Hello. My IRB is requesting the following regarding Inquisit's web procedures: 0 false 18 pt 18 pt 0 0 false false false Describe the commercial service provider’s confidentiality policies and procedures - include information about security audits of the server. Could you help me out? Thanks, Stephon
At least part of the information you're looking for is covered by the "Security and Inquisit 3 Web Edition" topic in Inquisit's documentation:
http://www.millisecond.com/support/docs/v3/html/articles/websecurity.htm
~Dave
"To understand recursion, you must first understand recursion." - Unknown Zen Master
Thanks Dave, here's a quick summary.
It is entirely up to the researcher to determine which data is saved, including any information that might identify a participant. By default, Inquisit simply assigns a randomly generated number to each participant that would have no real world connection to that person.
Inquisit web edition runs locally on the participants computer. As the experiment runs, data is stored in memory (RAM) and is not cached on the user’s file system. At the end of the experiment, the data are uploaded to the millisecond.com web server via HTTPS/SSL, which is a standard scheme used for encrypting sensitive data (banking info, medical records, etc.) sent over the internet, so that it cannot be intercepted by packet sniffers. Once on the server, the data are stored to a folder for the researcher’s account where they can only be accessed by logging into the server with the researcher’s userid and password. Once the researcher has logged in successfully, they can download the data files. HTTPS/SSL is again used here to encrypt the files as they come down over the wire.
The current security system has been extensively reviewed and tested. We regularly check our security logs for attempts at unauthorized access to the server, and in the 4 years the current system has been in place, we have not had any security breaches. All software is regularly updated with the latest patches and service packs.
-Sean