Translation Service Providers (TSPs) routinely handle their clients’ data in day-to-day business operations.
Protecting that information while it’s in your custody is essential to remain compliant with local legislation, contractual arrangements and to maintain the reputation of your business.
ISO 27001 is the internationally recognised standard for an Information Security Management System (ISMS), any while it is not specifically designed for translation companies, you can implement the requirements and achieve impartial certification as a means of managing risks
ATC Certification provides impartial third-party auditing and certification of your ISMS.
In this blog we discuss how the unique needs of translation companies can be addressed through ISO 27001.
Risk Based Approach to InfoSec
ISO 27001 is a risk-based standard that follows ISO’s recognised Annex L (SL) structure. This means other ISO Management System standards can be integrated together.
One of the core requirements of ISO 27001 is to assess the risks to your information and determine treatment plans to manage those risks.
Unlike other ISO standards, ISO 27001 provides an annex of 114 Controls which can be used to mitigate the risks you identity.
During a certification audit, our auditors will assess your risk assessment methodology against the requirements of the standard and consider the effectiveness of the controls you have implemented.
Translation Service Providers often use a variety of technologies and tools in their work including translation management systems (TMS), Project Management Systems and Machine Translation tools.
Many of these are now cloud-based introducing new risks and opportunities to be managed, for example through access control and data residency requirements.
The risks to data stored and processed on your systems will play a key role in your ISMS and will be audited as part of the Certification process to test the effectiveness of your mitigating controls.
Note: If you use Machine Translation, take a look at the quality standard for Post-Editing of Machine Translation Output – ISO 18587.
Freelancers & Contractors
It’s common practice to use the resources of freelance and contract translators in the industry, and while the quality and competence of translations is addressed in standards such as ISO 17100, information security threats from human resources are explicitly called out within ISO 27001.
Risks can be mitigated using the controls provided within the standard’s Annex A, which includes appropriate security screening of staff, terms & conditions of employment and InfoSec Training.
During an audit, we would look for objective evidence that these risks are being managed, which might include sampling induction records or leaver-checklists, for example.
The scope of ISO 27001 is ‘information’ security, not just that which is held in I.T systems, and therefore it includes controls to address physical security risks.
While some translation companies have offices to which this applies, many now use teams of globally distributed translators working from their own homes or working spaces.
This is not necessarily a barrier to implementing an ISMS or achieving Certification, providing you can evidence that the physical security risks applicable to your information assets are being managed.
This may include establishing policies that can be applied to a global workforce, with supporting spot-checks.
This way of working also allows us to provide remote audits for ISO 27001, providing the scope of your system can be fully evidenced without an on-site visit.
Translation buyers come from a variety of domains including Government, Public Sector, Legal, Healthcare and Advertising.
But regardless of the domains you work in, all customers will have a basic expectation that the confidentiality, integrity and availability of their data should be safe in your hands.
In a business language services market, operating to international standards such as ISO 27001 can set you apart from your competitors.
Taking the additional step of an impartial audit from ATC Certification demonstrates your commitment to continual improvement.
ATC Certification is a specialist ISO Certification Body for the Language Services industry.
Using our knowledge of the translation industry, we have developed certification schemes to provide a comprehensive, impartial and objective audit process against ISO 27001 and other international standards.
As our team has an in-depth knowledge of how translation service providers operate, in most cases (and subject to your scope) we are able to provide remote audits.
Contact Us to find out more about.
Book an Initial Call & Quote
As part of the Certification process at ATC Certification, we provide a free initial call with an auditor to answer any questions you might have about the process and capture information about the scope of your Information Security Management System in order to provide you with a tailored quote.
Our auditors remain impartial, so they can not advise you HOW to implement the standard but, when you are ready, the two stage audit process will identify any weaknesses in your ISMS and help you drive continual improvement.