Data Security and Emails

Home > Articles & Advice > Data Security and Emails

We are currently going through our ISO 27001 assessment and busy ensuring our processes are compliant, ready for our two audits coming up in the new year. TP Transcription Limited goes a lot further than a good number of our competitors when it comes to data security – we know from tender submissions and industry meetings that most transcription businesses are not Cyber Essentials Plus accredited & audited, do not hold ISO 27001, rarely carry the standard levels of insurance, and a number of them are not registered with the ICO (Information Commissioner’s Office). As a good amount of our work is with universities and government institutions, we take data security very seriously indeed.

Email Security

One item arising from this audit is the level of security of transcripts we apply when returning transcription and translation work to clients. We are always reviewing our systems and processes to ensure that client data is as secure as possible.

We have decided following a recent internal audit that we will password protect all transcription work when returned to clients as Word documents or open source equivalents. This will mean that only recipients with a password can open the document and then read the content. The password protection transfers with the document no matter where it is stored or sent. This is not completely secure, but tampering with a protected document takes time and effort.

Not only this, but we also use Egress to send transcription and translation work to clients. Egress is military grade encryption, and sets a level of protection that prevents any 3rd parties accessing the transcription documents or the emails with the documents attached.

The passwords for Microsoft Office use AES.

AES

AES (Advanced Encryption Standard) has been used by Microsoft since Office 2007 came into being. AES is a modern protection algorithm, and we understand that options to hack AES are very limited at the moment. In 2007, passwords entered to protect word documents were ‘stretched’ into a 128-bit key 50,000 times. This means that it takes a considerable amount of effort and time to crack it. Office 2010 went one step further and doubled the stretching to 100,000 times. Office 2016 and beyond doubled the key, so it is now a 256 key, which makes it even more secure.

Password Selection

Our clients can set their own passwords or we set one for them. We communicate the password via an alternative media, very often text message or whatsapp. Passwords have to be at least 12 characters long and have to include lower case, upper case and a special character.

NVivo

One problem that has arisen is with qualitative data analysis software some academic researchers use called NVivo. NVivo does not allow password protected Word documents to be uploaded to the software, and consequently anyone using the software needs to ask us not to apply the password protection to their files. We can still send via Egress, so security during transit remains high.

Removing Word Document Passwords

Once you have received the transcription from us, you can easily remove the password. Simply do the following:

Open the document and enter its password.

Go to File > Info > Protect Document > Encrypt with Password.

Clear the password in the Password box, and then click OK.

Very straightforward, but if you have any issues please contact us.

Thank you Sarah and thank you also for the quick turn around of this one. It’s very much appreciated.

March 2024 – Ashleigh Woodward, Solicitor HPJV Solicitors, Newport Wales

Dear Anna, thank you for a great job, Kind Regards, Anne, Moodpath Counselling, Training & Psychotherapy, UK.

Anne Hayward, Psychotherapist

March 2023
Thanks very much, Anna. I was impressed with your service and will definitely use you again if I need transcription services in future. Marcus Bateman, Consultant Physiotherapist

Feedback from University Hospitals of Derby & Burton NHS Foundation Trust

Our Accreditations

We are Cyber Essentials Plus audited annually and we hold the Cyber Essentials and Cyber Essentials Plus certificates. We are UKAS ISO 27001:2022 audited and accredited and ISO 9001 & ISO 14001 systems accredited company. We are members of the American Translators Association and we are assessed for GDPR compliance annually by IASME (Cyber Assurance Level 1).

10% Profits to Charity

10% of our profits are donated to the Ten Percent Foundation, a charitable trust registered in the UK. Since 2000 over £150,000 has been donated to projects in Africa and the UK. Click here for details.