Under Community Review

Feature to support document security in regulated environments

Dear SDL Trado,

I would like to submit an idea for your consideration. I work for an international organization in the judicial field and SDL is a very valuable tool for our daily activities. In fact our core business is heavily relying on translations and 50% of our workforce are translators.

There is a clear need for handling sensitive documents with encryption. Pdf and Office documents (doc, xls, ppt etc) are the most used format. Distribution of the documents may need to be done over unsafe media like internet or email.

We would like to propose adding decryption support in SDL where a translator can create a project starting with a encrypted document. When an encrypted file is submitted, SDL shall request a password for decrypting and proceed with the translation workflow. This will solve a major issue that highly regulated organizations are facing like government, military or others. The organization can circulate documents with password distributed over another media. This will help compliance with information security regulations and minimize the possibility of a security breach.

Thank you for your consideration. Please don't hesitate to contact me for more details on the concept.

Kind regards,

Kyriakos

Parents
  • Hi Kyriakos - we have approached this topic from another angle and have introduced "restricted projects" in our recent cloud offerings (Trados Team, Trados Enterprise) as well as our on premise products (GroupShare). In both these product generations, project managers can prevent file downloads, thus working with content online only. We have designed this with regulated industries in mind, so this could perhaps be an interesting flow to look at. For more information, see this page: https://docs.rws.com/791595/913718/trados-enterprise/restricted-and-unrestricted-projects. So in such projects, you would work with Online Editor instead of Studio, and content would never be downloadable to local machines. Thanks, Daniel

  • Dear Daniel,

    Thanks for you explanation and proposal. While this is indeed a good approach, unfortunately cloud solutions (especially most of them that are based on US company offerings) are rarely offering enough security controls for privacy. You may want to have a look at Schrems II judgement*. There is not sufficient legal basis for Europe to USA data transfers. As a result a European organization may strangle to meet GDPR requirements and introduce a cloud based solution.

    As a result, I would consider the feature of handling encrypted documents a useful feature (workflow: import and decrypt - process - prepare translation - export encrypted with the same password).

    Kind regards,

    Kyriakos

    *See iapp.org/.../

  • Hi Kyriakos, our cloud is based in Frankfurt and is GDPR-compliant, so those concerns would not apply here. We have a security white paper which goes into more detail - https://www.rws.com/localization/language-cloud/resources/security-white-paper/. But I can also see your use case - it's more a question around what is available now vs. potentially at some point in future. Thanks, Daniel

Comment Children
No Data