info@M3Global.com

Compliance

Information

ISO Certificates

Global MR Compliance Team

Contact a Team Member

Compliance at M3

Our focus on compliance has led to the award of the ISO 20252 standard for our physician panel, confirming our dedication to delivering high quality data which goes beyond basic guidelines. Privacy and data protection are key principles of this commitment, underpinned by legal requirements including GDPR obligations. Internationally recognsided, ISO 20252:2019 (market, opinion, and social research) is a comprehensive framework that supports best practice and effectiveness, and its award helps clients assess and choose suppliers of access panels with confidence.

As part of the M3 group we operate with the transparency required of a publicly-traded company. We are audited annually by PwC, and are proud to hold ISO 27001 certification, evidencing our commitment to stringent information security. The scale of our proprietary panels reflects our commitment to quality; our outsourcing of completes is an industry-leading low of only 2%.

Certified Quality

ISO 20252:2019 Certified

M3 Global Research is certified to ISO 20252:2019 for organisations conducting market, opinion and social research. This certification covers the operation and management of healthcare projects in the USA and Europe to ensure data quality to clients.

ISO 27001 Certified (Information Security Management)

M3 Global Research’s operations are ISO 27001 certified in both the US and UK. ISO/IEC 27001 is an internationally recognised program that requires an organisation to implement and maintain a structured information security and data governance framework.

ISO 27701 Certified (Privacy Management Solutions)

This privacy-focused certification demonstrates our dedication to protecting personal data and complying with global privacy regulations, further enhancing our data privacy management protocols.

Imperium Data Quality Certified

M3 Global Research has been Data Quality Certified by Imperium. Imperium is the leading provider of data quality and anti-fraud solutions to the marketing research industry and beyond.

ESOMAR 37 Questions

Company Profile

M3 Global Research has provided sample for healthcare market research since 1999, previously as MDLinx in the US, and EMS in the UK. Our physician panels are ISO 20252 certified, and we also hold ISO 27001 certifications evidencing our commitment to information security and privacy. Our HCP and patient panels have been recruited exclusively for quantitative and qualitative research, and receive only communications specifically related to their participation in those studies. Our global team of over 800 team members includes 100 staff dedicated to panel management including multilingual experts in panel recruitment, ongoing engagement, panel management, customer service, and custom recruitment, ensuring that our global panel members’ experience of market research participation with M3 is unsurpassed. We are also the only healthcare market research fieldwork provider to actively monitor respondent survey experience, providing feedback to facilitate the ongoing improvement in survey design and best practices.

We employee a dedicated sampling team, who work closely with both the sales team to advise on feasibility at the point of bid, and the client service team to ensure recruitment efforts are optimised to reach the specific target audience. We also collect survey satisfaction data after every survey, and one of the metrics is ‘relevance’ so we can confirm, as early as soft launch stage, that respondents are appropriate to the survey content and the research objectives. We have also built and maintained a proprietary sampling approach. Dynamic sampling uses rich profile data that goes beyond basic demographic information, and ensures that we limit screenouts wherever possible, contributing to a much-improved survey experience for respondents, and a reduced rate of attrition in panel members.

Although we are specialists in sample provision, we also offer a wider range of fieldwork and data delivery services including data visualisation and charting, translation, our proprietary virtual qualitative research platform, programming, data processing, and quality control.

Sample Sources and Recruitment

Participants register to be part of the M3 Global Research panel on the www.m3 globalresearch.com website. Under M3’s ISO 20252 certification physicians are subject to verification protocols of their identity and qualification before being invited to market research surveys, with triple verification, including photo ID. All of M3’s panel members are managed through a patented, internal, proprietary system, which has been annually audited and quality certified since 2011.

As M3 operates globally, we have established an international network of trusted partners. All sub-contractors used by M3 have undergone M3's documented vetting process as stipulated under ISO 20252, and M3’s own company standards.

M3 Global Research seeks to meet all sampling needs through its proprietary panel. We may work with partner panels where appropriate; in such instances, clients are informed, and multiple safeguards are employed to ensure data integrity. This includes on-the-spot de-duplication using digital fingerprinting technology, as well as sharing of exclusion lists.

M3 Global Research follows an extensive partner vetting process, which meets ISO 20252 standard requirements. All partners are carefully selected to ensure all recruiting parties provide the best possible service to the clients. Partners are reviewed by project staff on each project as well as regularly audited by M3 Global Research’s dedicated team.

M3 Global Research notifies clients in advance when third party providers are used.

M3 Global Research adapts its recruitment methodology depending on geographies and target groups. For some target groups, a purely online recruitment approach may not suffice or may not be appropriate, such as for hard-to-reach patient targets. In such instances, other recruitment approaches—such as phone-to-web— may be more appropriate.

M3 Global Research transparently advises its clients on the recruitment methodologies planned for each project.

M3 Global Research has in-house capabilities for telephone recruitment across its locations, spanning over 10 markets. In addition, M3 Global Research works with trusted local partners, educating them on all relevant quality standards, and works with these partners to engage hard-to-reach audiences.

By utilising various anti-fraud measures, we guarantee the data clients receive from respondents is reliable. Our triple verification process, coupled with the implementation of our advanced techniques to eradicate fraud is a testament to our commitment to data integrity.

We implement an array of initiatives aimed at eradicating respondent fraud so that you have access to the highest-quality survey data. Our multi-pronged approach includes:

De-duplication of records
Manual verification of panel members’ credentials
Photo ID and Google’s ReCAPTCHA

Respondents sign up to take part and access their user dashboard at www.m3globalresearch.com which includes their available research opportunities, account details, and incentive wallet.

We offer a fully managed service with a project management team assigned to each project.

M3 Global Research is fully transparent in their partner use and has pre-selected vetted partners that are used, who are closely managed and supervised by M3 staff on every market research project. Vendor selection depends on individual projects, their geographies, and methodologies. Any sub-contractors working on M3 projects will be seamless to our clients for deliverables. If vendors are required for the project, recommendations by clients will be fully evaluated and feedback provided.

Vendors are selected through referrals, trade shows, or internal research. Vendors must meet internal pre-determined qualifications and pass all compliance, assessment, testing and legal review before onboarding. Vendors should be listed in at least one accredited market research directory, and adhere to M3 Global Research’s operating standards. Vendors must pass GDPR / privacy / security guidelines, agree to M3 Global Research’s Master Service agreement, and Modern Slavery sign off agreement. In addition, the following information is collected if initial criteria and needs are met:

Panel counts and / or specialty panel information
Company overview (marketing materials)
ESOMAR 37 questions
Quality processes, online fraud detection system / software in place
System requirements (redirect requirements)
Most relevant contact information
Name and email addresses for 2-3 contacts that we can reach out to as a background / quality / reference check

Vendors are evaluated at the end of each project, quarterly, and through M3’s yearly ISO audit. Their performance score / rating is tracked in an internal system and shared with the vendor during quarterly review meetings or on adhoc basis if there is a performance related issue. Issues are addressed with M3’s Global Partner Management team in collaboration with operations and / or sales teams.

Using our dynamic sampling approach with our primary, proprietary panel, we can profile a suitable audience based on previous participation data, ensuring that methodology preferences and suitability are incorporated into the sampling process. This means that for methodologies that require a longer time commitment, like patient record forms, we can invite respondents who can be relied upon to complete all the necessary stages of the study, based on previous participation data, and their own assessment of the methodology in the post-survey satisfaction questionnaire.

Sampling and Project Management

Only panelists who opted-in to receiving market research invitations will be invited to participate. Respondents are chosen to participate in a survey based on their country of work and their medical specialty in the case of HCPs. Should any further invitation profiling be required—such as targeting a specific setting—the client will be informed.

An audience is selected and invited through M3’s proprietary sampling system. Respondents are invited to take part via email and can log in to their M3 accounts to access surveys they have been invited to via their market research dashboard. For mobile-enabled surveys, a text message invitation can be considered.

The process of audience selection and invitation is handled primarily by an M3 project manager who has undergone training and has a clear best practice manual to follow.

For qualitative studies, respondents may also be called directly, given they have consented to this.

All invitations follow a template that meets industry standards – this includes:

Subject and purpose of the survey
Methodology and approach
Location and duration of fieldwork
Date and time of fieldwork
Reimbursement offered – both the nature and the rate of remuneration
Adverse event and product complaint reporting obligations if appropriate
Option to unsubscribe (for online invitations)
Links to M3 Global Research privacy policy and terms of use (for online invitations)
Contact details for M3 Global Research’s dedicated support team

Firstly, at the point of registration to M3 Global Research’s panel, basic information is collected from the potential member to allow for verification where applicable.

Basic information required for verification of HCPs under M3 Global Research’s ISO 20252 certification:

Name (first, last)
Country
Email address
Mailing address
Profession
Medical specialty
ME / DEA number or country equivalent
Age

Secondary profiling questions are also asked, but not required. The following information is collected as secondary profiler questions, which allows for better targeted invitations for market research studies and is included for HCPs:

Secondary profession
Secondary specialty
Employment type
Number of beds in hospital
Type of practice
Role in current place of employment
Board certification year (if applicable)
Year of graduation
Percent of patients covered by different types of insurance
Number of patients seen per month
Highest level of education
Location of employment
Gender
Languages spoken
Willingness to take part in different types of research

Profiling data differs based on the target group, such as between HCPs and patients. All M3 Global Research members can update their user data and answers to profiling questions at any time by logging in to their M3 Global Research account. Prompts to update their profile are sent regularly, and they are frequently presented with profiling questions at the end of surveys.

All available information about a project will help in providing accurate feasibility, for example:

Study topic
Physician or HCP specialty / subspecialty
Sample size
Disease state or other survey target
Countries (or other geographies) involved
Type of interview (online, phone, face-to-face, etc.)
Length of survey
Estimated incidence
Expected fielding timeline

We also use historical project data to make feasibility estimates, analysing previous response rates and quotas to predict future feasibility in similar target audiences.

M3 Global Research seeks to meet all its sampling needs through its proprietary panel, and then via custom recruitment methods. We may work with partner panels where appropriate; in such instances, clients are aware and multiple safeguards are employed to ensure data integrity. This includes on-the-spot deduplication using digital fingerprinting technology, as well as sharing of exclusion lists.

M3 Global Research follows an extensive partner vetting process, which meets ISO 20252 international standard requirements. All partners are carefully selected and comply with the standard as well, to ensure all recruiting parties provide the best possible service to the clients. Partners are reviewed by project staff on each project as well as regularly audited by M3 Global Research’s dedicated team, with details shared with the buyer.

We do not employ a survey router.

We operate in line with BHBIA guidance on recruitment approaches, and advise prospective respondents about the methodology, the compensation offered, the estimated time it will take them to complete the research, and the topic of the research. The invitation also includes a link to our Privacy Policy.

Participants have access to all available surveys via their M3 Dashboard. For each and every survey they can see the length of the survey (LOI), the amount of compensation offered, the methodology, and the topic being researched.

We have full flexibility to flex incentive values during recruitment if, for example, we feel that the response rate might be increased if a higher incentive was offered. This is recorded in our database at participant level.

Since May 2021 we have asked every quant respondent to complete a short two-question survey about their survey experience. Every respondent is asked to rate their overall survey experience. They are then asked to rate their experience of one of six measures (relevance, whether it was interesting, if it was well-written, compensation, length, or ease of use). We hold over one million data points enabling us and our clients to adapt survey design and recruitment in line with best practices.

At the end of every project the client receives their final fieldwork update which includes their final survey score data feedback and a summary of completes, and is invited to attend a debrief meeting with the project management team.

M3 Global Research also issues certificates of compliance to clients after completion of each project.

Upon clients’ requests, M3 Global Research may provide the number of respondents who started a survey, number of respondents who screened out, number of respondents who went over quota, number of completes, and average length of interview, as well as other reasonable data requested by M3’s clients, with the exception of personal data.

Data Quality and Validation

M3 Global Research does not rely solely on email invitations. Panelists can review available surveys at any point via their market research dashboard when accessing their account.

Specific targeted reminders on individual surveys via email or telephone are decided upon by the M3 Global Research project manager with regard to frequency, which will be appropriate to the specific project.

M3 Global Research’s proprietary sampling system allows for inclusion or exclusion based on a number of factors, including time lapsed since their last participation. Any such limitations are carefully discussed between M3 Global Research and its clients, particularly with niche target groups, as exclusion based on recent participation could influence feasibility and possible sample sizes.

We have robust tools in place to manage duplicate attempts at survey participation. We employ RelevantID flags based on device digital watermarking and fingerprinting to ensure that no one is able to participate in a survey more than once.

M3 Global Research collects behavioural and participation information about an individual, then applies panel rules to that information. M3 Global Research also uses this participation information to drive predictions of future interest in studies for feasibility. The technology used for these predictions is within a patented feasibility manager. General historical participation data can be provided to clients upon request excluding any personal data.

M3 Global Research uses a multi-step verification process before, during, and after a market research study.

All M3 panel members are verified prior to any participation in research which includes verifying physicians’ medical specialty as required by our ISO 20252 certification, as well as verifying their mobile phone number. We may also include additional verification steps for individual projects, such as desk research, or for medication verification for patients on individual projects.

M3 Global Research also uses technology safeguards to protect us against fraudulent respondents, such as relevantID™, fraud score capabilities, and anti-bot technologies.

All clients are informed if fraudulent responders are discovered, and they are replaced at no cost to the client.

M3 Global Research seeks to meet all its sampling needs through its proprietary panel. M3 Global Research may work with partner panels where appropriate; in such instances, clients are aware and multiple safeguards are employed to ensure data integrity. This includes on-the-spot deduplication using digital fingerprinting technology, as well as sharing of exclusion lists. For trackers, history of partner and M3 panel completes is stored in project records and referenced at the start of each new wave for consistency. Source records can be provided to buyers upon request. Any changes in partner composition will be discussed and approved with our client.

M3 Global Research starts monitoring members from registration onward. At registration, if a member hits a certain number of suspicious flags, members will be flagged during the verification process and required to complete added steps to become an active member and able to receive survey invites.

At the start of survey there are validity checks (technological safeguards against fraudulent respondents, such as relevantID™, fraud score capabilities, and anti-bot technologies) that could potentially block member from taking survey if checks fail.

M3 Global Research monitors status of quality over time and if members reach a certain threshold of quality checks, we will try to either re-educate members on survey taking skills or remove them from the panel altogether.

Automated checks for:

Speeding
Flatlining
Poor open-end responses
Inconsistent answers
‘Red herring’ responses
Data is centralised and incentive payments are blocked
Reinforced with scripted data checks customised for each project

Policies and Compliance

https://www.m3globalresearch.com/research/privacy/

M3 Global Research considers the privacy of its users to be of utmost importance and works to protect it. M3 Global Research’s privacy policy is readily available and links to M3’s privacy policy are included on the registration page, on the website, and in invitation letters.

M3 Global Research considers the privacy of its users to be of utmost importance and works to protect it. M3 Global Research has a dedicated global compliance team as well as a designated data protection officer and to ensure compliance with data protection laws.

We use various resources, webinars and legal advice to ensure we keep up to date on latest developments in data protection legislation in the jurisdictions we operate in.

We maintain a suite of policies and procedures including but not limited to data retention, data subject rights, sharing personal data including international transfers, and privacy policies.

Additionally, M3 Global Research is ISO 27001 certified. This is an internationally recognised standard that requires organisations to implement, maintain, and continuously improve a structured information security and data governance framework. The guiding principles are designed to preserve the confidentiality, integrity, and availability of data within our information systems. The framework includes 114 comprehensive information security control requirements developed for data protection and data security. This certification demonstrates M3’s capability to provide an ongoing and systematic approach of managing and protecting company and customer data. Compliance with this standard is independently audited by a qualified third party and is continuously monitored by our IT internal audit staff that measures our ability to meet or exceed the control requirements. In 2024, M3 Global Research will also certify to the ISO 27701 standard, an extension to ISO 27001 for privacy information management.

M3 maintains a portal where panelists can log in to access their accounts. Within this portal, they have the ability to edit, rectify, or request the deletion of their accounts. We also provide a support ticketing system that panelists can use to ask for support. Additionally, a link to the privacy policy is available.

Our privacy policy comprehensively outlines how data is processed, stored, the procedure for filing complaints, and how to contact our Data Protection Officer (DPO). When subcontracting recruitment, we ensure that subcontractors, who are vetted and preapproved, allow their panelists to exercise their rights to the same extent we provide ours.

For any other respondents, before participating in a project, they are presented with the privacy policy, terms and conditions, and contact details for addressing any rights or lodging any complaints. In all electronic communications, M3 includes an opt-out link, ensuring if requested, prompt removal of individuals from future communications.

M3 complies with market research codes of conduct such as those from ephmra, BHBIA, and Insights Association. M3’s compliance team are members of ephmra’s Ethics Committee and Compliance Network. We also rely on all other M3 entities part of the M3 Inc group globally to stay up to date with any new development in data protection legislation and local regulation.

M3 Global Research does not routinely conduct online surveys with children and young people. In cases where online surveys with children or young people are conducted, M3 Global Research follows applicable ESOMAR and ephmra guidance, as well as all relevant data protection laws also taking into consideration different countries’ definitions of children and young adults.

‘Privacy by design’ or ‘data protection by design and default’ at M3 means protecting data through the use of technology. In essence, this means we integrate data protection into our processing activities and business practices, from the design stage and throughout the lifecycle of the personal data.

Whenever M3 Global Research designs or implements new technology which would result in either the processing of additional personal data or using for a new purpose, a Data Protection Impact Assessment is completed to assess and mitigate any risks, thus considering data protection and privacy issues upfront in everything we do.

M3 Global Research uses industry standard technical and organisational measures (TOM) to protect data safety. Some of the TOMs used are pseudonymisation and anonymisation of personal data, end to end encryption of data in transit and at rest, minimisation of the personal data processed, and access to personal data based on a ‘least privileged approach’. We also ensure measures are in place to safeguard the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

Additionally, M3 Global Research is ISO 27001 certified. This is an internationally recognised standard that requires an organisation to implement, maintain, and continuously improve a structured information security and data governance framework.

We are ISO 27001 certified across all divisions. This is an internationally recognized standard that requires an organisation to implement, maintain, and continuously improve a structured information security and data governance framework. The guiding principles are designed to preserve the confidentiality, integrity, and availability of data within our information systems. The framework includes 114 comprehensive information security control requirements developed for data protection and data security. This certification demonstrates M3’s capability to provide an ongoing and systematic approach of managing and protecting company and customer data. Compliance with this standard is independently audited by a qualified third party and is continuously monitored by our IT internal auditing team that measures our ability to meet or exceed the control requirements.

M3 Global Research holds both ISO 20252 (market research standards) and ISO 27001 (information security standards) and applies the quality management system covering all control requirements for both frameworks. Quality managers are appointed at M3 Global Research’s offices in the US and in Europe, who have authority and responsibility to manage the research process management system and perform detailed internal audits to confirm compliance with both international standards.

Metrics

Average qualifying or completion rate, trended by month
Percent of paid completes rejected per month/project, trended by month
Percent of members/accounts removed/quarantined, trended by month
Percent of paid completes from 0-3 months tenure, trended by month
Percent of paid completes from smartphones, trended by month
Percent of paid completes from owned/branded member relationships versus intercept participants, trended by month
Average number of dispositions (survey attempts, screenouts, and completes) per member, trended by month (potentially by cohort)
Average number of paid completes per member, trended by month (potentially by cohort)
Active unique participants in the last 30 days
Active unique 18-24 male participants in the last 30 days
Maximum feasibility in a specific country with nat rep quotas, seven days in field, 100% incidence, 10-minute interview
Percent of quotas that reached full quota at time of delivery, trended by month

M3 Global Research can provide metrics to buyers upon request

Compliance

Information

ISO Certificates

Global MR Compliance Team

Compliance at M3

Certified Quality

ESOMAR 37 Questions

Company Profile

1. What experience does your company have in providing online samples for market research? How long have you been providing this service? Do you also provide similar services for other uses such as direct marketing? If so, what proportion of your work is for market research?

2. Do you have staff with responsibility for developing and monitoring the performance of the sampling algorithms and related automated functions who also have knowledge and experience in this area? What sort of training in sampling techniques do you provide to your frontline staff?

3. What other services do you offer? Do you cover sample-only, or do you offer a broad range of data collection and analysis services?

Sample Sources and Recruitment

4. Using the broad classifications above, from what sources of online sample do you derive participants?

7. What form of validation do you use in recruitment to ensure that participants are real, unique, and are who they say they are?

8. What brand (domain) and/or app are you using with proprietary sources?

9. Which model(s) do you offer to deliver sample? Managed service, self-serve, or API integration?

Sampling and Project Management

12. Briefly describe your overall process from invitation to survey completion. What steps do you take to achieve a sample that “looks like” the target population? What demographic quota controls, if any, do you recommend?

14. What information do you need about a project in order to provide an estimate of feasibility? What, if anything, do you do to give upper or lower boundaries around these estimates?

15. What do you do if the project proves impossible for you to complete in field? Do you inform the sample buyer as to who you would use to complete the project? In such circumstances, how do you maintain and certify third party sources/sub-contractors?

16. Do you employ a survey router or any yield management techniques? If yes, please describe how you go about allocating participants to surveys. How are potential participants asked to participate in a study? Please specify how this is done for each of the sources you offer.

17. Do you set limits on the amount of time a participant can be in the router before they qualify for a survey?

18. What information about a project is given to potential participants before they choose whether to take the survey or not? How does this differ by the sources you offer?

19. Do you allow participants to choose a survey from a selection of available surveys? If so, what are they told about each survey that helps them to make that choice?

20. What ability do you have to increase (or decrease) incentives being offered to potential participants (or sub-groups of participants) during the course of a survey? If so, can this be flagged at the participant level in the dataset?

21. Do you measure participant satisfaction at the individual project level? If so, can you provide normative data for similar projects (by length, by type, by subject, by target group)?

22. Do you provide a debrief report about a project after it has completed? If yes, can you provide an example?

Data Quality and Validation

23. How often can the same individual participate in a survey? How does this vary across your sample sources? What is the mean and maximum amount of time a person may have already been taking surveys before they entered this survey? How do you manage this?

24. What data do you maintain on individual participants such as recent participation history, date(s) of entry, source/channel, etc? Are you able to supply buyers with a project analysis of such individual level data? Are you able to append such data points to your participant records?

25. Please describe your procedures for confirmation of participant identity at the project level. Please describe these procedures as they are implemented at the point of entry to a survey or router.

Policies and Compliance

31. How can participants provide, manage and revise consent for the processing of their personal data? What support channels do you provide for participants? In your response, please address the sample sources you wholly own, as well as those owned by other parties to whom you provide access.

32. How do you track and comply with other applicable laws and regulations, such as those that might impact the incentives paid to participants?

33. What is your approach to collecting and processing the personal data of children and young people? Do you adhere to standards and guidelines provided by ESOMAR or GRBN member associations? How do you comply with applicable data protection laws and regulations?

34. Do you implement “data protection by design” (sometimes referred to as “privacy by design”) in your systems and processes? If so, please describe how.

35. What are the key elements of your information security compliance program? Please specify the framework(s) or auditing procedure(s) you comply with or certify to. Does your program include an asset-based risk assessment and internal audit process?

36. Do you certify to or comply with a quality framework such as ISO 20252?

Metrics

37. Which of the following are you able to provide to buyers, in aggregate and by country and source? Please include a link or attach a file of a sample report for each of the metrics you use.