Certification Programs - ISO 20252:2019; ISO207001 and Fair Data Program
Overview of Standards
ISO20252:2019 – Market, opinion and social research, including insights and data analytics standard
ISO27001 – Information and Security Standard
Fair Data Program – the Consumer Trust Mark
Fair Data – reasons to get it
Overview of Standards
The Research Society is the peak body for the development of professional and quality research standards. We own and administer the ethical Code of Professional Behaviour that all Society members adhere to; we pioneered the Qualified Professional Researcher (QPR) scheme for professional researchers and we now have the exclusive licence in Australia for the Fair Data ethical consumer trust mark which certifies companies for the collection, management and storage of personal data.
The Research Society has also been the main driver behind the development ISO standards in the Australian market since the inception of IQCA and MRQA. The Research Society Elissa Molloy has been involved in the development of quality standards for our industry since 1999 and represents Australia as the Chair of the Standards Australia MB-005 Committee. She also sits on the international ISO committee TC225 that has developed the ISO standards ISO20252 and ISO26362 and then put them into one comprehensive standard –AS ISO 20252:2019.
AS ISO:20252:2019, has now been published and adopted in Australia. The changes combine the previous ISO 20252 & ISO 26362 and move the standard to a mandatory framework and a series of compulsory annexes (where applicable across your business). The release of this new standard is a significant change from the existing ISO 20252 and the panel access standard ISO 26362, with some substantial content and format changes that will affect all ISO certified companies. The revised ISO 20252 standard has a stronger focus on information security and is based around annexes which cover the various methodologies. ISO 26362: 2009 has been withdrawn and incorporated into ISO 20252:2018 which covers both online and offline access panels. This is as a result of the emergence and global acceptance of online sampling as a primary sample source. Data analytics and digital observation are also more prominent.
Current ISO20252 certified companies will have until June 2021 to comply with the 2019 version of the 20252 standard.
International Standard ISO 20252:2019, Market, opinion and social research, including insights and data analytics – Vocabulary and service requirements, was adopted as the Australian standard in 2019 and sets out guidance and requirements relating to the way in which research studies are planned, carried out, supervised, and reported to clients commissioning such projects. It will encourage consistency and transparency in the way surveys are carried out, and confidence in their results and in their providers.
The global research quality standard provides a framework to:
- Ensure timely delivery of quality services
- Improve operational management and control of research processes
- Reduce errors and rework
- Enhance user reputation and provide a competitive advantage
Don Ambrose, Chair of the ISO technical committee that updated the standard, explains: “ISO 20252 is a must-have for the market research industry. Users the world over – companies, governments, research institutes, consumer associations, universities, and marketing and advertising agencies – will benefit by having global compatibility, traceability and continual improvement. In addition, it will enable clients to obtain globally compatible, comparable and homogeneous feedback and make better-informed choices of service providers.”
ISO 20252:2019 covers all the stages of a research study: from the initial contact between the client and service provider, to presentations of results to the client. This third edition has been updated to reflect new or modified research practices and new content has been added, including the complete ISO 26362:2009, covering the management and use of access panels.
Getting a copy of the standard
To access the requirements of the ISO20252:2019 standard you must purchase it from SAI Global. SAI Global (owned by Standards Australia) owns the licence for this standard and it can be purchased from them for $290 by clicking herehttps://infostore.saiglobal.com/en-au/Standards/AS-ISO-20252-2019-99069_SAIG_AS_AS_2740918/
Auditing to AS ISO20252:2019
The Research Society has negotiated a special rate with our two preferred certification bodies – CIRQ and ISO Experts - to provide certification to the 2019 standard. Juliana Wood, MAOM, DES, CIRQ – Certification Institute for Research Quality for ISO 20252 & ISO 27001. E: firstname.lastname@example.org | W: www.cirq.org and Robert Capozzi, ISO Experts E: email@example.com | www.isoexperts.com.au
The Research Society has a Quality Consultant, Norine Cruse from Cruse Partnership firstname.lastname@example.org who can assist companies with implementation of ISO20252, ISO27001 and Fair Data.
ISO 20252 & ISO 26362 form ONE ONLY STANDARD: ISO 20252: 2019
- One overarching (business) framework: Mandatory
- Multiple Annexes: Industry Methodologies – at least one Annex must apply
- Statement of Applicability (SoA) and Re-issue Certificate Annually – old scope statement
ISO 20252: 2012
ISO 26362: 2009 [
New standard ISO 20252: 2019
3 Research process management system requirements
3.1 Organisation and responsibilities
3.2 Confidentiality of research
3.3 Documentation requirements
3.4 Competence and training
3.6 Reviewing the effectiveness of the research process management system
4 Managing the executive elements of research
4.1 Responding to research requests
4.2 Project schedule
4.3 Assistance by and cooperation with clients
4.4 Questionnaires and discussion guides
4.5 Managing sampling and data processing
4.6 Monitoring the execution of research
4.7 Research documents, materials and products
4.8 Reporting of research results
4.9 Research records
6.8 Electronic data delivery
6.9 Back up, retention and security of data
7 Report on research projects
7.2 Quantitative research
7.3 Qualitative research
7.4 Observational research
4.1 General requirement
4.2 Organisation and responsibility
These clauses are combined together and form the FRAMEWORK MANUAL
PLUS a NEW Clause of INFORMATION SECURITY ADDED TO THE FRAMEWORK – NOT PREVIOUSLY REQUIRED IN THE 2012 OR 2009 STANDARD
ALSO NEW is the Statement of Applicability SoA which is a more detailed scope statement form the previous standards.
Use the SoA template and describe at least 80% of your market research services. Check marketing material, on websites etc.
ISO 20252: 2012 [FRAMEWORK]
ISO 26362: 2009 [FRAMEWORK]
New standard ISO 20252: 2019
5 Data collection
5.2 Management, recruitment and training of fieldworkers
5.3 Conducting data collection by fieldwork
5.4 Fieldworker validation of quantitative research
5.5 Qualitative data collection
5.6 Self-completion data collection
5.7 Observational data collection
5.8 Data collection from secondary sources
5.9 Data collection records
6 Data management and processing
6.2 Hard copy data entry
6.3 Accuracy of databases not requiring manual data entry
6.5 Data editing
6.6 Data file management
6.7 Data analysis
4.3 Recruitment of new panel members
4.4 Access panel structure and size
4.5 Access panel management
4.6 Access panel usage
4.7 Client reporting
4.8 Professional rules of conduct
These clauses are combined together and form the
ANNEX A: Sampling including Access Panels
ANNEX B: Fieldwork [quant and qual]
ANNEX C: Physical Observation
ANNEX D: Digital Observation (passive methodologies)
ANNEX E: Self Completion (on/off line)
ANNEX F: Data Management and Processing
Annexes A to F represent the scope of methodologies provided through market and social research including digital analytics.
ISO27001: Information Communication and Security Standard
The Research Society has a Quality Consultant, Norine Cruse from Cruse Partnership (she is an accredited ISO27001 auditor) who can assist with implementation of this standard.
The Research Society has developed a FREE Information Communication and Security Handbook to assist small and medium organisations – click here to download or purchase if you are not a member.
The Fair Data scheme – supports the Information Security clause of ISO27001 and several requirements so getting the Fair Data standard is a good stepping stone to becoming certified to the larger ISO27001 standard. Read more about this scheme below.
Fair Data – the Consumer Trust Mark
Fair Data is an ethical consumer mark that organisations can use to show the general public that they collect, use and store personal information in line with Australian privacy legislation.
Public trust underpins our industry.
Fair Data organisations are audited and certified against 12 Fair Data Principles. These Principles support and complement the Australian Privacy Principles and other standards schemes such as ISOs, the UK Data Protection Act, and the European Union’s General Data Protection Regulation (GDPR).
Access to the Fair Data Certification is free for Company and Client Partners. They only payment required is a discounted annual remote auditing feefrom our preferred provider – ISO Experts.
The Fair Data program is an annual cost-effective remote certification (done via our online Fair Data Portal) that is available to all sized business and government organisations who collect, use or store personal data and who achieve and maintain certification against the 12 Fair Data Principles. Their use of the Fair Data trust mark on public facing research activities provides an important reinforcer of Australian Privacy Principles to the community.
- Become a Company or Client Partner with the Research Society – click here for more information on Partnership.
- Contact The Research Society and receive the Fair Data accreditation documents email@example.com
- Upload evidence onto the Fair Data documents on how your organisation meets the 12 Fair Data principles. The Fair Data document takes you through each principle and provides help information and examples.
- Once you have completed all the certification information, upload it securely to our third party ISO audit organisation, which will notify our third party auditors – ISO EXPERTS – to audit your organisation. They will email or call you if they have any questions about the evidence and information you have uploaded.
- Once you have been successfully audited you will receive an audit invoice and once paid, you will receive a Fair Data Certificate and Fair Data mark to use on all your company materials and website.
For more information about Fair Data please contact The Research Society on 02 9566 3100.
Why your organisation should become Fair Data certified
- We need to foster trust for the benefit of all
Our industry is built on trust. We rely on people to willingly giving their personal information, so we can do our job. The public quite rightly expects that this will be protected.
Quality research is critical for government, business and community organisations to make decisions in the best interests of the people they serve.
Fair Data is about building trust with consumers at a time when privacy concerns have never been higher or more at risk. Fair Data will protect and enhance an organisation's public reputation.
All organisations – both public and private sector – which collect and use personal data are encouraged to become accredited as a way to actively demonstrate their commitment to ethical data practices.
- Compliance is not enough, we need to show it not just do it
It is therefore vital that companies are able to clearly show consumers they handle their personal information in an ethical and secure way.
Fair Data provides two important outcomes:
- Provides a recognisable symbol that enable the public to identify organizations they can trust.
- A visual badge for organisations to demonstrate they take personal privacy protection seriously and have the highest ethical standards.
- Fair Data is an international consumer trust mark
We are building on a respected international accreditation that complies with Australian, UK, European Union and Singaporean laws and standards.
The Fair Data Mark identifies companies that take privacy seriously and have systems in place to ensure its handling of personal information complies with privacy law.
The more it is used the greater its value.