS, for both high stakes and low stakes exams, Android for low-stakes exams, and meets regulatory requirements for universal design. The multi-tenant solution covers all forms of assessments.
- Item banking and online authoring
- Exam planning and exam process management
- Onscreen exam conductance
- Live central and decentral monitoring
- Closed book exams with BYOD and workstations
- Marking, grading and moderation
- Annotation and feedback to students
- Result determination
- CTT and IRT analysis
- Results reporting
- Control and collaborate on item banking and online authoring
- Securely deliver exams for exam submissions (test day)
- Control exam processes with roles and contributors, deadlines and tasks
- Easy and safe submission of exam answers onscreen
- Overview for all roles of upcoming tasks and deadlines
- Construct exams for onscreen and paper submission in same exam
- Batch scan paper submission of exam answers
- Use advanced analytics tools for question quality and results determination
- Conduct exams anywhere, online and offline
- Use advanced tools for complex questions (STEM)
£6 to £15 per person per year
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
All releases and planned maintenance available on:
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Inspera Assessment's Standard SLA allows for the following:
Monday-Friday, Local time: 8am-5pm.
Line Support Incident Response Time for A/B/C-issue
1h/24h/5d within service window
Email requests can be logged at any time.
Inspera also offers a premium SLA.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The SLA levels described above are priced as follows:
Standard SLA included in subscription fee
Premium SLA is 20% of subscription fee
|Support available to third parties||Yes|
Onboarding and offboarding
Training is done according to a train-the-trainer concept where Inspera trains the client’s super users, who will then train faculty staff.
Blended learning is being utilised where applicable. E-learning for client’s staff is facilitated by Inspera’s implementation specialist prior to the training workshops.
The training sessions are typically 3-4 hours onsite or online workshops targeting each role:
Account Managers: Configuration of client account, including exam types, workflows, organisation hierarchy and taxonomies.
Authors: Authoring of questions and question sets, assessing question item quality and reusing items based on psychometric metadata.
Assessors (Markers and Chief Markers): Marking of Learner submissions, reviewing and moderation of the exam marking process.
Planners: Exam process management and exam result analysis.
Invigilators (Chief Invigilators and Invigilators): Attendance management, exam session monitoring and management of incidents.
Students do not need training sessions to adopt Inspera Assessment. The platform contains practice exams that students can take to familiarise themselves with the tool and to verify that their laptop meets technical requirements.
Training and onboarding can be tailored to the needs and situation.
|End-of-contract data extraction||On the termination or expiry of any agreement with Inspera, the customer is entitled to require that Inspera destroys all the customer data or returns this via data dump to the customer. Inspera will certify that is has been done.|
|End-of-contract process||Data extraction or deletion is included in any subscription level.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The Assessment Player for students fits all screens and form factors through responsive design. Also the author of questions may preview the tests for different screens before test activation.|
|Accessibility standards||WCAG 2.1 A|
Inspera sets high standards for accessibility compliance and ensuring great user experience, and many of our new modules such as grading and student experience/exam delivery are of very high standard. We are continuously working to achieve the same high standards for the older modules in Inspera Assessment as they are replaced, with a view of becoming WCAG 2.1 AA compliant.
Inspera Assessment is designed in close collaboration with Funka, a consulting firm that is the market leader within the field of accessibility. Funka contributes with concept development, interaction design, and quality assurance of technical implementation.
Inspera’s assessments solutions have to meet certain requirements and regulations in relation to the WCAG standards. The four basic principles of WCAG, namely perceivable, operable, understandable, and robust, are reflected in the learner’s Assessment Player.
Meeting the WCAG code standards is done by following Inspera’s accessibility test routine, which consists of following the semantic markup standards, checking keyboard accessibility, testing various operating system’s screen readers and using development dependencies to notify possible accessibility issues.
|What users can and can't do using the API||
Documentation on Inspera's open APIs can be found on api.inspera.com.
A general introduction to the APIs can be found at:
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||
Inspera Assessment currently supports an Account Manager role where the tenant service/system environment can be configured to fit the institution’s needs. Lower access level users do not have access to the account management console.
Using customisation on tables, fields, filters and views, the Account Manager can setup and configure:
The organisation structure, where users residing in different organisational units may inherit different settings.
The question types available for the Authors.
Custom Fields for the various Tables in Inspera Assessment.
The Account Manager can also tailor the exam management process to the individual processes used by various organisational units, such as colleges and departments:
Views and Dashboard widgets can be shared with organisational units.
Exam templates can be shared with organisational units.
Workflows (released in 2018) will also be shareable among organisational units.
|Independence of resources||Inspera Assessment is a resilient and scalable solution for high-stakes, high-volume exams. It caters for institutions that have large number of students, subjects and exams. The technical architecture places no restructions on the scalability of the service. Release plans, test environments and the possibility for customers to reject upgrades in the service gives customers control against other customer's influence on the service|
|Service usage metrics||Yes|
|Metrics types||There are many ways to view and export statistics. Usage data is displayed in the Monitor tool, where it is possible to filter the number of exams per day / month / year, and other variables. The data in the view can also be downloaded as a CSV file.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||In addition to requiring MFA for access to our cloud resources, we offer one-way encryption with a client-owned key to protect data at rest - even from Inspera devops employees with access to the underlying storage.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||
Inspera Assessment supports the import and export of structured questions in XML-format through the industry standard IMS QTI v2.2, import via QTI 1.2 and QTI 2.1. This enables the bulk exchange of questions both from and to third-party item banks. All question types except Documents are supported.
Question text can also be copied by the use of shortcut keys Ctrl+C, Ctrl+V (PC), or the corresponding command on the Mac devices in order to copy text from MS Excel/Word and other files.
Student can sign out their submissions in pdf, which will delete the submission from all servers.
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Guaranteed service availability for Inspera SLAs are:
99,5% (measured monthly, but excludes planned maintenance)
99,8% (measured monthly, but excludes planned maintenance)
99,9% (measured monthly, but excludes planned maintenance)
Penalties for breaches are contractually negotiated with each customer
|Approach to resilience||Available on request|
Service Uptime and significant incidents can be monitored at any time through the status pages at: status.inspera.no.
Status pages show the status of the most important modules of Inspera Assessment and key integrations. Any unexpected outage or decreased quality of service, will be announced on our status page immediately. Customer´s employees can subscribe to updates to receive email notifications whenever Inspera creates or updates an incident, and hence be alerted instantly.
The status page messages can also be integrated into a customers monitoring console through an RSS-feed.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Authentication and authorisation for students are usually done through integration with:
Identity and Access Management System (IAM) for authentication
Student Information System (SIS) / Student Records System (SRS) for authorisation
In the Nordics enrollment happens automatically through integration with an SIS such as FS and LADOK, and in the UK, through an SRS such as SITS.
For institutions without SIS integration, the students can either be manually registered and enrolled, or they can be enrolled through exam PIN codes given to the students after sign-up/login.
|Access restrictions in management interfaces and support channels||
Management interfaces are protected with strong password requirements, optionally with MFA, and all traffic is using secure communications.
Third party systems used for support have similar access arrangements. Specifically, service desk is using Atlassian Service Desk to communicate with clients regarding reported issues.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||"Inspera Information Security Policy" (currently version 1.3) is the official guiding document here and can be provided on request. It covers organisation, Asset classification and control, Personnel security, Discrepancy Processing, Physical and Environmental security, Communications and operations management, Access control, Systems development and maintenance, Compliance, Role and responsibilities Inspera (including joining/leaving procedures), Business Continuity Management and more.|
|Information security policies and processes||
Governed by the "Inspera Information Security Policy", which in chapter 15 states the following responsibilities for the Information Security Manager (held by our COO, Atle Gram):
Responsibility for implementation and documentation of risk assessment
Responsibility for the deviation message is sent to Data Protection Authorities
Responsibility for the security audit being performed regularly
Responsible for security procedures
The devops security lead, Øyvind Brusevold, has the following responsibilities listed in the same chapter:
Responsible for overall technical security
Technical documentation, and information to Customers about segregation of duties within the Inspera Service
Availability of systems and services
Employee accesses to the operating environment, including completing joining/leaving checklist
Review and approve every monthly release from a security point of view
Conduct penetration testing and follow-up findings from third party penetration testing
Integrations with 3. party solutions that ensure confidentiality, integrity, and availability
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Below is parts of the table of contents from "Inspera Change Management" (currently version 2.0) listed:
3 Inspera’s Change Management Processes
3.1 Change implementation process
3.2 The Change Management Process
4 Roles and functions
4.1 Change Manager - Process Owner
4.2 Change owner
4.3 Inspera Roadmap Board
4.4 Emergency Change Advisory Board (ECAB)
4.5 Change management support
4.6 Assessment of change proposals
4.7 Request for change logging and review
4.8 Assessment and Implementation of emergency changes
4.9 Change assessment by the Change Manager
4.10 Change Assessment by Inspera Roadmap Board
Security assessment is a part of every release.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||Potential threats are evaluated as part of every new functionality developed and as part of every monthly release. In addition to these application-level threat assessments, we follow security bulletins and keep up with AWS Security Best Practices. For critical security issues, we do hotfixes between monthly releases - often in a matter of days. Issues from our regular third party penetration tests are categorized and followed-up. No issues classified as "medium" or higher are currently outstanding from these reviews.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We combine industry best practices for infrastructure monitoring with AWS GuardDuty and application-specific monitoring, including machine learning for detection of anomalies. Being a service used to deliver exams and other high-stakes tests, Inspera Assessment has had security as one of the principle guidelines when building the service with strict requirements from many of our clients and with attack vectors being evaluated by both researchers and students as well as third parties.
Incident response time is determined by criticality, with the highest category being worked on 24/7 until solved - typically deployed within days of discovery.
|Incident management type||Supplier-defined controls|
|Incident management approach||
User report incidents to our service desk via web formular, email or phone, where they follow this general Incident Management Process (taken from the table of contents chapter 3 of "Inspera Incident Management" version 3.2, that can be shared on request):
3.1 Identify and log the incident
3.4.1 Inspera Incident Resolving Process
3.4.2 Pro-Active User Information and Monitoring
The service desk gives a single point of contact and the reporter follows the issue from start to end. In addition aggregate reports are available as agreed upon.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£6 to £15 per person per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||A 14-day free trial is offered to institutions with a maximum of 10 trial users. A trial account includes all standard functionality, but cannot be used for any live data or live student users.|