Security and Privacy

GDPR Compliance

QuestionPro is fully compliant with General Data Protection Regulation (GDPR) and our survey software users can create and send GDPR compliant data collection surveys. To aid this process, we have put in place a sophisticated process to ensure all data being collected using our platform is fully GDPR compliant including data portability, data protection, consent and other compliance features.

ISO 27001:2013 Certified Company

QuestionPro is an ISO 27001:2013 certified company. The ISO 27001 is a globally recognized international standard for managing risks to the security information you hold. We have all the sets of standardized requirements for an Information Security Management System (ISMS). Under these standards, we adopt a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.

CCPA Compliance

The California Consumer Privacy Act (CCPA) is supposed to go into effect from January 1, 2020. QuestionPro has assessed compliance readiness against CCPA requirements through a comprehensive/interactive assessment. We have a solid action plan in place to address the gaps, and we are working on building a consensus to implement program that includes gap & risk analysis, industry benchmarking, and resource plans. We aim to become fully CCPA compliant by the end of December 2019.

PCI -DSS compliant

QuestionPro Inc. is compliant with the Payment Card Industry’s Data Security Standards (PCI - DSS). The Payment Card Industry Security Standards Council has put forth a series of regulations for merchants to follow in safely accepting, storing, processing, and transmitting customer credit card data. We at QuestionPro adhere to all these set standards to ensure the complete protection of our clients against possible data breaches.

G-Cloud 13 Supplier for Secure Cloud Based Software Services in the UK

QuestionPro have been named as a G-Cloud 13 supplier on Crown Commercial Service’s RM1557.13 framework. This allows us to provide reliable cloud-based market research and survey software solutions in the UK for the public sector, healthcare and education through the UK Digital Marketplace.

Section 508 Compliance

QuestionPro surveys are compliant with the US Federal Accessibility Guidelines - Section 508. Online surveys, questionnaires or polls created on our platform are designed for differently abled users to let them use our tools with ease. Through this compliance, QuestionPro demonstrates its commitment to being all-inclusive.

Family Education Rights and Privacy Acts (FERPA)

QuestionPro is committed to staying compliant with the Family Education Rights and Privacy Act. We ensure all our clients are following the same code of conduct. Apart from including contractual protections in the service agreement, we ensure adherence with the FERPA guidelines and follow strict administrative and technology protocol. To know more about latest happenings in FERPA, visit https://studentprivacy.ed.gov/

QuestionPro Privacy Policy

All data is accessed and owned by the survey creator who must provide a username and password. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information.

Security Overview

At QuestionPro, security is our top priority. We've gone through great lengths to adhere to the highest standards of internet security. For a more detailed outline of our security measures, please refer our policies outlined in the below document.

SOC 2 Data Centers

QuestionPro owned and managed servers are co-located at off-site data centers. These facilities undergo periodic SOC 2 audits and are monitored for unauthorized access and service availability twenty-four hours a day. The audits are conducted by an independent accounting firm and thus signify that the data center security and operational procedures have been reviewed and tested by third-party. It validates that the controls and processes have been designed appropriately and are operating effectively, in addition to protecting and safeguarding customer's equipment and data.

HIPAA Compliance

QuestionPro is Health Insurance Portability and Accountability Act (HIPAA) compliant and all individual data collected in the form of online surveys is protected. We have physical, network and process security measures in place while collecting patient health information (PHI). Administering HIPAA compliant surveys using QuestionPro tools help organizations manage their research while being mindful of PHI collected.

University Institutional Review Boards

University Institutional Review Boards (IRBs) need to approve both the survey tool and the researcher independently. Surveys from QuestionPro have been approved by IRBs for research by over 1000 universities, in the United States and worldwide. This compliance helps students and researchers alike in universities conduct in-depth studies using QuestionPro online survey tool and collect compliant data. Some of the largest universities we work with, are:

• University of Tennessee
• University of Texas
• Robert Morris University
• And 1000+ more universities

Federalwide Assurance Number

The Federalwide Assurance (FWA) number is assigned by the United States Department of Health and Human Services, Office of Human Research Protections (OHRP). QuestionPro provides its customers an institutional federalwide assurance which ensures any online surveys conducted by using the platform, protects the interests and data of human subjects.

Respondent Anonymity Assurance Program

Respondent Anonymity Assurance
Track Respondents
Send Reminders
Anti-Ballot Box Stuffing Capability
QuestionPro offers a unique guarantee to survey researchers to protect the privacy and confidentiality of the respondents.

COVID-19 & Pandemic BCP Considerations

QuestionPro is a global company with teams spread over multiple locations like the US, India, UAE, Germany, Mexico and UK. With tools and systems in place for remote working and a completely digital presence. Our plan ensures that all business-critical functions of the organization are fully operational, allowing us to serve our customers without delay. For more information, refer our business continuity plan above.