How does SurveyMonkey adhere to IRB guidelines?
This help article outlines the potential guidelines for using SurveyMonkey as a tool to survey research participants. These are criteria that most university IRB’s recommend when using an online survey tool to collect data. It is important to engage your Institutional Review Board to approve.
- It is important to enable the SSL encryption feature. Sensitive data must be protected as it moves along communication pathways between the respondent’s computer and SurveyMonkey servers. Helpful link: SSL encryption
- IP addresses should be masked from the survey author. Here is a helpful tutorial demonstrating how to turn off the collection of IP addresses: Turn off IPs.
- Be sure to include a consent form for your online survey. This should be on the first page of your survey. Here is a good example of a survey consent form: https://www.surveymonkey.com/consent
- Please be sure to include a data confidentiality statement in your consent form. Don’t make guarantees to confidentiality or anonymity.
- SurveyMonkey records the respondent time stamp. This is important especially for respondents that consented to taking your survey.
- The survey should allow for “no response “or “prefer not to respond” as an option for every survey question. A survey where a respondent cannot proceed without answering the question is in violation of the respondent’s right to withhold information.
- At the end of the survey, the respondent should be given an option to withdraw from survey.
Database and Server Security
SurveyMonkey has physical and environmental controls in place to protect data. Here is a helpful link describing our security details: Security
- Data is backed up daily on SurveyMonkey servers.