View Procedure


Procedure for Administering Institutional Surveys

Approval Date: 2016-10-05

Effective Date: 2017-01-01

Responsible Unit: Centre for Institutional Analysis and Planning


Survey Approval 

All Institutional surveys must have approval from the Institutional Survey Oversight Committee (ISOC), in accordance with the Institutional Surveys policy.

Required Protocols and Documents

1. The survey introduction and/or instrument must include:

  • a statement of purpose, use, and voluntariness as part of the informed consent process; some survey methodologies may require a separate signed consent form from the participant.
  • a statement of confidentiality and/or anonymity in the survey introduction.
  • a Privacy Notice, stating authority and purpose for the collection and use of information. 

2. Determine if a Privacy Compliance Checklist is required.  See the Privacy policy and the Procedure for Checking Privacy Compliance.

3. Ensure that any individuals who will be handling survey related information who are not regular university employees (e.g., student employees, work-term students, etc.,) complete a Confidentiality Agreement.  A sample confidentiality agreement is available here.

4. If using a third-party server to host the survey:

  • In accordance with the Information Management policy, an Information Risk Assessment must be completed when considering the use of such external services. Contact the Office of the Chief Information Officer to initiate the completion of the applicable Information Risk Assessments.
  • Inform participants at the survey start that their data will be stored on a third-party server.

5. If an external third-party agency/contractor is conducting the survey on behalf of the University:

  • Arrange for a Privacy Schedule to be signed by both the third-party contractor and the University before any aspect of the survey process begins.
  • Determine if an additional research agreement is required by the third-party contractor. Submit this agreement to the IAP office. Additional review may be and required by the General Counsel. See the Contract Administration policy.

6. The University office (e.g., Registrar’s Office) that will be supplying the file of contact information for the survey population/sample may require a Researcher Agreement, available here, and other documentation related to privacy protection, data use, and confidentiality.

Design and Methodology 

Institutional Surveys must follow established standards for survey methodologies. These standards are available from the CIAP office and relate to the following:

  • Sampling
  • Timing
  • Question design
  • Survey messaging and contact attempts (invitations, reminders, promotion)
  • Incentives/prizes
  • Analysis and Reporting

Information Management and Protection of Personal Information

The University's Privacy, Information Management and Electronic Data Security policies must be followed throughout the survey administration.  Particular attention should be given to the following as related to survey administration:

  • Transmit all information (population/sample file, survey results, etc.) through encrypted and password protected files, or by uploading to a secure server (password protected).
  • Confirm that the contact information for the intended survey population/sample can be used for the purpose of administering the survey.
  • Limit the amount of personal information included in population/sample files to the minimum amount of information that is necessary to administer the survey, particularly in the case of third party administration where population/sample files will be transmitted electronically. Where possible, mask any required personally identifiable information in the population/sample file, such as student number.
  • Limit the information collected by the survey to just that which is required for the intended purpose.
  • Report survey results in aggregate form only with no personally identifiable information included.
  • Manage the information produced as a result of the survey in accordance with the Information Management policy, with consideration to data storage, usage, retention and removal. If the survey is conducted by a third-party consultant these considerations will be addressed in the Privacy Schedule or detailed in a supplementary agreement.
  • Use the data collected from the survey for the purpose it was intended and that was communicated to participants.
  • Report and disseminate the results of institutional surveys in a manner appropriate to the nature and scope of the survey.


Policies using this procedure:

Procedure Amendment History

There are past amendments for this policy:

Date: 2023-06-14 12:52:39
This procedure was published as a replacement of a previous version with an ID of 526. Comment provided: Update
Action: Created full working copy
Date: 2023-11-09 09:20:22
Date: 2023-11-09 09:21:02
This procedure was replaced with a new version. Comment provided: clerical corrections