Class 9: Team Working
We’re drawing towards the end of this series of articles and in the last one we touched on some features that related to larger organisations. In this article, we’re going to expand on this and talk about how we can help teams collaborate on online survey projects easily and securely.
What many organisations do is just share a single account across their company. Nice and simple. The issue with this (aside from it potentially breaching the terms and conditions of your supplier) is that it has major security issues. We established in an early article that it’s likely that there will be personal data in your online survey system, often if you haven’t even gone out of your way to collect it.
This data, under GDPR, needs adequate protection and one of the measures of adequacy is that access to it is controlled properly and logged – so you know who has been accessing the system, at what time, and what actions were taken. By sharing login credentials, this information is lost as the account could be any one of several people.
There’s also a simple matter of productivity. The more people are sharing a password, the more likely it is that one person or other in the group will enter the password incorrectly a few times and lock the account, meaning they need to contact support to get it unlocked. If the password gets reset this can happen several times a day as people use the old password.
To deal with this, we have several features to allow people to work together on their survey projects while maintaining security.
Every organisation that has a multi-user account with us has a single account marked as being “Master” user, along with one or more sub-users. Each sub-user can work independently and has full access to all the features allowed by the account level, and can create, distribute, and report on surveys they create in the same way as a solo user. The Master account holder can access the accounts of all sub-users as well.
Collaboration is managed via survey permissions. As well as what’s already been mentioned, the master account is responsible for managing survey permissions and sharing for the other accounts on the system. The other users (known as sub-users) have full access to their own accounts and can create, distribute, and report on the surveys they create freely as any other SmartSurvey user. Where the Master user comes in is where two or more people need access to the same survey.
The master user can use a tool to select the survey and then choose one or more sub-users on the account to grant permissions to the survey. These permissions control whether a user can edit the survey design, change settings, distribute the survey, view results, delete results, or copy the survey.
These are all set individually, and default to not being set so a high level of security is built in. If an organisation needs to run a survey that will collect sensitive data, then by using the permissions, the master user can keep control of access to the collected information.
Example of Survey Sharing
As an example, let’s consider that an HR department has decided they want to run a staff satisfaction survey, but would like some help from a designer and copywriter to create it.
The master user can create the survey in their SmartSurvey Account. By amending the survey permissions settings for the designer and the copywriter’s accounts to allow them “Design” permission, these people can get on with creating the survey itself. When the time comes to distribute the survey, the Master account holder can do that themselves or get another team member to do it by assigning that member the permission to “collect” the survey data.
These contributors will be able to access the survey to make changes or do other work without having access to any collected data or performing any other functions that the master user doesn’t want.
In practice, a high level of compartmentalisation like this is not that common, though we have had more frequent conversations with clients about measures like this since GDPR came in in May 2018.
Single Sign On Solutions
Single Sign On (SSO) is a bolt-on addition for multi-user SmartSurvey accounts that adds extra functionality and security. It replaces the standard login process with a dedicated landing page for the organisation. Logging in happens automatically with SmartSurvey and the user’s computer completing an encrypted process to authenticate the user without the need to enter further credentials that uses their login credentials for their main workplace account.
This is a huge boon for uses as they no longer need to create, or store, specific passwords meaning that there’s a hugely reduces risk of passwords being written down and then leaking. This also means that users won’t be able to ever enter incorrect details and lock accounts.
SSO is an example of SmartSurvey being integrated with an external system, and in the final entry in this series, we’ll discuss the deeper integration possibilities offered using the API and webhooks functions.
Up to now, this series has focused on the traditional model of a user, sat at a computer or working on a mobile device, doing the work of creating surveys, distributing them, and running reports. However, organisations with large-scale and complex requirements can build bespoke integrations by using the API and Webhooks. Our next and final class looks at this area in more detail.