Information Security at Language I/O

 

CombinedISOLogos_4_20.jpg

Introduction

Language I/O's approach to security follows the industry standard. We take a risk-based approach to ensuring the confidentiality, integrity, availability, and privacy of our assets and services. We take special care to protect the personal data that flows through our systems from our clients because our greatest asset is our relationship with our customer. We are ISO 27001:2013 certified. You can download a copy of our ISO 27001:2013 certificate here

The Language I/O SaaS translation solution can be integrated into Client Relationship Management (CRM) platforms such as Oracle Service Cloud (OSC), Salesforce, Zendesk and others for translation of incident/ticket content, article/answer content and chat content. Our products enable monolingual support agents to provide e-support in any language. We also provide high-quality translation of informal, user-generated content (UGC) that is often rife with misspellings, abbreviations and other hard-to-translate terms. All translation requests passed from CRMs and API calls to the Language I/O server are processed and often sent to a third-party sub-processor for translation.

Data Flow

The flow of data through the system depends upon the translation service or services for which the customer is configured. Because Language I/O is plugged into many translation services, the data could flow into and out of several integrated systems. That said, our customers can drastically minimize the likelihood for a data security breach by adhering to our personal data policy.  

Data Privacy

All data passed between the CRM and the Language I/O server, and between the Language I/O server and a translation service, travels via a secure, TLS 1.2-encrypted and authenticated connection. Because our customers pass UGC to us for translation, we assume that every translation request that comes from a CRM chat session or a ticketing system contains personal data per the GDPR definition. As soon as a chat or email hits our server for translation, we first scan that content for personal data and if we find any personal data, we encrypt and pseudonymize that information before it is passed to a subprocessor for translation. Once the translation is passed back into Language I/O, the personal data elements are decrypted and then passed back via API to the requesting process/party. Once the translation is passed back, both the translation and the original content sent to us for translation are scrubbed from our system and any subprocessor system.

The Language I/O platform regularly undergoes security audits administered by our CRM partners (Salesforce, Oracle, Zendesk) as well as by vendors and clients. We have quarterly penetration tests, monthly vulnerability scans and on-going intrusion prevention and detection. We comply with the European Union’s GDPR (General Data Protection Regulation) and have had this adherence, per our information security management system, audited and certified for compliance with the ISO 27001 standard. You can download a copy of our ISO 27001:2013 certificate here

The Data We Store

While the Language I/O CRM integrations do have access to the incident/case, answer/article and chat session records, the apps do not pull from the associated customer contact or agent profile records. The data that is passed from the CRM to the Language I/O server includes only the data that the server requires to a, perform the translation and b, push translations back into the CRM correctly. None of the free-form, UGC from the customer or agent passed into our server for translation, which is part of cases, tickets, incidents or chats,  is persisted in our database. The data elements related to translation requests that are persisted in our database are listed below.

  • The unique answer/article, ticket/incident or chat session ID where a translation has been requested
  • In the case of tickets/incidents and chat sessions, the thread ID for which the translation has been requested
  • In the case of articles/answers, the translated sibling or draft ID where a translated article/answer can be pushed back in
  • In the case of articles/answers, both the content sent for translation and the translation itself are persisted on our side for the purpose of leveraging translation memory in subsequent translations*
  • For some integrations, a single set of CRM login credentials is persisted in our database. The password is encrypted within the Language I/O database and never exposed via plain text**
  • The CRM endpoint URL is persisted in our database, so Language I/O can connect directly to the CRM for the purpose of pushing translations back into the CRM, creating custom objects in which to store the translations, etc.
  • The source language of the content requested for translation
  • The target language into which the source content is translated
  • The number of words sent for translation
  • The total cost of the translation

*Our customers are comfortable with article data being persisted because article data is usually already public and it saves our customers money when we leverage existing translation memory. As mentioned previously, we do not persist UGC sent for translation or the translated UGC as it could have personal data embedded in it.

**This is necessary for scenarios in which a human translation is requested and will be pushed into the CRM as part of a separate API call.