The Age of Digitalisation – how we as a Localization Service Provider came upon the ISO/IEC 27001:2013 Standard

Process Standard for Information technology – Security procedures – Information security management systems: ISO/IEC 27001:2013.

Handling and ensuring data security can lead to conflicts at many levels of a company. As a service provider for multilingual content and strategies, we believe that it is essential to send a clear signal and communicate our commitment to data security clearly. Receiving our certification according to the ISO/IEC 27001:2013 was imperative to us in reaching this goal.

In our company, we process customer data with varying degrees of confidentiality on a daily basis, including text, audio, video files. We do so using a wide range of tools such as translation management systems, machine translation solutions, text-to-speech applications, and many more. In this context, an enormous amounts of data needs to be transferred securely.

Our path towards a certified Information Security management System (ISMS) started out with the following goal in mind: “We want to ensure the security of customer, employee and company data at all levels of our organisation”. As a supplier of translation and localization solutions, this meant taking an effective and sustainable approach in order to meet diverse requirements we face. It was vital for us to find a scrupulous, well thought out and, at the same time, economically sensible procedure.

Back as early as 2003 we developed our first quality management system, based on the predecessors of the DIN EN 9001:2015 (by which we are certified up to this day), before additional standards followed in the years thereafter (ISO 17100 und ISO 18587). So it soon became clear to us: when it comes to information security, we also want to strive for certification and an accordingly suitable certification model. In March 2020, after an intensive preparatory phase, we successfully obtained certification for the “Information technology – Security techniques – Information security management systems: ISO/IEC 27001:2013” standard.

How does the information security management affect our daily routines at work?

„Ensuring the integrity, availability and security of information processing within our company is of the highest priority” – this is the guiding principle by which we as a company abide. After successfully completing the latest audit, we can now confirm that we have an effective and comprehensible management system in place to handle potential threats and risks in the IT environment. And, in doing so, we adhere to all the recognised standards.

Implementing such an all-encompassing system was only possible thanks to the help of our dedicated team. In this regard, Madelein, our Information Security Officer deserves a special mention, as she was indispensable in achieving this goal. She now supports and supervises the following measures:

  • Regularly implementing preventive measures
  • Risk assessments
  • Internal audits
  • Incident- and Change-Management
  • Documentation and support of onboarding and offboarding of employees

In regular meetings together with the management and the other teams, tasks are discussed and initiated. We give great importance to training and the regular exchange of information throughout the whole team. Madelein receives support from the management, who make appropriate resources available and in doing so help to establish processes throughout the company.

How did we improve as a company through these procedures?

Existing and established processes were analysed and adapted under information security relevant aspects. This resulted in new, improved and accelerated working methods. The extensive documentation of the ISMS helped us to gain new perspectives on our business operations.

For us, protection against threats across all business areas was fundamental to a meaningful ISMS. Thanks to ISMS, we were able to better protect information security within our business activities, in customer projects and in the handling of customer data.

As Covid-19 measures reached the work place, we had our first taste of how resilient our system is: solutions for remote working had to be put in place practically overnight and are now used more frequently and intensively than before. And we are happy to say that all these processes could be implemented without any complications, not least because of our carefully drew up plans.

We are proud to have achieved our certification for the ISO/IEC 27001:2013. It serves as proof that we had a very good and stable foundation to start with, which helped us to efficiently integrate the requirements described in the ISMS standard. At the same time, it is also thanks to the special commitment shown by our IT Team over the course of this project, among them our Information Security Officer Madelein and our Chief Information Officer Stefan; that the project was implemented so quickly and successfully.

Interested in finding out more about our integration of ISO/IEC 27001:2013, our ISMS and the effect it has had on our processes and services? Then please contact us by telephone on +49 (0)221 92 59 86 0 or by email at tsd@tsd-int.com.