Security and Privacy for GAO Web Survey Respondents
The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO examines how taxpayer dollars are spent and provides Congress and federal agencies with objective, fact-based information to help the government save money and work more efficiently. Our work is done at the request of congressional committees or subcommittees or is statutorily required by public laws or committee reports.
In the course of conducting research to support this work, GAO uses questionnaire surveys to collect information from individuals reporting about themselves, or about organizations, programs, or activities they represent. GAO also conducts surveys of its employees for internal business purposes.
Please see the survey communications you received to learn its purposes, how and why we identified and contacted you, and the specific conditions and practices that apply to the handling, storage, analysis, reporting, and release of information you provide. If you have additional questions or concerns, contact the GAO personnel named in those communications.
GAO is committed to maintaining the security of our information systems and the privacy of personal and business information. Conditions and practices that apply to all of our web survey information collections are described below.
Security
GAO uses Qualtrics XM, a web-based platform, to collect survey information. The implementation of the Qualtrics system that GAO uses has received an authorization from the Federal Risk and Authorization Management Program (FedRAMP) as a “moderate impact” level system that is appropriate for the handling and storage of Personally Identifiable Information (PII) and other Controlled Unclassified Information. This Qualtrics security statement provides additional information about the Qualtrics XM security environment.
Data transmissions between your web browser, Qualtrics XM data centers, and GAO servers use Transport Layer Security (TLS) 1.2 encryption (also known as HTTPS), making these transmissions very difficult to decode if they are intercepted by an unauthorized party.
Within GAO, we protect information and our information systems in accordance with federal government information security requirements, including the Federal Information Security Modernization Act (FISMA), and standards and guidelines developed by the National Institute of Standards and Technology (NIST). The security of GAO systems is periodically tested and evaluated by GAO management and reviewed by the GAO Office of the Inspector General.
Privacy
Because GAO surveys collect a variety of information from different populations under different circumstances, refer to the survey communications you received and the GAO personnel named as contacts for more information on the privacy conditions that apply to your survey.
Qualtrics XM is a web-based platform used to collect survey information. Because it is an information system that holds PII, GAO has established this privacy statement that applies to the use of Qualtrics.