Qualtrics Security Guide

1. To navigate to the projects that you have created or someone has shared with you, click the three-line icon in the top left and select projects.  This will open an easy-to-read list of all accessible projects.

   

2. Once on the list of projects, you should see a column for the owner.  This is the project owner, and it is their responsibility to manage access to the project securely. To add someone to a project, click the three-dot icon on the right side of the project and select collaborate.

   

3. The collaboration window should now open. Within this window, you should see a search bar for adding new people and a list of people that currently have access to the project. If you wish to edit or remove someone’s access to a project, this is the place to manage it. Toggling the checkboxes on and off will give that person that permission. Selecting the red icon will delete that user’s access to the project entirely. Be sure to save any changes you make before exiting the collaborate window.

   

The rest of the security controls set in Qualtrics are project-specific and require selecting the project you wish to secure. To do this, click on the project name from the project list shown above. This will open a new window for you to edit the project, distribute the questionnaire, or view completed questionnaires. All security settings for a project can be accessed as shown in the guide below:

4. To access security settings, select the icon in the bottom left. It’s the icon that looks like a sheet of paper with circles and lines. This is the “Survey Option” button.

   

5. After selecting the Survey Option button, a list of option categories will appear. You can explore all the options, but we will focus on the Security tab for this document. Select the Security option as shown in the image. The rest of this document will focus on each of the available security settings.

   

The first security setting is the survey access option. This will allow the project owner to decide if everyone can access the survey or just people invited to complete it. 

If the survey has sensitive data, it is best practice to set this to “Invitation Only.”

If the survey covers sensitive data, it is best practice to password protect it. This option can be set here.

If you toggle this option to “On,” it will let the owner set the password for the survey.

Specify the URL your respondents must come from in order to access your survey. This setting is useful if your survey link is posted on a particular website and you want to make sure the link does not get copied and sent to others. Only those who can access that page would be able to take the survey. Toggle on to add a URL.  *Note* the URL must match exactly.

If you wish to prevent multiple submissions from respondents, you may toggle this option “On,” which will prevent ballot box stuffing. The owner must determine if this functionality is useful for the project.

Toggle this setting on to enable Bot detection which allows you to track which responses are likely bots by adding a field to each response called Q_RecaptchaScore. Every response is rated on the probability that the respondent was a bot. In order to work properly this must be turned on before collecting data.

Toggle on to enable Security Scan Monitor.  Security scan monitor allows you to prevent email scanning software from inadvertently starting a survey session when a survey link is included in the email.

RelevantID improves fraud detection by assessing respondent metadata to determine the likelihood that the same respondent is answering over and over; RelevantID does not necessarily check the content of the responses for duplicates, since respondent can answer multiple times while giving different answers. This technology checks if the respondent is cheating by taking the survey multiple times or whether a survey taker is fraudulent by analyzing a user’s browser, operating system, and location to provide a fraud score.

To prevent search engines from including the survey in search results, set this option to “On.” This should be on by default.

This setting is targeted at collaborators on the project. If you wish to limit the number of people that can view uploaded documents within surveys, set this to “On.”

To add extra protection to survey respondents, set this option not to capture IP address, location data, and other contact info. Unless you plan to use any of those data fields, it is best to set this to “On” to enable anonymization.