Today Translations is ‘first in sector’ to achieve ISO27001 certification, giving them the edge in secure communication
This case study details how IT Governance helped Today Translations achieve ISO27001 certification. Enter your email address at the bottom of this page if you would like a PDF version of this case study. Call us on +44 (0) 845 070 1750 to discuss your own ISO27001 consultancy requirements.
Today Translations Case Study
Today Translations has been growing successfully for 13 years. The company’s client base features global organisations of all sizes, including some of the world’s leading names in legal, financial, and professional services. These clients all require secure translation services to protect their confidential information from malicious third parties. Protecting client data security is paramount in the legal and financial sectors, and Today Translations realised early on that there was a need for this much higher level of security when translating confidential information.
In order to demonstrate that their information security arrangements were among the best in the world, the organisation’s board resolved to gain UKAS-accredited ISO27001 certification.
"People deal with people they trust. Our clients want to know they can trust us with their information. Having the ISO27001 certification means our clients have absolute assurance that they are working with professionals who take quality and security very seriously.”
Today Translations’ work involves handling a wide variety of often highly confidential information including compliance, regulatory and contractual documentation, as well as providing multilingual, security-cleared professionals for interpreting for events, meetings and conferences anywhere in the world.
Security is embedded in the culture of the organisation, which is an acknowledged leader in the market for both its excellent service levels and the care with which client data is protected.
Already an ISO9001-certified organisation, Today Translations employs talented people who are passionate about their work, and uses unique workflow software to ensure the highest quality.
Click here to read more »
Demonstrating compliance with the international information security management system (ISMS) standard, ISO27001, was seen as a key selling point for the business by Today Translations’ CEO, Jurga Zilinskiene, providing evidence of the secure nature of the management system’s approach that Jurga herself had set up. Information security policies and procedures would have to take account of physical security requirements on-site and extend to the locations of 2,500 associates providing consultancy and translation services.
Today Translations also provides interpreting services and, as the name suggests, these can be delivered on demand when needed.
To achieve this, they have set up a global network of over 2,500 experts based in over 100 countries via their City of London offices. However large or small the assignment, their clients benefit from the expertise of translators who know and love their particular area of business. Whether it is subtitling a Hollywood blockbuster, localising their website, coordinating a multilingual event, or translating a regulatory report, they know that they can trust Today Translations to deliver a high-quality, secure service.
Today Translations runs a complex operation and has adopted structures and workflows based on ISO standards.
Providing supply chain assurance – and indeed, securing the supply chain from the threats of fraud, theft and bribery and the subsequent damage to business – was a key requirement of the ISO27001 project.
Senior members of Today Translations’ management and the advisory team already had expertise in information security and total quality management (TQM). The latter is demonstrated by the company’s ISO9001:2008 certificate, which was issued by BSI. The organisation could therefore set out to achieve ISO27001 certification, knowing that the ISO management system approach to policies, procedures and controls was already fundamental to their business.
The ISO27001 implementation team at Today Translations, led by operations manager Claire Brown, advisory board member Marc Baker, strategic change manager and counter fraud specialist and former head of the City of London Police fraud squad David Clarke, also sought the early assistance of ISO27001 experts. They knew that the task ahead involved assessing the risks that result from having such a global reach, and also that they would need to adapt all their systems to the detailed requirements of the ISO27001:2005 ISMS standard.
A key feature of the company’s service is their bespoke and secure CRM system, QCS+, and encrypted FTPS servers and secure communications channels. The team first set out to find a consultancy that could address these issues in the context of a completely paperless office, while at the same time helping them to select and implement appropriate controls across five continents. Claire and David sought quotes from four external consultancy organisations, including IT Governance Ltd, and then evaluated these on a points basis across a wide range of criteria. The result of this analysis was that IT Governance was selected.
Click here to read more »
Claire Brown explained: “We chose IT Governance for their track record in assisting organisations of all sizes to gain ISO27001. They were not the cheapest, but the evidence of their expertise was clear from the outset and they proved very responsive to our needs, producing a detailed price quotation in less time than some of the organisations contacted took simply to reply to us.
That kind of turnaround is what we routinely deliver to our clients so we felt at once that we were talking to the right people for us.
The complexity of our project also demanded specialist skills and we anticipated that IT Governance consultants would be able to scope our requirements and deliver the necessary advice quickly. We were not wrong. In fact, they were able to show us how to apply a total of 131 out of the 133 controls listed in Annex A of ISO27001:2005 in a matter of weeks from the project start date. The others simply did not grasp the size of the task involved.
I want to highlight that our allocated consultant, Adam Davies, was really valuable in helping us achieve this. It wasn’t easy, but with a committed team and active preparation over a year we managed to implement and evidence the 131 controls in just a few months. Adam was always on hand to answer queries and really cared about the end result. He put in an enormous amount of solid effort, so huge thanks to him and the rest of your support team.”
Part of the project work involved building new processes and workflows, as well as introducing internal auditing procedures. Adam Davies helped the Today Translations team design these to fit seamlessly within and enhance the management system that was already in place, thus avoiding any duplication of effort.
To strengthen their IT security stance to address Internet-based threats, and to comply with the controls they had designed, Today Translations commissioned IT Governance to carry out a full penetration test. These tests identify system vulnerabilities and attempt to exploit them. The resulting report impressed David Clarke:
“Just like the incident logs and risk registers that IT Governance helped us to construct, their pen test report was detailed without being unnecessarily long or over-complicated. The presentation of the vulnerabilities identified and associated risks was clear and straightforward. I liked the ‘traffic light’ layout that flagged up the risks. At a glance, you knew what you needed to pay attention to and could easily digest the recommended mitigation measures.
IT Governance’s report was informative without being overdone – and although I would personally have liked it to be shorter, our IT people found it of great assistance in terms of corrective actions.
Ignorance of vulnerabilities and how to patch them up makes organisations vulnerable, especially as the availability of free automated software on the Internet is making black hat hacking easier by the day. I would recommend conducting a pen test as soon as possible if you do not already do this on a regular basis. We certainly value the information that a thorough test reveals.”
To quote David, “Our systems have conformed to the ISO27001 standard for a number of years. We shall continue to use our bespoke CRM system QCS+, our encrypted FTPS servers and our secure communications channels, but with the added confidence that our policies, procedures and controls have been independently certified as meeting the detailed requirements of the Standard.”
As a result of professional advice given by IT Governance prior to our assessment, we have made changes within our offices to further strengthen what was already world-class security procedures and controls.
Click here to read more »
Adam was able to show us how we could protect confidentiality without sacrificing the integrity or availability of information that we process, transmit and store – a major requirement of ISO27001. We have introduced secure in-house linguist portals for when translators are required to work within our offices, tightened our supplier recruitment processes and briefed all members of staff in regards to the ongoing requirements of ISO27001 compliance. Our City offices continue to be monitored by 24/7 CCTV and alarm systems and are among the most secure operated within the translations market.
We understand that information is a valuable asset that can make or break a business. We hope that this certification will help our thousands of clients to feel assured that, by hiring Today Translations, they are working with a translation company that makes the extra effort in truly safeguarding their confidential documents and materials during and after the translation process.”
Today Translations prides itself on being the most security-conscious language and translation services agency in the UK – possibly even the world. They intend to continue to conduct regular penetration tests, and recommend IT Governance to their clients for this service, consultancy advice and support.
In the next six months, the company will transition to the 2013 version of ISO27001, drawing upon the expertise of IT Governance to achieve this goal rapidly and cost-effectively.
Download this case study now
To get a PDF version of this case study enter your email address below:
Just as we have helped Today Translations to achieve certified ISO27001 compliance on time and within budget so we can help you. Call us now on +44 (0) 845 070 1750.