Be honest: Is your company Fort Knox when it comes to security against external attacks? Or might there be a hole in your defences somewhere?
We are increasingly reading or hearing of threats such as those posed by the recently discovered log4j vulnerability or cyber attacks on companies where their data is completely locked and only released in exchange for an exorbitant ransom in the form of bitcoins. This is just one of the threats in the IT environment that companies are exposed to today – and it’s not just global players, but also SMEs and even public authorities.
This article shines a light on why you should keep IT security in mind when you are choosing your language service provider.
Working with personal, confidential or classified information comes with stringent requirements for the technical, procedural and organisational capabilities of an organisation.
The trust that customers and partners place in a company and their expectations in terms of confidentiality, availability and integrity of transmitted data can only be fully met with extensive expertise and a high level of commitment.
Language service providers in particular are granted access to a wide variety of documents that are sometimes highly sensitive, including technical documentation about devices or software that are not yet available on the market, or marketing materials that are embargoed until launch day or even internal e-mails that should not be made public.
Ensuring that this information is sufficiently protected from the moment of file exchange right up to delivery of the translations requires a range of technical and organisational measures – measures that must be not merely set up, but rather embodied in all company processes and at all company levels.
What is an ISMS?
An Information Security Management System (ISMS for short) is the name given to the set of procedures and rules within an organisation that serves to permanently define, control, monitor, maintain and continually improve information security.
The introduction of an ISMS protects sensitive data using intensive security measures, increases the level of protection and availability of internal IT systems and, as a consequence of the in-depth analysis and documentation, leads to an increase in the transparency of business processes.
An ISMS affects every part of a business and evolves to its full effectiveness through technical, organisational and training measures as well as a process of continual improvement.
Why information security is important for the translation industry
As a translation service provider, STAR Deutschland is closely interconnected with its customers, because large amounts of sensitive files are exchanged daily. To facilitate an automatic and smooth translation process, there is often also a level of integration into the customer’s systems or direct interfaces with the customer’s network. The spectrum of files involved ranges from “harmless” to “strictly confidential”.
Both we, as a globally active service provider, and our customers occupy an exposed position and can never completely rule out the possibility of a cyber attack. This is precisely why information security and data security are so important.
What is ISO/IEC 27001?
The ISO 27001 standard defines framework conditions for the introduction, implementation and continuous further development of a functional Information Security Management System (ISMS) within a company.
Tailored to each industry, it puts to the test how all data can be protected and how the availability of the IT systems can be safeguarded.
Within the framework of the audit, those responsible must, for example, demonstrate how access control is organised or how the company’s ability to operate and communicate can be guaranteed.
Why was it important for STAR to introduce an ISMS and become certified?
The decision to pursue ISO 27001 certification and bind STAR to their international “gold standard” for information security was an easy one for management.
Ultimately, the procedure ensures that information security and data security are constantly being monitored, therefore offering protection against potentially existential risks. In extreme cases, the scenarios associated with the use of IT systems include threats to erase or misuse data, or even a hacker attack that can in extreme cases endanger the economic success of both the company and its clients.
What’s more, certification plays an increasingly important part the supplier selection process for many customers.
Our ISO 27001 certification was a logical conclusion to the process of establishing security standards that had been in place for years, officially verifying our previous efforts and showing our customers that information security is a top priority in our company. The technical and organisational measures that have long been established and practised in our processes have been checked in detail in May 2021 by an independent auditor and the underlying ISMS has been successfully certified in accordance with ISO 27001.
What does this mean for our customers?
State-of-the-art IT infrastructure and regular awareness training about information security guarantee that customer data is always adequately protected from the moment it is shared right through to the delivery of the translations.
When working with customers we now differentiate between different levels of criticality and protection requirements for the data that we process. For documents that contain personal data, as well as those that contain other sensitive or confidential information, we ask that this is brought to our project manager’s attention when the files are first sent over. We then immediately assign such files the corresponding protection level, which determines the protective measures needed for subsequent processing. As an example, this may mean that certain encryption methods are used for the file exchange, or that the number of people who can access the file is strictly controlled, or even that the translation is completed within an encapsulated secure IT environment where only the translator and the project manager can access it. We have many options available to us for protecting your files – and we would happily discuss these with you in more detail.
Our ISMS – one less thing for our customers to worry about.
Our certificate can be downloaded in PDF format here.
Download ISMS Zertifikat
More information about our quality management system
Quality & Security