In today’s ultra-competitive and fast-paced world of online business, companies must be absolutely certain that their digital customer experience is secure and protects the privacy of its customers.
This is doubly true for companies that serve international markets with localized websites.
Most companies entrust the localization of their online experiences to translation vendors-many of which struggle to efficiently localize highly complex websites. This means it's vital that companies vet these third parties to determine they have the technical expertise to offer a secure, translated UX to international customers.
Here are several security best practices to keep in mind as you review the capabilities of your current, or prospective, digital translation partner.
Viewing and Storing Personal Data
Ideal vendors take exhaustive steps to identify and mitigate security risks, implement best practices and continually evaluate ways to improve their processes. This especially includes the use of website translation services that does not store website users’ personal information. Names, addresses and numbers should be automatically ignored by the technology.
In addition to automatic settings that ignore much of this private content, some solutions leverage special "directive tags" that provide even more security. These tags can be applied to code within a website that should be ignored and left untranslated. Any content enclosed within these tags pass through the vendor's system completely unrecognized and untranslated.
Security-conscious partners also support industry-recommended secure encryption protocols for transmitting your data—such as using your site’s SSL connection throughout the process of receiving, translating, converting and delivering content.
Fluency in Security Protocols
Ask vendors to prove that their security program provides flexible and comprehensive security controls to meet stringent industry requirements.
For instance, reputable vendors complete annual security assessments conducted by independent PCI SSC Qualified Security Assessors. They vendor should also demonstrate ongoing practices that comply with PCI DSS.
When relevant, they should complete regular independent assessments to ensure they comply with HIPAA Privacy and Security rules, too. Ceci comprend des audits pour montrer notre respect de l'HIPAA. Look to see if they're listed on the Visa Global Registry of Service Providers, too.
Ultimately, the vendor should implement a security program that support customers in a variety of industries. In addition to PCI DSS and HIPAA, these industries often abide by security standards such as ISO 27001, HITRUST (Health Information Trust Alliance), ITIL and others. All demand the protection of confidential and proprietary customer data.
Your localization provider should be fluent in international regulations, too. For instance, the company should be well-versed in the implications of recent GDPR legislation. And it should be certified in Privacy Shield frameworks, which provide a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the U.S.
Secure Hosting Solutions
Leading vendors often provide hosting for their website translation services, which includes the content of your localized site. Their hosting infrastructures should also provide best-of-breed security, scalability and redundancy. Ask if their solutions are hosted in physically secure, geographically diverse data centers. Great vendors also use real-time network monitoring and system defense.
Hosted solutions should use data centers that are always staffed by security teams, with access restricted to authorized personnel, enforced with multi-factor authentication and controls.
Those facilities should also be rated at N+ redundancy, in compliance with industry standards, maintaining robust resilience plans for all computing environments.
Vet the Vendor’s Vendors
You'll also want to investigate how the translation vendor engages third parties to provide or support certain components of its hosting services. Security-savvy vendors choose partners that demonstrate maturity in effectively managing complex network hosting and application infrastructures.
These partners must also support stringent service level agreements and security controls that satisfy industry standards and third-party validation.
Look for solutions that recognize SSAE 16, PCI DSS, and/or ISO 27001 compliance as standards that best demonstrate a provider’s effectiveness in managing complex hosting and application services.
Secure Development Practices
It's not enough to use vendors that have secure solutions and robust hosting infrastructures. They should also have an on-site environment and programming practices that are supported by skilled, security-savvy professionals who are trained to protect critical business assets.
Leading approaches follow Center for Internet Security system hardening guidelines, and routinely train employees about attack methods, and how to avoid them.
Ask if the vendor integrates security into their training and HR practices. Ceci comprend la sélection du personnel et la formation continue sur la façon de protéger les actifs d'information. Training should include topics such as:
- Sécurité physique
- Confidentialité des données
- Rapport d'incident
- Sécurité des stations de travail
They should also maintain robust operating environments with complementing layers of controls. Look for solutions that:
- Honor industry recommended practices
- Conduct routine updates and management of access to systems
- Continually test systems to identify potential weakness
- Routinely train employees about attack methods, and how to avoid them
Conclusion
Data security and privacy are top priorities for your customers worldwide, as they should also be for your company—and your localization provider.
Leverage a translation approach that relies on safeguards aligned with various industry best practices and compliance mandates, and only use solutions that are supported by skilled professionals dedicated to protecting your critical business assets.
Dernière modification : 18 septembre 2019