Practique Exam Assessment & Management System

Practique is a comprehensive online exam management and assessment system. Practique allows you to manage your own question bank, create and deliver online, written and OSCE exams with multi-question type capability. Practique provides blueprinting, standard setting and analysis of psychometric statistics in real time and results delivery and feedback.


  • Online & Offline Exam capability
  • Comprehensive standard setting (Angoff, Ebel, Borderline Group, Borderline Regression, McManus)
  • Online Question Authoring and Station banking.
  • Customisable role and permissions structure.
  • Multi-media types supported including PDF, Multi-image (Dicom/jpg etc), Video, Audio
  • Innovative automated marking (SBA, VSAQ, EMQ, MCQ, ARQ)
  • Support for Written, OSCE, OSPE, MMI and Viva stations
  • Multi-dimensional blueprinting and curriculum mapping
  • Automated assignment of candidates and examiners to stations
  • Item, Exam and Examiner Analysis. Domain reporting, results integration/exports


  • Easy to use, secure web-based user-interface for exam management
  • Paperless desktop, laptop and iPad delivery. (paper delivery available)
  • Offline capability in the event of server failure, internet loss.
  • Multi-location capability, allowing synchronous exams.
  • Supports Single-Sign-On Integration


£25 to £60 per user per year

  • Education pricing available

Service documents

G-Cloud 10



Constant McColl


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements All modern browsers: Safari, Firefox, Chrome, IE 10+, Opera

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Online ticketing support will be responded to during UK business hours. We aim to respond to tickets within 8 business hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels All customers receive our premium support as standard. This includes an online ticketing service desk which links directly to the development team. Support, customisation and training during the setup phase is also offered onsite or remotely by telephone.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We want to make sure you have an excellent experience using the platform. Based on experience of delivering to almost 40% Medical Universities in the UK and Royal Colleges globally, we have developed a standard methodology for success.

Assess & Define:
Practique Exam Fit is carried out as standard to determine risks, gaps, identify opportunities and develop key outcomes for the customer to maximise the benefits of the system.

Onsite System Familiarisation, Configuration and Training is provided to groups of stakeholders at varying level including examiners, administrators, assessment teams.

Online Knowledge Base documentation is also provided as a way of referring back to more complex tasks. This is continually updated when new features are rolled out and as we receive customer feedback. Support is also available for your end-user community in the form of training materials, workshops etc - upon request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We will provide a full output of all your data as standard. Accompanying documentation may require professional services.
End-of-contract process At the end of the contract a single full data export is provided in the cost of the license. Accompanying documentation may require professional services. If you wish the online platform to remain active in any capacity (e.g. in read only mode) then this will be an additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The application is fully responsive and contains all the same features and functionality from whichever device you are accessing from.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing No specific testing of assistive technology has been carried out. We would be happy to work with clients and 3rd parties to approve equipment for use with our system.
Customisation available Yes
Description of customisation The platform is designed to be customised by each organisation in relation to the exam assessment and management activities required. We will provide continuous support and assistance and help onboard our customers via the Practique Exam Fit methodology in order to setup the most appropriate roles, permissions, question/station banks, workflows, standard setting, blueprinting and reports with you. Each of these elements is then completely maintainable by local administrators to eliminate the need for further development every time a change is requested.

Permissions can be assigned to each user to determine who should be able to make changes to the various areas of the platform under version control. There is no special editing interface it is all simply done through the simple user focussed UI with no technical expertise required.

We are always available for support and advice via the Service Desk to help you make the most of the platform and all new features.


Independence of resources All organisations within the same region are served from the same cloud infrastructure. This infrastructure has been carefully designed to dynamically scale when larger loads are detected specifically to negate the issue of traffic affecting performance.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We will facilitate the export of data for organisations wishing to extract a dump of all of their data. All reports within the system can also be exported to CSV and the capability for all results to downloaded as a PDF.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Service shall be available 99.9%, measured monthly, excluding UK public and bank holidays and weekends and scheduled maintenance. Any downtime resulting from outages of third party connections or utilities or other reasons beyond the Company’s control will also be excluded from any such calculation. Downtime shall mean a period whereby the Customer is unable to access the Service for a period exceeding sixty (60) consecutive minutes, shall be a credit for 2% of the pre-paid Service Fees (calculated on a monthly basis: for example, the pre-paid annual Service fee divided by 12) for each period of 60 or more consecutive minutes of Service downtime; provided that no more than one credit for Service downtime can be claimed by the Customer per day and five credits in any one (1) month. In order to receive a downtime credit, the Customer must notify the Company in writing within five (5) days from the time of downtime, and failure to provide such notice will forfeit the right to receive such downtime credit. The Company will issue a credit note, as calculated in line with the provisions of this Section, as a refund against annual Fees already paid.
Approach to resilience This information is available on request.
Outage reporting We notify the client if there are any unplanned outages. If there is a service failure during a critical period we have a telephone support like which will provide instructions for recovering the data, either by restoring the service or talking through the direct download.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the system is either by service login, in which case management and support staff are subject to the same role based access control and audit trail as all users, or by secure public key authentication for devops to gain direct access to the software and database. Public key distribution is part of our automated deployment, configured so that only developers on the specific project team (and senior technical staff overseeing the development) have access to any specific server.
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We follow the principles of ISO27001, we have a risk assessment, and risk treatment plan, which has informed the creation of an Information Security Policy. Staff receive training on EU data protection requirements, and our Information Security Policy with an annual refresher. Our policy is reviewed annually and updated inline with changing legislation and client needs.
Information security policies and processes We have an Information Security Policy that staff receive annual training (along with EU Data Protection requirements). Staff completion of this training is logged in our internal Continuing Professional Development system (we use our own produce Kaizen for this). The Information Security Manager is responsible for checking the training has been carried out, and also receives all incident reports. The Information Security Manager reports directly to the board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use automated deployment methods to ensure consistency of deployment. Configuration is built into the automated deployment so that changes made the configuration can be repeatedly deployed. Components of services are allocated to clients, and do not change between clients during their lifetime. As part of our software development release procedure we check the security implication of any changes, assign a risk level. For high risk features additional specific testing may be required before releasing the new feature.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use a formal process as defined in "Information Security Risk Management for ISO27001/ISO27002" (Calder and Watkins, 2010). This process starts by identifying the assets we need to protect, then the threats that may exist to them. Then each one is assigned a risk and impact assessment, and this is used to develop a risk treatment plan (where risks are mitigated, accepted, eliminated, or transferred). We have a fast track release procedure for critical fixes, that allows low risk fixes to be rapidly deployed. We subscribe to industry standard security notification sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All accesses to the server are logged and monitored, and attacks are automatically detected, and system administrator notified. After a potential compromise has been detected, the information security manager must be notified. There will then be an investigation and analysis of the severity of the compromise and a plan of action decided. Internally security incidents are highly prioritised, and we make all reasonable efforts to address them immediately.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents through the service desk. We capture responses in our knowledge base so that common events can be resolved by clients directly. Our response to the incident will be through the service desk, and this is our report to the user. We can complete incident reports if requested.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £25 to £60 per user per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑