Data Security Policy
The Company transcribes highly confidential material on a daily basis for clients worldwide. Consequently, data security is of prime importance and numerous measures are taken to ensure privacy, which include password protection, encryption and a secure server for uploading.
The Company offers its Service Users a secure HTTPS site to which files can be uploaded as protocol for transmitting data securely. HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against third party attacks. Additionally, it provides bidirectional encryption of communications between a Service User and server, which protects against eavesdropping and tampering with and/or forging the contents of communication. This provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communication between the Service User and the site cannot be read or forged by any third party.
• Service User files are stored on the Company’s server.
• Service User recordings can be accessed only via the Company’s in-house intranet.
• Service User recordings are only available by password entry to server. Each transcriber is provided with an individual encrypted password, known only to the transcriber and management. Each recording is available only to the transcriber who will be transcribing it.
• No hard copies of transcripts are produced by the company.
• Transcribers are required to delete all transcripts and digital recordings on completion of a Specific Job.
• Data in transit to Company servers (Bytemark and Simply Hosting, hosted in the UK; Amazon, hosted in the USA) is secured with the latest SSL standards for HTTPS encryption.
• All data is retained on these servers based on the type of service required.
• Servers are backed up offsite every hour to ensure speedy data recovery in the event of malfunction or other causes that may potentially result in data loss.
• Personal data is captured only as required for the Company’s workflow system for purposes of the Services and is volunteered by the Service User. No additional information is collected.
• The Company’s desktop and laptop computers are password protected. Transcripts are stored on a secure remote server. A digital log is kept of all activity on the Company’s workflow system and secure server.
• The Company’s servers are protected with the latest antivirus definitions and are updated hourly. They are configured to scan files on access as well as run a full system scan twice daily.
• Server access is controlled by the Company and authentication is controlled by means of secure certificate/key pairs and only to the minimum staff and transcriber complement necessary.
• Upstream patches to server software are reviewed as and when they are made available and applied within twenty four (24) hours.
• Operationally, computers are protected by ESET Endpoint anti-virus and multiple other anti-spyware and anti-malware programs. Further protection is afforded by Cyberoam within the office network.
• The operational internal network is further secured by controlled access on a per-device basis, whereby devices must be manually authorised to join the local network. Unauthorised devices will be blocked and unable to connect to any part of the network without this authorisation.
• Transcribers are required to run up-to-date antivirus software and operating systems. Each transcriber has a separate login for accessing the Company’s processing system whereby he or she is able to access the files necessary to complete a transcript and only those files are allocated.
• Transcribers have no access to personal client information.
• Operational desktops are secured with individual passwords. The Company’s workflow management system is accessible only by means of a separate set of passwords. Passwords are changed regularly.
The complete specifications of the data centre that hosts the Company’s Bytemark (UK) server can be viewed at: https://www.bytemark.co.uk/company/data-centres/yo26/.
The complete specifications of the data centre that hosts the Company’s Simply Hosting (UK) server can be viewed at: https://www.simplyhosting.com/infrastructure/data-centre.
The Company’s Amazon (USA) server is hosted within their Virginia zone in the Eastern United Stated. More information about their global infrastructure may be found at: https://aws.amazon.com/about-aws/global-infrastructure.