Savanta_37_online_sample_questions_US

More documents

Recommendations

Info

37 QUESTIONS TO HELP BUYERS OF ONLINE SAMPLES Policies and compliance 32. How do you track and comply with other applicable laws and regulations, such as those that might impact the incentives paid to participants? As an MRS Company Partner, Savanta complies with the MRS Code of Conduct with regard to incentives and other related regulations. In addition, we have access to legal and regulatory advice via our parent company Next 15 Group’s legal teams based in the UK and the USA. 33. What is your approach to collecting and processing the personal data of children and young people? Do you adhere to standards and guidelines provided by ESOMAR or GRBN member associations? How do you comply with applicable data protection laws and regulations? As an MRS Company Partner, Savanta complies with the MRS Code of Conduct and the ICC/ESOMAR International Code with regard to collecting and processing data of children, young people, and vulnerable participants. This applies to all of our operations, regardless of the country in which the researchers or the participants are based. 34. Do you implement “data protection by design”(sometimes referred to as “privacy by design”) in your systems and processes? If so, please describe how. All of Savanta’s systems and processes are built on the basis of the highest level of data protection. We are certified to ISO27001 and Cyber Security standards. We have a suite of policies that all staff are contractually obliged to adhere to, which put information protection at the center. We conduct compulsory data protection training when staff join, and access to our systems is conditional on completion of this training. The training is refreshed annually. We ensure that we have written agreements with all of our clients and subcontractors that include data protection clauses. We have policies and procedures for conducting Data Protection Impact Assessments, for completing Data Subject Access Requests, and for handling breaches. savanta.com 16
37 QUESTIONS TO HELP BUYERS OF ONLINE SAMPLES Policies and compliance 35. What are the key elements of your information security compliance program? Please specify the framework(s) or auditing procedure(s) you comply with or certify to. Does your program include an asset-based risk assessment and internal audit process? Savanta is certified to ISO27001 and Cyber Security standards. We conduct quarterly internal audits of our ISMS and this is subject to an annual external audit. In addition, we conduct regular pen tests, and our information security systems are audited by our clients. We have a risk register, which is updated monthly during the meeting of the Business Assurance Committee. 36. Do you certify to or comply with a quality framework such as ISO 20252? Savanta’s CATI unit is certified to ISO20252 standards. Savanta as a whole complies with this standard but is not certified. savanta.com 17
Page 1 and 2: SAVANTA’S RESPONSE TO ESOMAR’s
Page 3 and 4: 37 QUESTIONS TO HELP BUYERS OF ONLI
Page 15: 37 QUESTIONS TO HELP BUYERS OF ONLI
Page 19: etter.decisions@savanta.com +44 (0)

Savanta_37_online_sample_questions_US

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?