Sådan sikrer du sikkerheds- og privatlivspolitik med en udbyder af lokalisering til websteder

Traditionelle oversættelsesudbydere kæmper virkelig med at lokalisere komplekse hjemmesider.  Kan du betro dem dine kunders private data?

Reagan Evans's avatar
Reagan Evans

September 18, 2019

4 MIN. LÆSNING

In today’s ultra-competitive and fast-paced world of online business, companies must be absolutely certain that their digital customer experience is secure and protects the privacy of its customers.

This is doubly true for companies that serve international markets with localized websites.

Most companies entrust the localization of their online experiences to translation vendors-many of which struggle to efficiently localize highly complex websites. This means it's vital that companies vet these third parties to determine they have the technical expertise to offer a secure, translated UX to international customers.

Here are several security best practices to keep in mind as you review the capabilities of your current, or prospective, digital translation partner.

Viewing and Storing Personal Data

Ideal vendors take exhaustive steps to identify and mitigate security risks, implement best practices and continually evaluate ways to improve their processes. This especially includes the use of website translation services that does not store website users’ personal information. Names, addresses and numbers should be automatically ignored by the technology.

In addition to automatic settings that ignore much of this private content, some solutions leverage special "directive tags" that provide even more security. These tags can be applied to code within a website that should be ignored and left untranslated. Any content enclosed within these tags pass through the vendor's system completely unrecognized and untranslated.

Security-conscious partners also support industry-recommended secure encryption protocols for transmitting your data—such as using your site’s SSL connection throughout the process of receiving, translating, converting and delivering content.

Fluency in Security Protocols

Ask vendors to prove that their security program provides flexible and comprehensive security controls to meet stringent industry requirements.

For instance, reputable vendors complete annual security assessments conducted by independent PCI SSC Qualified Security Assessors. They vendor should also demonstrate ongoing practices that comply with PCI DSS.

When relevant, they should complete regular independent assessments to ensure they comply with HIPAA Privacy and Security rules, too. Det inkluderer revisioner for at demonstrere overensstemmelse med HIPAA. Look to see if they're listed on the Visa Global Registry of Service Providers, too.

Ultimately, the vendor should implement a security program that support customers in a variety of industries. In addition to PCI DSS and HIPAA, these industries often abide by security standards such as ISO 27001, HITRUST (Health Information Trust Alliance), ITIL and others. All demand the protection of confidential and proprietary customer data.

Your localization provider should be fluent in international regulations, too. For instance, the company should be well-versed in the implications of recent GDPR legislation. And it should be certified in Privacy Shield frameworks, which provide a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the U.S.

Secure Hosting Solutions

Leading vendors often provide hosting for their website translation services, which includes the content of your localized site. Their hosting infrastructures should also provide best-of-breed security, scalability and redundancy. Ask if their solutions are hosted in physically secure, geographically diverse data centers. Great vendors also use real-time network monitoring and system defense.

Hosted solutions should use data centers that are always staffed by security teams, with access restricted to authorized personnel, enforced with multi-factor authentication and controls.

Those facilities should also be rated at N+ redundancy, in compliance with industry standards, maintaining robust resilience plans for all computing environments.

Vet the Vendor’s Vendors

You'll also want to investigate how the translation vendor engages third parties to provide or support certain components of its hosting services. Security-savvy vendors choose partners that demonstrate maturity in effectively managing complex network hosting and application infrastructures.

These partners must also support stringent service level agreements and security controls that satisfy industry standards and third-party validation.

Look for solutions that recognize SSAE 16, PCI DSS, and/or ISO 27001 compliance as standards that best demonstrate a provider’s effectiveness in managing complex hosting and application services.

Secure Development Practices

It's not enough to use vendors that have secure solutions and robust hosting infrastructures. They should also have an on-site environment and programming practices that are supported by skilled, security-savvy professionals who are trained to protect critical business assets.

Leading approaches follow Center for Internet Security system hardening guidelines, and routinely train employees about attack methods, and how to avoid them.

Ask if the vendor integrates security into their training and HR practices. Det inkluderer screening af personale og pågående uddannelse i, hvordan man beskytter dataaktiver. Training should include topics such as:

  • Fysisk sikkerhed
  • Beskyttelse af data
  • Rapportering af hændelser
  • Computersikkerhed

They should also maintain robust operating environments with complementing layers of controls. Look for solutions that:

  • Honor industry recommended practices
  • Conduct routine updates and management of access to systems
  • Continually test systems to identify potential weakness
  • Routinely train employees about attack methods, and how to avoid them

Konklusion

Data security and privacy are top priorities for your customers worldwide, as they should also be for your company—and your localization provider.

Leverage a translation approach that relies on safeguards aligned with various industry best practices and compliance mandates, and only use solutions that are supported by skilled professionals dedicated to protecting your critical business assets.

Senest opdateret d. 18. september 2019
Reagan Evans's avatar

About Reagan Evans

Reagan Evans is MotionPoint's SVP of Sales. He has a strong background in sales and data management and has nearly 10 years of executive level experience in the field. He uses his expertise in global sales, new business development, sales production, and data organization to drive MotionPoint's market expansion and new client acquisition. Evans leverages MotionPoint's industry-leading technology to drive sales and ensure higher customer satisfaction.

Reagan Evans's avatar
Reagan Evans

SVP, Head of Sales

4 MIN. LÆSNING