Survey Requirements & Data Security Guide
The purpose of this guide is two-fold. First, you can use the Survey & Web Reporting Requirements section (and the checklist provided on the Attachments tab) to ensure that your organization’s technical environment is compliant with the minimum requirements for administering your online Denison survey and viewing your reports online. Second, the Data Security section describes how your data is securely collected, stored and used by Denison.
Denison online surveys are hosted at www.DenisonSurveys.com and www.DenisonSurveys.eu. The surveys use modern, responsive HTML5 web pages to collect survey responses. The submitted data is stored in an encrypted Microsoft SQL Server database. In some cases, each client survey may have a unique survey URL. Participants must use the survey link that was provided in their survey invitation email, since bookmarking a page will not work.
When Denison Consulting sends out email invitations for a survey, the email will be sent from an address at one of the following domains: DenisonConsulting.com, DenisonCulture.com, or DenisonSurveys.eu. Your organization’s email administrator should ensure these domains are whitelisted to prevent survey invitations or reminders from being rejected as spam. Individual users should be instructed on how to prevent the email messages from being treated as junk mail by their installed email client.
We highly recommend that the survey be tested from all unique client locations to make sure there are no firewall, email or browser compatibility issues. It is recommended that Denison Consulting be provided with an IT contact we can work with directly to resolve any potential conflicts.
Survey & Reporting Access
Permit access to TCP ports 80 (HTTP) and 443 (HTTPS) through your corporate firewall, Intranet or VPN to the Internet with restrictions lifted for the following domains and/or IP addresses.
Spam filtering software, either at the corporate firewall, 3rd party or desktop level should not block HTML-formatted email sent from the following domains or IP addresses.
MX: mail33.denisonconsulting.com (126.96.36.199)
MX: mail3.denisonconsulting.info (188.8.131.52)
MX: mail.denisonsurveys.eu (184.108.40.206)
Keep in mind that some spam filters do not kick in until a batch of emails are sent and therefore a few test emails do not always indicate whether a larger number of invitations will get through. Explicitly whitelisting the above email domains at the firewall and desktop levels is the only way to ensure there will not be problems.
It is recommended that Denison Consulting be provided with an IT contact we can work with directly to resolve any potential conflicts.
Our survey and online reporting tools are powered by modern technology, and so work best on the most recent version of the following web browsers.
- Google Chrome (most versions – preferred)
- Mozilla Firefox (most versions)
- Apple Safari (most versions)
- Microsoft Internet Explorer (version 10 or later)
In addition, our survey and reporting tools are compatible with most mobile devices and tablets and their associated browser technology.
If your organization relies on legacy technology, and you are not able to upgrade to a level of browser compatibility that meets these requirements, Denison can provide you with paper surveys to accommodate those population segments where legacy browsers are present.
Google translate should be disabled for proper viewing of non-English survey pages.
Some email clients limit hyperlink functionality. As a result, some survey participants may be unable to navigate to their survey by simply clicking the hyperlink within the invitation email. These users should start a new browser session and paste their survey link into the browser’s address bar.
NOTE: Some clients prefer to send invitations themselves. When doing so, Denison Consulting recommends putting the survey hyperlink into the body of the email or embedding the link into an attached PDF document. Adding hyperlinks to other types of attachments (such as Microsoft Word) may prevent the links from functioning as expected.
Participants should have their own unique email addresses and PC with internet access. If they do not, the following options are available:
- Use a “Kiosk” formatted survey link. Often, clients will provide the survey link on kiosk computers or a corporate Intranet so it does not need to be typed in by hand. For “Kiosk” surveys, participants must complete the survey before leaving the computer. They can not save partially completed surveys.
- Generate a unique User ID and PIN for each participant, which is then typed in when they first access the survey site.
The Types of Data We Collect
In general, the types of information that individuals would consider highly confidential are not gathered during the survey administration. In rare cases, we may collect partial employee IDs or similar information for the purpose of grouping survey results into various reporting categories, but it’s one of Denison’s Core Values to protect our clients’ confidentiality (and that of every survey participant), a responsibility that we take very seriously.
The data we typically gather includes names and email addresses for the purpose of sending survey invitations and reminders, although for most survey administrations even this information is not collected. We may also collect job title information, which is sometimes necessary for reporting by job function. We naturally collect your subjective survey information, and we may also collect custom information at the request of a client, which could also include open-ended questions, which allow users to type their answers into a text field.
How Your Data is Collected
Denison surveys are conducted online via an SSL-encrypted website. This is the same encryption technology that has been around for many years, and that keeps even your banking transactions and online purchases safe and secure. Even though we’re only collecting subjective survey information, we still employ the same security methodologies in an effort to give our clients and survey participants that same level of peace of mind.
Survey Link Types
Your survey can be conducted in a number of ways. The most common and most confidential way is via general links. A general link is a single link that can be sent to any number of participants either by Denison or by the client organization. Because the link is not specific to each individual, Denison cannot track which specific participants have taken the survey. This means that we are not able to send reminders only to those users who have not completed the survey. Instead, all participants are reminded whether they have completed the survey or not.
Alternatively, Denison can generate a unique survey link for each survey participant. The link is absolutely unique to that individual and cannot be shared. This is useful because we’re able to track survey participation and are able to send periodic reminders only to those participants who have not completed the survey.
For those clients whose participants may share a computer terminal, we can issue what is called a kiosk link. A kiosk link allows the survey to be completed by multiple participants at a single terminal. The downside of the kiosk link is that a participant is required to complete the survey in a single session, and cannot partially complete a survey and return to it later.
We can also collect data through the use of paper surveys, for those instances where access to the Internet is difficult to come by.
Where Your Data is Stored
As your encrypted data is submitted, it is stored within a Microsoft SQL database. Denison’s SQL databases are further encrypted using asymmetric encryption keys (a public key to encrypt the data and another private key to decrypt).
Our SQL databases are clustered to guard against hardware failures, and to ensure the high availability of surveys and reporting data.
The servers that form our database cluster are housed within secure, climate-controlled data centers located in the United States and Germany that are monitored 24/7. Only select Information Technology staff have direct access to these locations.
Finally, Denison has implemented comprehensive Disaster Recovery safeguards to protect against data loss or unscheduled downtime.
How Your Data is Used
Your data is used primarily to create reports. Our diagnostic reports are designed to inspire honest conversations that lead to thoughtful action and increased business performance.
In addition, your data will eventually be incorporated into our robust normative database, which is used to ensure the continued accuracy of our benchmarking. It is important to note that only the subjective survey information is incorporated into this database. We do not use any information that identifies the data as having originated with your organization.
Once the data has been reduced to this wholly anonymous format, our Research & Development department may use it for additional analysis.
Who Has Access To Your Data
Access to your data throughout its lifecycle at Denison is highly restricted. Only three types of Denison employees have access to your data:
- Information Technology staff have direct access to the data, as they maintain the performance of the database cluster and execute the backup and disaster recovery methodology.
- Your Client Manager can access your data during the course of your survey administration, to assist you with report generation, data feed updates (if required), and other tasks related to the management of your project.
- Research & Development staff may use the subjective survey response data to perform additional analysis or to prepare the data for normative database inclusion.
Survey Requirements Compliance Checklist
A survey requirements compliance checklist is available for dowload.