The encryption and security of these documents is paramount during the translation process when documents are leaving a client's secure network for translation by an in-country translation specialist.
This page provides an overview of one of the most secure systems in the translation industry, following years of heavy investment and testing by thebigword and penetration testing by third party organisations.
Servers are housed at two secure locations. All core servers are clustered and located at our Leeds Head Office server facility. This facility also houses the storage area network (SAN) and backup devices. Further servers, housed at our ISP's custom Data Centre, replicate the core server environment.
The Leeds office is protected by 24-hour manned security and the facility is fully alarmed and monitored by a third party.
The server facility at the Leeds Head Office is locked, with access controlled by our IT manager. Access to the server room is via a reinforced steel door. There is no other access to this room, and only authorised personnel have access. All access to this room is logged.
The server facilities at our ISP have been custom built to provide hosting for data and equipment, it incorporates all of the features of a modern data centre including extensive physical and electromagnetic security. Further secured by closed circuit television and external prowler protection, the centres are both manned 24 x 7 x 365 days a year.
Backups are taken off site daily by a third party data security and storage company. The tapes are stored in optimum conditions and are available for retrieval under strict service levels. Key data is also replicated off-site to servers at a data centre.
Access to thebigword network is controlled using domain and server specific security policies. All major hacking/exploit sites are monitored and all service packs and patches are implemented as available, without service interruption using clustering technology.
Hardware firewalls, as well as our internal security procedures and policies protect the internal network from unauthorised access from the Internet.
Our ISP monitors key servers, network equipment as well as bandwidth utilisation 24x7x365. This is in addition to our dedicated monitoring system which polls key hardware and services every 90 seconds. These measures will highlight unusual network activity along with the other specific security systems.
Each person has an individual login and password to gain access to the network. User accounts must comply with the rules specified in the domain security policy, which include rules on password complexity, length and frequency of change.
For confidential client data, a separate logical location on disk storage is used. Only the client account managers' logins have this location mapped to their account, and the location is protected with specific users having access to the directories.
Depending on the nature of the project, the files are cleared down after use using documented data retention policies.
We accept jobs from clients using a number of methods. Where confidential data is being sent, our TranzManager™Solutions are used. These consist of:
The details of these solutions and the differences between them are available on request or on our web site. Each solution uses 128 bit SSL security over HTTPS. Clients access the solutions using either a 'Client Code', username and password combination, or a unique access code (if using TranzManager™Content).
Files sent by any of the above methods are received by the same software. They are decrypted by the web server and stored on our network behind our firewall in a specific client directory structure governed by the security of the in house systems.
Files that are sent for external translation are sent using a method similar to TranzManager™Portal. The translator portal allows translators, using an access code and password, to pick up their files for translation and to return them once completed. Again, the translator communication is encrypted using 128 bit SSL.
Staff that gain access to client files are our internal staff at thebigword, and external in-country freelance translators. External access to files is achieved using the Translator Centre and is described above as is internal access to files by our staff and the security mechanisms surrounding our systems.
The staff themselves, however, must have the ability to view and change the files for analysis, file processing, translation, memory management etc.
All staff sign confidentiality agreements that govern their behaviour and access to the files. For internal staff, these agreements form part of the contract of employment. Staff also sign a detailed IT Acceptable Use Policy.
Translators collect the files, store them on their hard disks for the duration of the translation, then delete the files after use.
Where required, translators sign up to a specific client security schedule if required. This provides instructions on the deletion of files after use, as well as specific guidelines for anti virus and firewall software. Translators sign non-disclosure agreements with thebigword before they work on client data.
The security systems at thebigword have been developed over a number of years of working with highly confidential files for financial institutions, government departments, pharmaceutical companies and other global organisations. thebigword have managed the translation of such documents as:
- Internal equity research and share dealer instructions
- Patent applications
- Merger and acquisition legal and due diligence documentation
- Medical studies
- Prisoner and immigration correspondence
The confidentiality implications for the above document types are clearly vast. Security systems of thebigword have been penetration tested by third party security companies and pass to the highest levels.