Inspera Assessment

E-assessment platform

Inspera Assessment is a complete assessment platform for planning, authoring, delivering, marking, analysing, and reporting. Inspera Assessment works PC, Mac, iOS, for both high stakes and low stakes exams, Android for low-stakes exams, and meets regulatory requirements for universal design. The multi-tenant solution covers all forms of assessments.


  • Item banking and online authoring
  • Exam planning and exam process management
  • Onscreen exam conductance
  • Live central and decentral monitoring
  • Closed book exams with BYOD and workstations
  • Marking, grading and moderation
  • Annotation and feedback to students
  • Result determination
  • CTT and IRT analysis
  • Results reporting


  • Control and collaborate on item banking and online authoring
  • Securely deliver exams for exam submissions (test day)
  • Control exam processes with roles and contributors, deadlines and tasks
  • Easy and safe submission of exam answers onscreen
  • Overview for all roles of upcoming tasks and deadlines
  • Construct exams for onscreen and paper submission in same exam
  • Batch scan paper submission of exam answers
  • Use advanced analytics tools for question quality and results determination
  • Conduct exams anywhere, online and offline
  • Use advanced tools for complex questions (STEM)


£6 to £15 per person per year

  • Free trial available

Service documents

G-Cloud 11


Inspera Assessment

Sofie Emmertsen

+45 25188897

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints All releases and planned maintenance available on:
System requirements
  • Supports last three version of Microsoft Windows
  • Supports last three versions of Mac OS
  • Supports Safe Exam Browser for Mac 2.1.1, Mac 2.1.2
  • Supports Safe Exam Browser for Windows 2.1.5, 2.1.8, 2.2
  • Inspera lock down Kiosk App supports Chrome OS 47+
  • Supports Linux Ubuntu with Chrome or Firefox 16.4
  • Safe Exam Browser supports Linux with Chrome or Firefox 16.4
  • 2 most recent versions of Edge, Firefox, Safari, Chrome
  • Supports BYOD as well as managed devices
  • Supports online and offline delivery

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Inspera Assessment's Standard SLA allows for the following:
Monday-Friday, Local time: 8am-5pm.
Line Support Incident Response Time for A/B/C-issue
1h/24h/5d within service window
Email requests can be logged at any time.

Inspera also offers a premium SLA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The SLA levels described above are priced as follows:

Standard SLA included in subscription fee
Premium SLA is 20% of subscription fee
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is done according to a train-the-trainer concept where Inspera trains the client’s super users, who will then train faculty staff.

Blended learning is being utilised where applicable. E-learning for client’s staff is facilitated by Inspera’s implementation specialist prior to the training workshops.

The training sessions are typically 3-4 hours onsite or online workshops targeting each role:

Account Managers: Configuration of client account, including exam types, workflows, organisation hierarchy and taxonomies.

Authors: Authoring of questions and question sets, assessing question item quality and reusing items based on psychometric metadata.

Assessors (Markers and Chief Markers): Marking of Learner submissions, reviewing and moderation of the exam marking process.

Planners: Exam process management and exam result analysis.

Invigilators (Chief Invigilators and Invigilators): Attendance management, exam session monitoring and management of incidents.

Students do not need training sessions to adopt Inspera Assessment. The platform contains practice exams that students can take to familiarise themselves with the tool and to verify that their laptop meets technical requirements.

Training and onboarding can be tailored to the needs and situation.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction On the termination or expiry of any agreement with Inspera, the customer is entitled to require that Inspera destroys all the customer data or returns this via data dump to the customer. Inspera will certify that is has been done.
End-of-contract process Data extraction or deletion is included in any subscription level.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Assessment Player for students fits all screens and form factors through responsive design. Also the author of questions may preview the tests for different screens before test activation.
Accessibility standards WCAG 2.1 A
Accessibility testing Inspera sets high standards for accessibility compliance and ensuring great user experience, and many of our new modules such as grading and student experience/exam delivery are of very high standard. We are continuously working to achieve the same high standards for the older modules in Inspera Assessment as they are replaced, with a view of becoming WCAG 2.1 AA compliant.

Inspera ​Assessment ​is ​designed ​in ​close ​collaboration with Funka, ​a ​consulting ​firm ​that is ​the market ​leader ​within ​the ​field of ​accessibility. ​Funka ​contributes ​with ​concept ​development, interaction ​design, ​and ​quality ​assurance ​of ​technical implementation.
Inspera’s ​assessments ​solutions ​have ​to ​meet ​certain ​requirements ​and ​regulations ​in relation ​to ​the ​WCAG ​standards. ​The ​four ​basic ​principles ​of ​WCAG, ​namely ​perceivable, operable, ​understandable, ​and ​robust, ​are ​reflected ​in ​the ​learner’s Assessment ​Player.
Meeting ​the ​WCAG ​code ​standards ​is ​done ​by ​following ​Inspera’s ​accessibility ​test routine, ​which ​consists ​of ​following ​the ​semantic ​markup ​standards, ​checking ​keyboard accessibility, ​testing various operating system’s screen readers ​and ​using ​development ​dependencies ​to ​notify possible ​accessibility ​issues.
What users can and can't do using the API Documentation on Inspera's open APIs can be found on

A general introduction to the APIs can be found at:
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Inspera Assessment currently supports an Account Manager role where the tenant service/system environment can be configured to fit the institution’s needs. Lower access level users do not have access to the account management console.

Using customisation on tables, fields, filters and views, the Account Manager can setup and configure:

The organisation structure, where users residing in different organisational units may inherit different settings.

The question types available for the Authors.

Custom Fields for the various Tables in Inspera Assessment.

Global functionality.

Global Views.

The Account Manager can also tailor the exam management process to the individual processes used by various organisational units, such as colleges and departments:

Views and Dashboard widgets can be shared with organisational units.

Exam templates can be shared with organisational units.

Workflows (released in 2018) will also be shareable among organisational units.


Independence of resources Inspera Assessment is a resilient and scalable solution for high-stakes, high-volume exams. It caters for institutions that have large number of students, subjects and exams. The technical architecture places no restructions on the scalability of the service. Release plans, test environments and the possibility for customers to reject upgrades in the service gives customers control against other customer's influence on the service


Service usage metrics Yes
Metrics types There are many ways to view and export statistics. Usage data is displayed in the Monitor tool, where it is possible to filter the number of exams per day / month / year, and other variables. The data in the view can also be downloaded as a CSV file.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach In addition to requiring MFA for access to our cloud resources, we offer one-way encryption with a client-owned key to protect data at rest - even from Inspera devops employees with access to the underlying storage.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Inspera Assessment supports the import and export of structured questions in XML-format through the industry standard IMS QTI v2.2, import via QTI 1.2 and QTI 2.1. This enables the bulk exchange of questions both from and to third-party item banks. All question types except Documents are supported.

Question text can also be copied by the use of shortcut keys Ctrl+C, Ctrl+V (PC), or the corresponding command on the Mac devices in order to copy text from MS Excel/Word and other files.

Student can sign out their submissions in pdf, which will delete the submission from all servers.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Guaranteed service availability for Inspera SLAs are:

Standard SLA:
99,5% (measured monthly, but excludes planned maintenance)
Premium SLA:
99,8% (measured monthly, but excludes planned maintenance)
ExamDuty SLA:
99,9% (measured monthly, but excludes planned maintenance)

Penalties for breaches are contractually negotiated with each customer
Approach to resilience Available on request
Outage reporting Service Uptime and significant incidents can be monitored at any time through the status pages at:

Status pages show the status of the most important modules of Inspera Assessment and key integrations. Any unexpected outage or decreased quality of service, will be announced on our status page immediately. Customer´s employees can subscribe to updates to receive email notifications whenever Inspera creates or updates an incident, and hence be alerted instantly.

The status page messages can also be integrated into a customers monitoring console through an RSS-feed.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Authentication and authorisation for students are usually done through integration with:

Identity and Access Management System (IAM) for authentication
Student Information System (SIS) / Student Records System (SRS) for authorisation
In the Nordics enrollment happens automatically through integration with an SIS such as FS and LADOK, and in the UK, through an SRS such as SITS.

For institutions without SIS integration, the students can either be manually registered and enrolled, or they can be enrolled through exam PIN codes given to the students after sign-up/login.
Access restrictions in management interfaces and support channels Management interfaces are protected with strong password requirements, optionally with MFA, and all traffic is using secure communications.

Third party systems used for support have similar access arrangements. Specifically, service desk is using Atlassian Service Desk to communicate with clients regarding reported issues.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach "Inspera Information Security Policy" (currently version 1.3) is the official guiding document here and can be provided on request. It covers organisation, Asset classification and control, Personnel security, Discrepancy Processing, Physical and Environmental security, Communications and operations management, Access control, Systems development and maintenance, Compliance, Role and responsibilities Inspera (including joining/leaving procedures), Business Continuity Management and more.
Information security policies and processes Governed by the "Inspera Information Security Policy", which in chapter 15 states the following responsibilities for the Information Security Manager (held by our COO, Atle Gram):

Responsibility for implementation and documentation of risk assessment
Responsibility for the deviation message is sent to Data Protection Authorities
Responsibility for the security audit being performed regularly
Responsible for security procedures

The devops security lead, Øyvind Brusevold, has the following responsibilities listed in the same chapter:
Responsible for overall technical security
Technical documentation, and information to Customers about segregation of duties within the Inspera Service
Technical configuration
Availability of systems and services
Employee accesses to the operating environment, including completing joining/leaving checklist
Review and approve every monthly release from a security point of view
Conduct penetration testing and follow-up findings from third party penetration testing
Integrations with 3. party solutions that ensure confidentiality, integrity, and availability

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Below is parts of the table of contents from "Inspera Change Management" (currently version 2.0) listed:

3 Inspera’s Change Management Processes
3.1 Change implementation process
3.1.1 Responsibilities
3.2 The Change Management Process
4 Roles and functions
4.1 Change Manager - Process Owner
4.2 Change owner
4.3 Inspera Roadmap Board
4.4 Emergency Change Advisory Board (ECAB)
4.5 Change management support
4.6 Assessment of change proposals
4.7 Request for change logging and review
4.8 Assessment and Implementation of emergency changes
4.9 Change assessment by the Change Manager
4.10 Change Assessment by Inspera Roadmap Board

Security assessment is a part of every release.
Vulnerability management type Undisclosed
Vulnerability management approach Potential threats are evaluated as part of every new functionality developed and as part of every monthly release. In addition to these application-level threat assessments, we follow security bulletins and keep up with AWS Security Best Practices. For critical security issues, we do hotfixes between monthly releases - often in a matter of days. Issues from our regular third party penetration tests are categorized and followed-up. No issues classified as "medium" or higher are currently outstanding from these reviews.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We combine industry best practices for infrastructure monitoring with AWS GuardDuty and application-specific monitoring, including machine learning for detection of anomalies. Being a service used to deliver exams and other high-stakes tests, Inspera Assessment has had security as one of the principle guidelines when building the service with strict requirements from many of our clients and with attack vectors being evaluated by both researchers and students as well as third parties.

Incident response time is determined by criticality, with the highest category being worked on 24/7 until solved - typically deployed within days of discovery.
Incident management type Supplier-defined controls
Incident management approach User report incidents to our service desk via web formular, email or phone, where they follow this general Incident Management Process (taken from the table of contents chapter 3 of "Inspera Incident Management" version 3.2, that can be shared on request):

3.1 Identify and log the incident
3.2 Categorise
3.3 Prioritise
3.4 Respond
3.4.1 Inspera Incident Resolving Process
3.4.2 Pro-Active User Information and Monitoring

The service desk gives a single point of contact and the reporter follows the issue from start to end. In addition aggregate reports are available as agreed upon.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £6 to £15 per person per year
Discount for educational organisations No
Free trial available Yes
Description of free trial A 14-day free trial is offered to institutions with a maximum of 10 trial users. A trial account includes all standard functionality, but cannot be used for any live data or live student users.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑