When conducting qualitative or mixed methods research involving human subjects, securing Institutional Review Board (IRB) approval is often a critical milestone. Protecting participant data is one of the most central concerns that IRBs address. Dedoose has implemented comprehensive security measures, outlined below, that are specifically designed to meet and exceed IBR requirements outlined below.

Dedoose employs 256-bit SSL encryption technology to protect all data both in transit and at rest. When you upload data to Dedoose, it travels through secure channels before being stored in encrypted form on Dedoose's protected servers. This ensures that sensitive research data remains secure. Read more about our encryption standards here.

Unlike traditional desktop software that stores data locally, Dedoose maintains data on secure Microsoft Azure servers. These facilities feature enterprise-level security measures including:

• Physical security with controlled access

• Continuous monitoring for unauthorized access attempts

• Geographic redundancy across multiple server locations (US only)

• Regular security updates and maintenance

This robust server architecture eliminates many vulnerabilities associated with local storage solutions, which IRBs recognize as a significant advantage.

Automatic Backup Systems

We have instituted a comprehensive backup strategy with complete system backups performed daily and stored securely, protecting against both hardware failures and localized disasters. This redundancy ensures that even in worst-case scenarios, research data remains protected and recoverable, addressing a key IRB concern about data preservation.

Security & Compliance

Dedoose maintains a dedicated security team responsible for continuously monitoring the system for potential vulnerabilities. This team conducts regular security audits and third-party penetration testing to identify and address any potential weaknesses before they can be exploited. For more detailed information on our security compliance frameworks, visit our Trust Center.

HIPAA Compliance

For research involving protected health information, Dedoose's security measures are specifically designed to comply with Health Insurance Portability and Accountability Act (HIPAA) requirements. This includes maintaining audit trails of all system access, implementing technical safeguards for data protection, and following strict protocols for breach notification. For IRBs with exceptional concerns about security of patient data, researchers can also employ Project-Specific Encryption as the highest level of security for their project. Premier and Enterprise clients can also arrange for a Business Associate Agreement (BAA) to add additional contractual safeguards for their projects.

Comprehensive Access Controls

Dedoose provides project owners with granular control over who can access their research data. These controls include:

• Customizable user permissions that can be tailored for each team member role

• The ability to limit access to specific aspects of a project

• Detailed activity logs for admins that track who accessed the platform and when

• Options to revoke access immediately when team members leave a project

These role-based access features allow researchers to clearly demonstrate to IRBs that they have implemented proper procedures to maintain data confidentiality in projects where they are collaborating with others.

Transparent Disaster Recovery Plan

Dedoose maintains a comprehensive disaster recovery plan that covers everything from minor technical issues to major system failures. This plan includes clear protocols for notifying users of any security incidents, restoring data from backups, and resuming normal operations with minimal disruption. IRBs appreciate this transparency, as it demonstrates thoughtful preparedness for protecting research data under all circumstances.

Secure Export Options

When researchers need to share findings outside the Dedoose environment, the platform offers secure export options that maintain data protection. Exports can be customized to include only the necessary information, helping researchers comply with IRB requirements regarding data minimization and protection of participant identities, and project exports can be password protected.

Ownership of Your Data

Dedoose does not share your data with third parties and will not use your data to train any AI models or services. Your data is in your complete and total control, while Dedoose is merely here as a platform to assist in your analysis in the most secure way possible. Your project data is precious to you, and to us! We are honored to earn your trust, and provide you with a safe, effective, and easy-to-use data analysis tool.  

If you are looking for more information regarding our security and compliance frameworks, please contact support@dedoose.com.  

‍