I am requesting that a feature be added to address a serious data security concern. Currently, the HQ User provides the final sign-off on a questionnaire. They represent an essential second layer of quality checks that are important for data quality. As we all know, a questionnaire may pass all the validation checks outlined in the questionnaire, but may have other inconsistencies that are often picked up by what is often referred to as the Field Editor. Within Survey Solutions, this role is played by the HQ User who gives the final approval of the questionnaire.
Now, while with small surveys, the number of HQ Users are small. With larger surveys and Censuses, the number of HQ users increases significantly. From our calculations, this may be tens or hundreds of persons. The concern here is that the HQ User also has access to download the full data base for the survey, which is a serious data security concern. Additionally, because the server is cloud based, it means that the HQ user can log in from outside the secure environment of your office and download the full dataset. This for me is a very serious security risk, and I really hope that there is a solution.
To help improve this situation, I am recommending the separation of the responsibilities of final questionnaire approval and the other administrative functions of the HQ User into 2 distinct levels.
This way these security risks could be better controlled and limited to a very small number of users, irrespective of the size of the survey.