Qualtrics provides a security statement with a promise to protect your data and adhere to industry standards.
Data security is very important to us at Qualtrics. Many of our clients demand the highest levels of data security and have tested our system to be sure it meets their standards. In each case, we have surpassed expectations and received high praise from elite companies.
Qualtrics’ most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems, and vulnerability scans are performed regularly. Complete penetration tests are performed yearly. All services have quick failover points and redundant hardware, and complete backups are performed nightly.
Qualtrics uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. We also protect surveys with passwords and HTTP referrer checking. Our data is hosted by third party data centers that are SSAE-16 SOC II certified. All data at rest are encrypted, and data on deprecated hard drives are destroyed by U.S. DOD methods and delivered to a third-party data destruction service.
Qualtrics deploys the general requirements set forth by many Federal Acts including the FISMA Act of 2002. We meet or exceed the minimum requirements as outlined in FIPS Publication 200.
HIPAA Statement: With some restrictions, Qualtrics may be designated as a Business Associate when the Qualtrics BA Agreement is signed with a Covered Entity—those organizations that are required to comply with HIPAA privacy rules. All client data are considered confidential, and treated as such, with no specific designation (such as medical (PHI), PII, or public). Therefore there is a duty of care that Qualtrics must have with PII data.
Related to HIPAA, HITECH (Health Information Technology for Economic and Clinical Health Act) are updated assessment rules to ensure that data are properly protected and best security practices followed. By using secure and certified data centers, Qualtrics ensures the highest protection and testing as per HITECH requirements.
Rest assured, your data is safe with Qualtrics.
Questions regarding this statement may be sent to Qualtrics Support.