Respondent confidentiality is of the utmost importance within the ASA24 system. Researchers do not provide the National Cancer Institute (NCI) or the ASA24 system with any personally identifiable data associated with study Respondents. Rather, Researchers specify a user ID for each Respondent and download system-generated usernames and passwords that Respondents use to access the application.
The ASA24 system also does not capture any personally identifiable data from Respondents. However, IP address information is accessed for the purpose of routing information between the server and the Respondent's computer -- often the IP address is that of the user's Internet Service Provider (ISP).
IP addresses are not stored or tracked by the ASA24 system. However, logs of connections are kept for audit trail purposes. This information is not mined in any way but would be available if there were a legal obligation to release it.
Respondent data are protected using industry standard security controls. All data entered into the ASA24 system at the Respondent's computer are encrypted by the internet browser (e.g., Chrome, Firefox) while transmitted to ASA24 servers using Secure Socket Layer (SSL) Technology. SSL allows for the authentication of the sending and receiving computers.
Only a particular study's investigator(s) and the ASA24 operations team can access response data. Access is gained through usernames and strong passwords.
On July 27, 2023, the ASA24 system was migrated to a virtual private cloud environment managed by NCI. The system has obtained an Authorization to Operate (ATO) at a FISMA moderate level. FISMA refers to the Federal Information Security Management Act and more information about the risk-based approach to manage information security risk is available on the National Institute of Standards and Technology’s website.
ASA24 is a registered trademark of HHS.