Pages in topic:   [1 2 3 4 5 6] >
SecurePRO update - list of security practices derived from SecurePRO cards
Thread poster: Henry Dotterer

Henry Dotterer
Local time: 13:43
SITE FOUNDER
Aug 18

Hi folks,

An update on the SecurePRO program announced, as part of the Plus package rollout, at http://www.proz.com/about-plus-package#secure_pro

* Just over 3000 people have entered content into one or both of the free text areas in their SecurePRO card.
* Many more have made use of other fields (over 15,000 people have registered email addresses, for example.)
* Job posters have specified project sensitivity levels about 7000 times.
* The most commonly used sensitivity level is MEDIUM, and the next most common is HIGH. About 10% of the time, LOW is used to indicate that confidentiality is not an issue.
* Around 800 profile owners have explicitly opted out of using SecurePRO cards.

Given the above we are ready to move to the next steps in development of the program.

-----

Steps taken, or that can be expected:

- A comprehensive list of potential security practices has been extracted from the unstructured texts entered into SecurePRO cards. It is currently available to members, at: http://www.proz.com/security-practices

An example of a security practice shown on the list is "I delete project files upon completion of work, or am willing to do so upon request".

- It is possible to indicate -- if you choose to do so -- which practices from the list you offer, or do not offer.

- In some cases two possible choices are given, and in other cases, three.

An example of a security practice that offers two possible choices is "I have a home office." (Basically, you either have one or you don't.)

An example of a security practice that offers three possible choices is "I am willing to deliver to the client any translation memories created." We see, from the data, that some people offer this for all projects, some people do not offer it, and some people are willing to offer it depending on rate of payment or other factors.

- Data on profile owner responses to each security practice is shown to members, in aggregate form, when at least ten people have specified whether or not they offer the practice.

- Right now, SecurePRO cards are visible to profile owners only. At some point during the upcoming process of curating the list and collecting responses, accessibility settings will be updated and it will be possible for SecurePRO cards to be used in practice.

- Additional steps are anticipated after that time.

-----

If you are interested in participating in the focus group, please contact me.


Direct link Reply with quote
 

Henry Dotterer
Local time: 13:43
SITE FOUNDER
TOPIC STARTER
The list and FAQ Aug 20

Thanks to M. Ali for taking a look at the list.

The list of security practices has now been published (for members only, for now -- want to get member feedback first) at http://www.proz.com/security-practices

-----

FAQ

What is the goal of the SecurePRO™ program?

To enhance the ability of LSPs and freelancers to ensure the confidentiality of end-client data, while still carrying out work in an efficient manner.

How does the SecurePRO™ program accomplish that?

For a start, by raising awareness of security practices. Beyond that, a means is provided for freelancers to efficiently present their security practices and capabilities, and for clients to specify security needs on a project-by-project basis. Other important program features are forthcoming.

What is a SecurePRO™ Card?

A SecurePRO™ Card is the digital card, accessible from within profiles, where a freelancer can specify his or her security practices.

Who can create a SecurePRO™ Card?

Anyone with a ProZ.com profile of type freelancer or "both".

How does a freelancer create a SecurePRO™ Card?

By going to the comprehensive list of security practices and indicating which ones he or she offers.

What happens when I indicate that I offer, or conditionally offer, one of the security practices on the list?

The fact that you offer or conditionally offer that practice will be stated in your SecurePRO™ card.

If I indicate that I never offer a certain practice, is that shown in my SecurePRO™ card?

No. The card shows what you offer. No mention is made of what you do not offer.

What is the point of ticking "Never" if it does not even get shown?

It gets displayed in the aggregate data, which will be displayed not only to colleagues but also to clients when they are indicating which security practices they wish to require. (It may be useful for a client to know that by requiring a particular security practice, one is reducing one's pool of available translators by one-half, one-third, or whatever.)

What is the effect of ticking "Clear/Skip"?

Ticking "Clear/Skip" lets the system know that you choose not to specify whether or not you offer that particular practice. You will not be prompted to enter a response to this practice in the future.

Can I change settings?

Yes, you can freely change your setting for each practice at any time.

What legal ramification is there, if any, of my ticking a given security practice?

Consider it similar to making the same statement in free text form in your profile.

How was the comprehensive list of security practices created?

The list has been derived from practices described, in free text form, by freelance translators in their SecurePRO™ cards.

What if I want to offer security practices that are not on the list?

Apart from ticking off the practices that you offer from the list, you can enter additional information in the SecurePRO Card in free text form.

Who gets to see SecurePRO™ cards?

Full SecurePRO™ support is part of ProZ.com's Plus service package. For a SecurePRO™ card to be visible, either the owner of the card or the viewer must be a Plus subscriber (professional or business.)


Direct link Reply with quote
 
inesec  Identity Verified
Latvia
Member (2014)
German to English
+ ...
I would add Aug 20

=== Other personal characteristics ===

* I have either endorsed the ProZ.com Professional Guidelines or am bound by the code of conduct of a recognized industry association.
* I am able to provide my own NDA / security policy for clients who do not have one readily available.
* When no NDA has been signed, my assumption is that material is confidential.
* I am experienced working with highly confidential content.
* I have experience working on clients' tools/applications/portals.
* I do not subcontract/outsource work, or I do not do so without client permission.
* I have been trained in, or I have worked in, the data security field.
* I am willing to submit to personal background checks.
* I am willing to submit to drug testing. [/quote]

* I am willing to submit to STD testing
Seriously speaking, I have nothing against the listed activities only the most part of them seems to be some kind of "overacting" and not applicable to an ordinary freelance translator.
Hope that the list'll be scaled down and wish good luck


Direct link Reply with quote
 

Katalin Horváth McClure  Identity Verified
United States
Local time: 13:43
Member (2002)
English to Hungarian
+ ...
Overwhelming Aug 20

I stopped reading somewhere in the second group. Seriously, this is not practical. At all.
We are freelancers, not employees. Some of the items listed look like requirements for government security clearance. Those jobs are handled differently, not by checklists like this.
Do you think that someone posting translation jobs here would go over such a long and detailed list to check items from it? I doubt it. They will either ignore it, or click the button that checks everything.

Just one example of the items that I find very strange.
How is delivering or not delivering the TM to the client is a SECURITY matter? - It is not. It is a business matter. Some people refuse to give the TM to the client for free, because they used their own tools and time to create and maintain it. Some people deliver the TM as a matter of routine, with the translation, because the client can recreate it anyway, so there is no business leverage to be gained by not delivering it.
I think it is strictly a business decision, not a security one.


Direct link Reply with quote
 

Tom in London
United Kingdom
Local time: 18:43
Member (2008)
Italian to English
No idea Aug 20

Katalin Horváth McClure wrote:

I stopped reading somewhere in the second group. Seriously, this is not practical. At all.
We are freelancers, not employees. Some of the items listed look like requirements for government security clearance. Those jobs are handled differently, not by checklists like this.
Do you think that someone posting translation jobs here would go over such a long and detailed list to check items from it? I doubt it. They will either ignore it, or click the button that checks everything.

Just one example of the items that I find very strange.
How is delivering or not delivering the TM to the client is a SECURITY matter? - It is not. It is a business matter. Some people refuse to give the TM to the client for free, because they used their own tools and time to create and maintain it. Some people deliver the TM as a matter of routine, with the translation, because the client can recreate it anyway, so there is no business leverage to be gained by not delivering it.
I think it is strictly a business decision, not a security one.




I have no idea what this thing is - haven't got time to think about it. Proz has been working just fine for me and I don't have any security issues.

I would be grateful if Proz could help busy people like me with a monthly newsletter telling us all what's going on.


Direct link Reply with quote
 

Lincoln Hui  Identity Verified
Hong Kong
Local time: 02:43
Member
Chinese to English
+ ...
Is this what you're talking about? Aug 20

Tom in London wrote:

I have no idea what this thing is - haven't got time to think about it. Proz has been working just fine for me and I don't have any security issues.

I would be grateful if Proz could help busy people like me with a monthly newsletter telling us all what's going on.


Clipboard02

Full disclosure: I never read it.


Direct link Reply with quote
 

Henry Dotterer
Local time: 13:43
SITE FOUNDER
TOPIC STARTER
What else, Katalin Aug 20

... not applicable to an ordinary freelance translator ...

Seriously, this is not practical... We are freelancers, not employees.

In case it was not clear, this list of security practices was taken from the descriptions of security practices that freelancers are entering, for prospective clients, in their profiles. In other words, these are the sorts of things that some freelancers think are relevant to clients.

How is delivering or not delivering the TM to the client is a SECURITY matter?

That's a good point. I've taken it out. If someone can tell me how it relates to security I'll put it back in.

You said there were other things you found strange, Katalin. What else?


Direct link Reply with quote
 

Sheila Wilson  Identity Verified
Spain
Local time: 18:43
Member (2007)
English
+ ...
I am NOT a happy bunny now Aug 20

=== Handling of content/files ===

This:
* I take care to prevent project files and content from being accessed by unauthorized parties
with a bit of tweaking to cover non-digital client information, covers all the others relating to data/client privacy perfectly adequately, with any T&C specific to particular clients being negotiable.

=== Physical office ===

What on earth do any of those have to do with any client? Is it so they can have more leverage over us because we 'just homeworkers', as though we stick things in envelopes for a loaf-of-bread-per-hour rate? Why should any business make its offices available for inspection (unless by the authorities - who will do it if they so wish, SecurePRO or not)? These and many others that follow are just simply none of their business, or else they're covered by the first one.


In short, I do not see any need for all this, and I see it as a definite step by ProZ.com to incite clients (not employers, remember?) to be intrusive and tell us how to run our professional and even our personal lives. By refusing to go along with this feature we'll be made to look as though we're somehow a risk. That makes this feature a really, really serious negative, to my mind.

I thought this security thing that was promised, and that encouraged me to opt for the Plus grade of membership, was going to somehow give ME security. I'm sick to death of getting job requests from outsourcers who don't have to disclose anything at all. I'm forced to do everything from the very beginning, trying to track down real names, real premises, real reviews (as all too often they're getting themselves linked to better BB records). I thought ProZ.com was going to put us in touch with clients who had given all THEIR information to the site, so that we could be confident that the company at least existed and was in country A or B, not someone who just fancied posting a job and lying about everything.


Direct link Reply with quote
 

Tom in London
United Kingdom
Local time: 18:43
Member (2008)
Italian to English
No. Aug 20

Lincoln Hui wrote:

Is this what you're talking about?


No.


Direct link Reply with quote
 
Ali Bayraktar  Identity Verified
Turkey
Member (2007)
English to Turkish
+ ...
I think this feature can help you Aug 20

Sheila Wilson wrote:
I'm sick to death of getting job requests from outsourcers who don't have to disclose anything at all. I'm forced to do everything from the very beginning, trying to track down real names, real premises, real reviews (as all too often they're getting themselves linked to better BB records). I thought ProZ.com was going to put us in touch with clients who had given all THEIR information to the site, so that we could be confident that the company at least existed and was in country A or B, not someone who just fancied posting a job and lying about everything.


You can make suggestions to site.
They may be reorganize their "Message Me" form.
In your "Message Me" section you can add mandatory sections.
For example if somebody writes you a message you can select mandatory sections.
Name, E-Mail Address, Country, Company Name, Subject.
You can suggest site to make all those parts mandatory before sending you a message.
Other translators may select other mandatory fields.
And I think this feature will solve all your problems (in contacting of course)

Best,

M. Ali


Direct link Reply with quote
 
Ali Bayraktar  Identity Verified
Turkey
Member (2007)
English to Turkish
+ ...
Some questions Aug 20

Henry Dotterer wrote:
1- === Handling of content/files ===
2- === Productivity tools ===
3- === Physical office ===
4- === Work computer / mobile phone ===
5- === Networking ===
6- === Personal identity ===
7- === Password practices ===
8- === Certifications ===
9- === Ethics ===
10- === Other personal characteristics === .


To my opinion Points 1, 5, 7, 9 and 10 are subjective points and can not be verified by any third party (here we can say ProZ)
But Points 2, 3, 4, 6, 8 are objective points and can be verified by any third party.

All those SecurePRO thing is about being able to prove the trustworthiness, security, carefulness and professionalism with the files and contents of the client right?

How to verify subjective statements?
Shortly speaking how to use ProZ.com and its tools as our witnesses in the subject of Privacy and Security?

Security is a subject area where personal statements do not have any meaning.
All parts should consist of verifiable data.
1, 5, 7, 9 and 10 are not verifiable data but personal statements.

Any plans about this?
Or am I understanding the meaning of SecurePRO wrong?

Best,

M. Ali


Direct link Reply with quote
 

Jenny Forbes  Identity Verified
Local time: 18:43
Member (2006)
French to English
+ ...
Another UNHAPPY bunny Aug 20

Exactly like Sheila, I'm not at all happy with this new list of "security" declarations.
Apart from the fact that many of them are truly unverifiable, there are few items in the list which I would be willing or even able to endorse.
However, that doesn't mean I am not who I say I am or that I'm not an honest, hard-working, trustworthy and reliable translator.
Won't my "non-ticking" of most of the items in the list convey the contrary impression?
Please, Proz, what freelancers need is greater security regarding the identity and reliability of outsourcers. Isn't this site intended mainly for the benefit of translators and interpreters?


Direct link Reply with quote
 

Fiona Grace Peterson  Identity Verified
Italy
Local time: 19:43
Member
Italian to English
Complete blood count or just urinalysis? Aug 20

Henry Dotterer wrote:

* My home office is in its own room.
* I am the only one who uses my home office.

* I am willing to agree to make my home office available for on-site audit.


I live in an extremely small flat, and do not have the luxury of the first two.
Does that make me "unprofessional", or my working methods "unsecure"? Or maybe clients (and Proz) look more favourably on a freelancer who lives in a house with twenty-one rooms and posts forty-six KudoZ questions a day, as long as these queries have been "approved"?

As for the third... why should anyone need/want to AUDIT my home office?
The mind boggles, quite frankly.


But I think the two below are my favourites!!!

Henry Dotterer wrote:
* I am willing to submit to personal background checks.
* I am willing to submit to drug testing.


Erm... WHAT???

I subscribed to the Plus package, but this is getting ridiculous. The security measures I adopt as a freelancer are written into my Terms and Conditions that I send to each client; the infinite variety of freelancers' homes and working conditions are such that trying to impose some kind of "one size fits all" approach is discriminatory and unfair.

Henry Dotterer wrote:

* Just over 3000 people have entered content into one or both of the free text areas in their SecurePRO card.
* Many more have made use of other fields (over 15,000 people have registered email addresses, for example.)
* Job posters have specified project sensitivity levels about 7000 times.
* The most commonly used sensitivity level is MEDIUM, and the next most common is HIGH. About 10% of the time, LOW is used to indicate that confidentiality is not an issue.


The fact that "people have entered content" into text areas of their SecurePRO card, or that "Job posters have specified project sensitivity levels about 7000 times", does not mean that either of these user categories perceived a necessity for this information. It was an option and they took it.



[Edited at 2017-08-20 16:49 GMT]


Direct link Reply with quote
 

writeaway  Identity Verified
French to English
+ ...
Baffled bunny Aug 20

I really don't get it. Proz.com is a commercial website that welcomes any and all who profess to be translators. No questions asked. Just sign up and preferably pay.
What is the purpose of all this? I thought the 'invoicing feature' (even non-payers can use it) was invasive enough but this really takes the cake.
Is it only for those who buy into the full package? Do the rest of us automatically escape (I hope)?


Direct link Reply with quote
 
Michele Fauble  Identity Verified
United States
Local time: 11:43
Member (2006)
Norwegian to English
+ ...
Says it all Aug 20

Fiona Grace Peterson wrote:

... this is getting ridiculous.


Direct link Reply with quote
 
Pages in topic:   [1 2 3 4 5 6] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

SecurePRO update - list of security practices derived from SecurePRO cards

Advanced search






Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

More info »
TM-Town
Manage your TMs and Terms ... and boost your translation business

Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search