Freelance translator security practices   

Use the following list for reference, and to indicate which security practices you offer. (The practices listed have been derived from data entered by translators in SecurePRO cards in free text form.) Discuss these practices in the forum.

Handling and ownership of content/files   (16 practices)

  • Safeguarding of content: I take care to prevent confidential project files and content from being accessed by unauthorized parties.

    This is one of the fundamental security practices: files received from clients, or content to be translated, is handled in such a way that people not involved in a project are prevented from accessing it.

    Example NDA term: Freelancer will take commercially reasonable steps to protect confidential project files and content against unauthorized access.

  • No discussion: I do not discuss confidential project content with unauthorized parties.

    One way in which confidential information can be disclosed is by people involved in a project discussing the contents with outside people.

    Example NDA term: Confidential aspects of the project will not be discussed with others.

  • File deletion: I delete project files upon completion of work, or am willing to do so upon request.

    Some end-clients want to know that copies of their confidential material will be destroyed after the translation process is complete.

    Example NDA term: Freelancer will delete project files upon completion of project, within three working days of client request.

  • No paper copies: I either do not create paper copies, or am willing to agree to shred them upon project completion.

    Secrets can be divulged when printed copies of confidential content are left unsecured, or when they are discarded without being rendered unreadable.

    Example NDA term: Any printed copies of content will be shredded or otherwise destroyed upon project completion.

  • Encrypted file storage: I understand how to, and am willing to agree to, store files only in encrypted form.

    It is possible, using certain operating systems or third-party tools, to encrypt files and file folders, so that even if they are obtained, they can not be understood easily without knowing the decryption password.

    Example NDA term: Confidential files will be stored by freelancer only in encrypted form.

  • Password-protected folders: I understand how to, and am willing to agree to, password-protect file folders.
  • Encrypted file transfer: I understand how to, and am willing to agree to, send and receive project files in encrypted format.

    "Encrypted file transfer is the process of encrypting a file before transmitting it over a network, Internet and/or remote server. It is done to secure a file and hide its content from being viewed or extracted by anyone except the receiver or sender." (Techopedia)

    Example NDA term: Confidential files will be transferred between client and freelancer only in encrypted form.

  • Dedicated project folder: I am willing to agree to keep separate file folders for separate clients.

    Some clients, and some LSPs, want to be assured that a given client will have its own dedicated folder in a freelancer's hard drive. This may help to prevent the unintentional mixing and disclosure of content from one client to another.

    Example NDA term: Freelancer will store project files in a dedicated folder that contains no content from other clients.

  • Remote backup: I have a regimen, available upon request, for backing up files remotely while work is underway.

    To reduce the risk of translated content being lost due to local hardware failure, etc., some clients would like to know that a freelancer is backing up files outside of the local machine.

    Example NDA term: Freelancer will regularly back up project files, in a location other than the local machine, during the work period.

  • Archiving: I have a regimen, available upon request, for maintaining copies of project files after completion of work.

    Some clients like to have freelancers archive the files they have created for some period of time after work is completed.

    Example NDA term: Freelancer will retain project files, after completion of the work, for a period of time to be mutually agreed upon.

  • No cloud storage: I am willing to agree to store content only locally on my own machine(s), i.e., not in "the cloud".

    Some clients want to be sure that their content is not uploaded to "the cloud", that is, web-based storage, where it might be accessible to unauthorized parties (including a company administering such a cloud service.) To comply with this practice, make sure cloud backups are not automatically being taken of project materials.

    Example NDA term: Freelancer will store files only locally, not using third-party cloud storage solutions.

  • No unauthorized sampling: I use samples from completed translations (in portfolios, or otherwise to market my services) only with client permission.

    Excerpts from past translation work are commonly used in portfolios and other marketing material. However, it is generally accepted that such samples should be used only if permission has been obtained from the client.

    Example NDA term: Freelancer may not create portfolio samples from work performed without permission from client.

  • Confidential collaboration: I do not disclose confidential information when obtaining assistance from fellow translators on term selection, etc.

    When using KudoZ or otherwise conferring with colleagues concerning term selection, care must be taken not to disclose confidential information while sharing content. Remember that among those viewing a term discussion may be individuals who are already familiar with the material, and who may otherwise be able to guess the client or deduce information when too much detail has been shared.

    Example NDA term: Freelancer will take care not to disclose confidential information when discussing term selection with outside professionals.

  • No term discussions: I am willing to agree not to obtain assistance from fellow translators on term selection, etc., at all.

    Some clients may prefer that freelancers not enter into discussions on term selection with external parties at all.

    Example NDA term: Freelancer may not seek assistance on term selection from outside parties.

  • No ownership claims: I am willing to agree that completed translations are the property of the client or client's client, and waive any personal rights thereof.

    Some have argued that legally speaking, a freelancer may have some intellectual property rights to a translation that he or she creates. This practice says that the freelancer is willing to waive such rights and acknowledge complete ownership of the material by the buyer of the service.

    Example NDA term: Completed work is the property of the client.

  • Reference material confidential: I consider reference materials to be confidential; I do not share such materials, and would not use them on other client's projects, without permission.

    It is not just the material to be translated that may contain confidential content; accompanying reference material may also be sensitive. A client may wish to have explicit reassurance that the reference materials, including glossaries, translation memories, previously translated documents, etc., will not be disclosed to other parties, and not be used on other clients' work.

    Example NDA term: Reference materials (glossaries, TM's, previously translated documents) will not be disclosed or used in connection with other clients' work.

Productivity solutions (TM / MT / OCR / TMS)   (6 practices)

  • No foreign TM/MT: I am willing to agree not to use translation memories (TMs) or machine translation (MT) systems that contain data, or that have been trained using data, from other clients.

    A client may wish to stipulate that translation memories, glossaries, machine translation engines, etc., developed out of work for other clients, should not be used for their own work.

    Example NDA term: Translation memories, glossaries and machine translation engines developed for other clients will not be used on this project.

  • Confidential TM/MT: I am willing to agree not to use content from projects worked on for one client, to add to translation memories or train MT systems that are used with other clients.

    A client may wish to stipulate that glossaries, translation memories, machine translation engines, etc., that have been developed out of their projects, not be used on projects associated with other clients.

    Example NDA term: Translation memories, glossaries and machine translation engines developed on this project will not be used when performing work for other clients.

  • TM/MT deletion: I am willing to agree to destroy any translation memories, machine translation engines and glossaries created specifically for a given project, upon completion of the project.

    Some clients ask for translation memories, machine translation engines, glossaries, etc., that have been created out of a given project, be deleted upon completion of the work.

    Example NDA term: Any glossaries, translation memories and machine translation engines created out of this project will be deleted within three days of client request.

  • No cloud MT/TM/etc.: I am willing to agree not to use any cloud-based translation memory, machine translation, optical character recognition (OCR) or other such cloud-based services that involve disclosure of content to third-party systems.

    Use of cloud-based TM, MT, OCR and other such systems may involved the transfer or storage of confidential client content in unencrypted form.

    Example NDA term: Cloud-based translation memory, machine translation and optical character recognition will not be used.

  • No TM/MT sharing: I am willing to agree not to share a given client's TMs and MT training data with other professionals.

    Sharing of translation memories, machine translation engines, and other such resources, could in theory lead to disclosure of confidential content.

    Example NDA term: Any translation memories and machine translation engines from client or developed over the course of this project will not be shared with people not involved in the project.

  • Work on server: I am willing to agree to perform work remotely on tools/applications/portals controlled by the client.

    Some clients ask freelancers to perform work on server systems that they control, rather than on the freelancer's local desktop.

    Example NDA term: Work will be completed on server system controlled by client.

Physical office   (5 practices)

  • Home office: I have an office in my home.

    Refers to having a dedicated space for performing freelance work from home.

  • Dedicated space: My home office is in its own room.
  • Private space: I am the only one who uses my home office.
  • No public spaces: I work exclusively, or almost exclusively, from home.
  • On-site audit: I am willing to agree to make my home office available for on-site audit.

Work computer / mobile phone   (16 practices)

  • Dedicated computer: I have a dedicated computer for translation work.
  • Locked computer: My work computer is password protected.
  • Sole user: I am the only person who uses my computer.
  • Antivirus: My computer has up-to-date, licensed antivirus software.
  • File scanning: All incoming/outgoing files are scanned for viruses and malware.
  • OS updates: Updates to my operating system are auto-installed.
  • Software updates: I have a tool that checks for updates to all of the software on my computer.
  • Anti-ransomware: I have an up-to-date, licensed anti-ransomware program.
  • Private screen: My computer's screen is not visible through a window.
  • FIPS: My devices are compliant with the US Federal Information Processing Standard (FIPS).
  • Encrypted hard drive: My hard drive is encrypted.
  • RAID: My hard drive(s) use redundant RAID.
  • File auditing: I understand how to, and am willing to agree to, enable security logging and file auditing.
  • Locked phone: My mobile phone is protected by password, fingerprint or facial recognition.
  • No pirating: I do not use pirated software.
  • Anti-theft: My work computer has hardware anti-theft features.

Networking   (7 practices)

  • Password-protected network: My home office's network is password protected.
  • Firewall: My home office's network is protected by a firewall.
  • No outside wifi: I do not use, or am willing to agree not to complete a project using, wifi outside of my home office.
  • Wired connection: My home network is wired; there is no wifi, or I am willing to agree to work only on a wired connection.
  • Offline work: I am willing to work from home, offline only, if required.
  • VPN: I understand how to, and am willing to agree to, use an encrypted VPN for file transfers.
  • Encrypted email: I have an email account that enables me to exchange end-to-end encrypted messages, and am willing to agree to only such transfers.

Handling of project meta-data / client info   (4 practices)

  • Non-disclosure of clients: I do not disclose my clients' identities or contact information, or the identities or contact information of their clients or vendors, without first obtaining permission to do so.
  • Non-disclosure of processes, rates: I do not discuss my clients' internal processes, tools, rates of payment, or other such information, without first obtaining permission to do so.
  • Private correspondence: I consider communications with clients to be confidential and do not disclose emails or other such correspondence.
  • Secure record-keeping: My customer list(s), invoices and other such records are secured.

Password practices   (2 practices)

  • Password management: I have a professional approach to passwords that involves (1) strong / long passwords; (2) different passwords for different sites/services; and (3) periodic password rotation.
  • Two-step verification: I use of two-step verification procedures whenever possible.

Certifications   (2 practices)

  • HIPAA: I am HIPAA trained/certified.
  • Security clearance: I currently hold an active security clearance from a governmental body.

Ethics   (4 practices)

  • Conflict of interest: If I experience a conflict of interest, or recognize the possibility of that perception, I will immediately discuss that with my client.
  • No privileged actions: It is my policy not to take any actions (ex. buying stock) as a result of having gained access to confidential information.
  • Illegal activities: If I became aware of any illegal activity, it is my policy to immediately report that to the relevant authorities, and to my client if appropriate.
  • Disclosure reporting: If confidential information were ever inadvertently disclosed, I would notify my client immediately.

Other personal characteristics   (8 practices)

  • Code of conduct: I have either endorsed the ProZ.com Professional Guidelines or am bound by the code of conduct of a recognized industry association.
  • Own NDA: I am able to provide my own NDA / security policy for clients who do not have one readily available.
  • Assumption of confidentiality: Absent agreement to the contrary, my assumption is that files and content are to remain confidential.
  • Experience with secure projects: I am experienced working with highly confidential content.
  • No subcontracting: I do not subcontract/outsource work, or I do not do so without client permission.
  • Security specialist: I have been trained in, or I have worked in, the data security field.

    Select this option only if you have held a position in which your title was directly related to security. (Most freelance translators do not have such experience.)

  • Background check: I am willing to submit to personal background checks.
  • Drug testing: I am willing to submit to drug testing.
All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search