ISO 19731:2017

INTERNATIONAL ISO
STANDARD 19731
First edition
2017-06
Digital analytics and web analyses
for purposes of market, opinion and
social research — Vocabulary and
service requirements
Analytique numérique et analyses web pour les besoins d’études de
marché, études sociales et d’opinion — Vocabulaire et exigences de
service
Reference number
ISO 19731:2017(E)
©
ISO 2017

---------------------- Page: 1 ----------------------
ISO 19731:2017(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 19731:2017(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Research project management requirements . 6
4.1 Organization and responsibilities . 6
4.1.1 Management of the research process . 6
4.1.2 Project management responsibilities . 6
4.1.3 Appointment of a research quality manager . 7
4.2 Confidentiality of information . 7
4.3 Documentation requirements. 7
4.3.1 General. 7
4.3.2 Control of documents (other than project-related documents) . 7
4.3.3 Control of research project documents . 7
4.3.4 Control of records . 7
4.4 Competence and training . 7
4.5 Subcontracting/outsourcing . 8
4.6 Reviewing the effectiveness of the research process requirements . 8
4.6.1 Project management review . 8
4.6.2 Problems and complaints management . 9
4.6.3 Internal audits . 9
5 Proposals and tenders . 9
5.1 Proposals and tenders from service provider to clients . 9
5.2 Other aspects to be established by service providers .10
5.2.1 General.10
5.2.2 Data cleaning and editing .10
5.2.3 Sentiment and/or text analysis .11
5.2.4 Website usage and measurement analytics .11
6 Execution of the project .12
6.1 General .12
6.2 Digital analytics and web analysis data collection .12
6.2.1 Data collection methodology.12
6.2.2 Validation of data collection process .12
6.2.3 Participant safeguards .13
6.2.4 Weighting .13
6.3 Protection of individuals .13
6.4 Device monitoring .13
6.5 Reporting .14
6.6 Data retention .15
6.7 Data security .15
6.8 Ownership and publication of results .15
Bibliography .17
© ISO 2017 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 19731:2017(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: w w w . i s o .org/ iso/ foreword .html
This document was prepared by ISO/TC 225, Market opinion and social research.
iv © ISO 2017 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 19731:2017(E)

Introduction
Analyses of digital behaviour and online digital statements by persons and companies have rapidly
increased in importance. Examples are the measurement of the behaviour of website visitors, the
measurement of behaviour by means of cookies, and the registration and measurement of statements
and sentiments of users of social media.
This document provides insight into the working methods of service providers in the fields of digital
analytics and web analyses research and, in this way, provides clients with transparency regarding the
services they offer. This document is intended to supplement and be used in conjunction with ISO 20252.
Digital analytics and web analyses for the purpose of market, opinion and social research can be
separated from the equivalent analyses carried out for non-research purposes. In both cases, the
protection of privacy of the persons analysed is regulated by legal provisions that apply to the particular
project and, furthermore, by the relevant professional codes of conduct and other ethical guidelines.
© ISO 2017 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 19731:2017(E)
Digital analytics and web analyses for purposes of market,
opinion and social research — Vocabulary and service
requirements
1 Scope
This document specifies the terms and definitions, as well as the service requirements, for organizations
and professionals that conduct digital analytics and web analyses for collecting, analysing and reporting
of digital data for purposes of market, opinion and social research by various methods and techniques.
It provides the criteria against which the quality of such services can be assessed and evaluated.
This document applies to digital analytics and web analyses conducted by service providers on their
own initiative, commissioned by clients or conducted by clients themselves.
This document applies to digital and web analysis research activities such as:
— understanding the usage of websites via the use of cookies, page impressions and other means,
navigation across sites, time spent by visitors and their actions;
— online metered panels, e.g. on-going measurement of web visitation via meters installed on
panellists’ desktop, mobile or tablet devices;
— tag-based solutions to measure online usage at universe level, which can be integrated with metered
panel data to provide a hybrid measurement;
— social media analytics which collect, aggregate and analyse online comments, and user-generated
content such as blogs, forums and comments on news sites or other sites.
NOTE Universe can also be known as population.
This document can be construed to cover all forms of digital data collection including from desktop
computers, tablets, mobile devices and over the top (OTT) devices as well as internet of things (IoT)
devices where applicable.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 20252, Market, opinion and social research — Vocabulary and service requirement
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 20252 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
ad impression
display of an advertisement on a device
© ISO 2017 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 19731:2017(E)

3.2
algorithm
process or set of rules to be followed in calculations or other problem solving operations
3.3
anonymization
process of removing, obscuring, aggregating, or altering identifiers with the aim of preventing the
identification of individuals to whom data originally related
3.4
application programming interface
API
set of definitions on the basis of which a computer programme can communicate with another
programme or component, and which can also support access/data exchange internally or externally
3.5
audit
systematic, independent and documented process for obtaining evidence and evaluating it objectively
to determine the extent to which audit criteria (3.6) are fulfilled
[SOURCE: ISO 20252:2012, 2.5]
3.6
audit criteria
set of policies, procedures or requirements used as a reference
[SOURCE: ISO 20252:2012, 2.6]
3.7
bot
autonomous software that operates as an agent for a user or a program or simulates a human activity
3.8
client
individual, organization, department or division, internal or external, that requests or commissions a
research project
[SOURCE: ISO 20252:2012, 2.10]
3.9
code
numeric or alpha character or combination of characters associated with each response category
[SOURCE: ISO 20252:2012, 2.11]
3.10
code frame
list of categories with associated codes (3.9) for classifying observations or statements
[SOURCE: ISO 20252:2012, 2.12, modified]
3.11
consent
freely given agreement based on adequate information obtained prior to the collection of participant
(3.27) data
Note 1 to entry: When conducting research with children, additional consent requirements apply, e.g. permission
from a responsible adult.
2 © ISO 2017 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 19731:2017(E)

3.12
cookie
small piece of information (i.e. programme code) that is stored on a browser for the purpose of
identifying that browser during audience activity and between visits or sessions
3.13
dashboard
software application with which a number of mini-applications can be reviewed or managed and
reported
EXAMPLE Offer data exports, allow API access.
3.14
data collection
process for gathering information by different means
Note 1 to entry: This includes activities such as web monitoring.
3.15
device ID
distinctive number or code (3.9) associated with a specific digital device which can be personally
identifiable
Note 1 to entry: Such devices can have multiple device IDs, each used for different purposes, for example to enable
services such as WiFi or Bluetooth, or to uniquely identify specific devices operating on a mobile carrier network.
3.16
digital analytics
analysing and reporting of electronic data for the purpose of measuring and understanding humans
and their behaviour
3.17
digital fingerprint
technology that deploys algorithms (3.2) that analyse a large number of technical characteristics
and settings on devices to generate unique identifiers that can identify a specific computing device
producing a machine ID, and which can be personally identifiable
Note 1 to entry: This ID can change over time depending on actions taken on the device.
Note 2 to entry: Also known as device, machine, or browser fingerprint.
3.18
dongle
small piece of hardware, often a USB device, that can be connected to other electronic equipment, to
enable additional services such as access to the internet
3.19
incentive
gift, payment, or other considerations offered to potential participants (3.27) to increase cooperation
[SOURCE: ISO 20252:2012, 2.31]
3.20
internal audit
periodic checks carried out by a company’s own trained employees as to whether projects within the
company have been carried out in accordance with the described procedures
3.21
internet of things
IoT
infrastructure of interconnected objects, people, systems, and information resources together with
intelligent services to allow them to process information of the physical and the virtual world and react
© ISO 2017 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 19731:2017(E)

3.22
machine learning
technology of getting computers to act without being explicitly programmed
EXAMPLE Speech recognition, effective web search.
3.23
malware
variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses,
ransomware, spyware, adware, scareware and other malicious programs
3.24
mobile device
portable electronic device which can collect data that can be uploaded to a third party either
immediately or upon syncing with appropriate software
Note 1 to entry: Mobile devices might include smartphones, smart watches, fitness or health tracking devices,
tablets, and geo-location devices.
3.25
nearfield communication
NFC
short-range wireless technology that enables communication between devices over a short distance
3.26
over the top
OTT
digital services delivered over the internet rather than via a service provider’s own dedicated, managed
internet protocol television (IPTV) network
Note 1 to entry: Examples of digital services include Amazon Fire, Apple TV, Chromecast, Roku, Netflix or
1)
Slingbox .
3.27
participant
person from whom or about whom data are collected
3.28
quality manager
person who is responsible for the formulation of quality requirements within an organization and for
the procedures and measurements aimed at the implementation of quality controls
3.29
robot instruction file
file that defines how a search engine should interact with the pages and files of a web site and is often
used to define where automated systems are not allowed to go
3.30
sample
subset of the target population (3.36) from which data are to be collected
[SOURCE: ISO 20252:2012, 2.58]
3.31
sentiment
mood associated with, for example, a sound, image, or statement, usually on a continuum from positive
to neutral to negative
1) This information is given for the convenience of users of this document and does not constitute an
endorsement by ISO of these products.
4 © ISO 2017 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 19731:2017(E)

3.32
service provider
organization that conducts research projects or parts of research projects in market, opinion and social
research
[SOURCE: ISO 20252:2012, 2.55, modified]
3.33
social media
online technologies and practices that people use to share opinions, insights, experiences and
perspectives with each other, transforming traditional one-to-many interactions into many-to-many
interactions
[SOURCE: ISO 20252:2012, 2.63]
3.34
spyware
devices or software that capture a participant’s (3.27) behaviour without obtaining consent (3.11)
3.35
subcontracting
outsourcing
passing responsibility for executing an element of the project to a third-party service provider
[SOURCE: ISO 20252:2012, 2.64, modified]
3.36
target population
population of interest in the research project to which inferences are to be made
[SOURCE: ISO 20252:2012, 2.66]
3.37
text analysis
method used to describe the characteristics of a message
Note 1 to entry: This may also be referred to as content analysis.
3.38
unique visitor
unique user
inferred measure that signifies a distinct, unduplicated, individual requesting page from the website
during a given period, regardless of how often they visit
3.39
validation
process of using objective evidence to confirm that the requirements which define an intended use,
application or outcome have been met
Note 1 to entry: Validation can be carried out under realistic use conditions or within a simulated use
environment.
3.40
web analysis
analysing and reporting of behaviour, statements and sentiments (3.31) from users/participants (3.27)
of online platforms
© ISO 2017 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 19731:2017(E)

3.41
web beacon
pixel tracker
web bug
piece of code (3.9), often a 1 × 1 pixel, on a website used to track website activity
Note 1 to entry: This differs from beacon, which is a low-powered transmitter which notifies nearby devices of
its presence, and can be used to trigger an action.
3.42
weighting
calculation process in which different units or subgroups are recalculated by assigning numerical
values, as necessary, to correct and/or improve the representativeness of sample (3.30) estimates
[SOURCE: ISO 20252:2012, 2.69]
4 Research project management requirements
4.1 Organization and responsibilities
4.1.1 Management of the research process
Service providers in the field of digital analytics and web analyses shall use for research projects a
research process which covers all the requirements of this document.
The research process shall be documented. It can differ from one organization to another due to the
following:
— the size of the organization and type of research activities;
— complexity of and risks associated with research projects and their interactions;
— the competence of personnel.
Procedures, instructions and methods required for completing the different tasks in accordance with
the requirements of this document shall be documented, implemented, monitored, maintained and
auditable.
Documents may address the requirements for one or more procedures. A requirement for a documented
procedure may be covered by more than one document. The documentation can be in any form or type
of media.
4.1.2 Project management responsibilities
The service provider, as part of its project management, shall take responsibility for:
— committing to quality of client service (including a statement of quality policy) appropriate to the
purpose of research projects;
— documenting the organizational structure of the service provider, including the responsibilities of
the people involved in the delivery of research services;
— reviewing and improving the research project;
— ensuring the provision of adequate and appropriate resources and information for the process,
including the appointment of a research quality manager;
— ensuring that everyone involved in the provision of the research service is familiar with the
applicable national and international ethical and professional codes, requirements of relevant
legislation and documented procedures and methods which specifically affect their work.
6 © ISO 2017 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 19731:2017(E)

4.1.3 Appointment of a research quality manager
A research quality manager shall be appointed who has enough authority to be responsible for the
administration of the whole research process management and who is responsible for organizing
internal audits in order to ensure that this document is applied.
NOTE In some circumstances, the research quality manager can be a part-time role, and in other
circumstances, it can be more effective to appoint more than one research quality manager (i.e. share the role).
4.2 Confidentiality of information
All information supplied to the service provider by the client in order to conduct a research project
shall be treated in the strictest confidence. It shall only be used in this context and shall not be made
available to third parties without the client’s authorization. Confidential information shall be stored
securely. See also 6.7.
The research findings relating to a specific client that are obtained by a service provider shall not be
used for other clients without authorization of the original client and shall be treated in the strictest
confidence.
Participants’ data, as well as their identity, shall be treated in the strictest confidence. All assurances
given to participants, either directly or indirectly, shall be fulfilled.
EXAMPLE Assurances made by social media suppliers to their users.
4.3 Documentation requirements
4.3.1 General
Research records and documents (which can be paper based and/or electronic) shall be established
and maintained to provide evidence of traceability. Service providers shall specify to what extent a
research project deals with specific privacy legislation.
All electronic files shall be checked for malware by up-to-date malware detection software.
4.3.2 Control of documents (other than project-related documents)
Documents required as part of the research process shall be controlled. Documents shall be subject to a
version control procedure that allows the current version to be clearly identified.
4.3.3 Control of research project documents
Each research project shall have a project file (which can be in electronic format) that contains or
references the location of a project specification showing the basic requirements of the project.
In addition to the requirements of 4.3.2 and unique project identification, documents shall be uniquely
identified to allow traceability and to ensure they can be located.
4.3.4 Control of records
Records established to provide evidence of conformity to this document and project requirements shall
be kept secure from unauthorized access, useable and retained for defined periods (e.g. back-up).
4.4 Competence and training
The service provider shall:
— detail and document the required skills and competencies for each position in the research process;
© ISO 2017 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO 19731:2017(E)

— provide appropriate training, including easy access to suitable training materials, for all personnel
involved in the collection and processing of research data;
— ensure that the training adequately covers all technological, ethical and legal considerations for the
processing and collecting of personal data;
— ensure that all staff and subcontractors involved in the processing and collecting of personal data
are subject to appropriate management supervision.
4.5 Subcontracting/outsourcing
The service provider shall remain entirely responsible for all services carried out in connection with
a research project, including any part of the work relating to this document which is subcontracted
and/or outsourced, except where the choice of the subcontractor is beyond the control of the service
provider.
The service provider shall define procedures to select subcontractors in the field of research, establish
contractual relations and control the quality of the service provided.
The service provider shall ensure that subcontractors understand the requirements of this document
in relation to the processes subcontracted to them by providing a written specification of such
requirements.
NOTE The level of detail of the specification considered appropriate can depend on whether the
subcontractor has carried out similar work before for the service provider, and whether or not the subcontractor
is able to provide evidence of conformity to this document, where necessary.
The service provider shall obtain confirmation from the subcontractor that research-related work is
undertaken in conformi
...