Confidentiality description for my IRB


Author
Message
stephonomon
stephonomon
Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)Distinguished Member (3.4K reputation)
Group: Forum Members
Posts: 41, Visits: 1

Hello.



My IRB is requesting the following regarding Inquisit's web procedures:















Describe
the commercial service provider’s confidentiality policies and procedures  - include information about security
audits of the server.





Could you help me out?



Thanks,



Stephon


Dave
Dave
Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)
Group: Administrators
Posts: 13K, Visits: 104K

At least part of the information you're looking for is covered by the "Security and Inquisit 3 Web Edition" topic in Inquisit's documentation:


http://www.millisecond.com/support/docs/v3/html/articles/websecurity.htm


~Dave


seandr
seandr
Supreme Being (143K reputation)Supreme Being (143K reputation)Supreme Being (143K reputation)Supreme Being (143K reputation)Supreme Being (143K reputation)Supreme Being (143K reputation)Supreme Being (143K reputation)Supreme Being (143K reputation)Supreme Being (143K reputation)
Group: Administrators
Posts: 1.3K, Visits: 5.6K

Thanks Dave, here's a quick summary.


It is entirely up to the researcher to determine which data is saved, including any information that might identify a participant. By default, Inquisit simply assigns a randomly generated number to each participant that would have no real world connection to that person.


Inquisit web edition runs locally on the participants computer. As the experiment runs, data is stored in memory (RAM) and is not cached on the user’s file system. At the end of the experiment, the data are uploaded to the millisecond.com web server via HTTPS/SSL, which is a standard scheme used for encrypting sensitive data (banking info, medical records, etc.) sent over the internet, so that it cannot be intercepted by packet sniffers.
 
Once on the server, the data are stored to a folder for the researcher’s account where they can only be accessed by logging into the server with the researcher’s userid and password. Once the researcher has logged in successfully, they can download the data files. HTTPS/SSL is again used here to encrypt the files as they come down over the wire.


The current security system has been extensively reviewed and tested. We regularly check our security logs for attempts at unauthorized access to the server, and in the 4 years the current system has been in place, we have not had any security breaches. All software is regularly updated with the latest patches and service packs.


-Sean


GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Explore
Messages
Mentions
Search