Argos Multilingual Security Policy
v 1.1 – date: 08 Oct 2024
Introduction
The core objective of Argos Multilingual’s security program is to prevent unauthorized access to user data. Our dedicated team of security practitioners collaborates with all departments and teams to identify and mitigate risks, implements best practices, and provides continuous enhancements of our security measures.
Ensuring the security, confidentiality, and accessibility of all data hosted on our systems remains a priority at Argos Multilingual. Our robust security program operates on the principle of defense in depth, a cybersecurity strategy that uses multiple layers of security to protect our data assets across all layers. Aligned with ISO 27001 information security frameworks, our security practices are audited and certified by Bureau Veritas.
At Argos Multilingual, we adopt a flexible approach that customizes workflows to meet the unique needs of each client. Whether collaborating on agile or continuous localization processes, we provide secure points of load and delivery, utilizing either our proprietary solutions or those of our clients. Data security is upheld at every stage. Files are encrypted during transport and storage within our secure corporate network. Regular system testing ensures resilience against potential threats, with monitoring to maintain a vigilant defensive line.
This Agreement
If you are directed to this agreement from an Argos Multilingual contract or agreement, all terms found below are applicable to that contract or agreement.
Secure by Design
The Argos Multilingual development team has designed a robust and secure development lifecycle that incorporates manual code reviews, static code analysis, and external penetration testing. These measures enable the detection of known vulnerabilities, ensuring the integrity and security of our systems.
Data Encryption
Our ISO 27001 certification includes an Information Transfer Policy. We use https for secure data exchange in applications. For file exchange, we use Citrix ShareFile. Email is used only for basic communication, while files are exchanged through secure points of load and delivery. Argos Multilingual supports the latest recommended secure cipher suites to encrypt all data traffic in transit, including the use of TLS 1.2 protocols and AES256 encryption. Data at rest is encrypted with AES256 cipher.
Access control
Whenever access is granted or changed, we follow the best practice of applying “Least Privilege” wherein we restrict access rights for users, accounts, and computing processes to those needed only for what is necessary for their work. We comply with the requirements of data protection laws to ensure that personal and sensitive data have appropriate procedures in our ISO quality management system. Our Access Control Policy handles adding, revoking, deleting, and modifying accounts during personnel changes. Measures also govern access by customers, subcontractors, and employees. Privileged and administrative accounts are limited to system administration personnel and audited on systems that handle sensitive information.
Retention Period
We have a formal policy for the creation and control of all records. All data processed by Argos Multilingual has a defined retention time and archival process. For client data, the retention time is a minimum of five years with archiving beginning 30 days after we begin work to close a project.
Security Training
Prospective employees must pass rigorous background checks and sign nondisclosure agreements before joining Argos Multilingual. During onboarding, new employees receive security and awareness training to understand the confidentiality of the information they can access. This training occurs in the first week of engagement and covers the processes needed to protect the data.
Buildings
Our facilities are under 24/7 CCTV surveillance. All doors and access points are electronically secured with card readers. Security systems are connected to an alarm system. Some locations have 24/7 on-site security guards. Access to the buildings is electronically registered and logs are reviewed monthly by the IT administrator.
Network Protection
Our firewalls are configured for the least privilege to limit access rights to only those resources required to perform specific tasks. Access is secured with a System Firewall with Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) that monitor network traffic for signs of intrusions. A firewall also protects our LAN and implements a perimeter network to protect the LAN from untrusted traffic. Only our client portal and supplier portal are accessible from the Internet.
Servers
Our servers are securely housed in monitored server rooms with controlled access. They are protected by firewalls, antivirus systems, and environmental controls. Servers are patched in regular intervals. Retired hardware is disposed of in a controlled way. Data media is degaussed and physically destroyed. XDR class antimalware software is installed and regularly updated.
Endpoint Security
All Argos Multilingual endpoints are deployed using a centrally managed endpoint management solution, assuring secure configuration and compliance to our security standards. The standards require all devices to be properly configured, including antimalware solution, updated and monitored. Encryption of data at rest is enabled for all Endpoints.
Security Breach Protocol
As part of ISO 27001, Argos Multilingual has an Incident Management Procedure in place. We will promptly notify the relevant parties about any actual or suspected client data exposure, within 24 hours of discovering an incident.
Disaster Recovery & Business Continuity
Risk analysis and disaster recovery are crucial for ISO 13485 and ISO 27001 compliance. Being certified with these standards, we maintain documented disaster recovery processes, including plans in the event of a pandemic. We also have detailed backup plans for our data. We regularly test and maintain our backups to ensure recoverability. We also have a backup plan for unforeseen failures, which are tested using production backups and simulated exercises. These tests assure that we have the necessary backups to recover from various failures.
Risk management and Third-party Risks
Argos Multilingual has implemented a comprehensive Risk Management and Treatment policy. Assessing risks is an ongoing process, where regular evaluations of risks to confidentiality, integrity, and availability are conducted and consolidated in the annual Information and Security Management System (ISMS) Management Review. Additionally, risks associated with Argos Multilingual service providers undergo annual evaluation and review.
Audits
The system is reviewed and validated annually. Our adherence to security ISO27001 standard is confirmed by the certificate available here.
Information classification
Argos Multilingual classifies the level of confidentiality using three categories: Public information, Confidential information, and Restricted/Personal Data. All information, if not classified differently, is confidential and shall be protected while in transport and at rest. In addition to our confidentiality protection measures, Restricted and Personal Data requires the highest level of protection. Only those qualified and selected individuals involved in tendering services have access to this sensitive information. There are additional limitations on data location, data transfers, the number of copies, and data retention times.
Supplier Expectations for Security Measures
Argos Multilingual is committed to maintaining the security of its systems. As a result, it is crucial that our suppliers uphold the following responsibilities to ensure an adequate level of security for all systems with Argos Multilingual data, including networks, desktop computers, tablets, smartphones, and other mobile devices:
- Implement a cost-effective Security Program that ensures both physical and logical security measures are in place.
- Process, store, and destroy Argos Multilingual entrusted data as instructed by Argos Multilingual.
- Perform ongoing risk assessments to identify and eliminate unnecessary risk exposures and ensure continuous improvement of security practices.
- Enable encryption on hard drives, mobile devices, and cloud services.
- Use only login and password-protected online storage.
- Install robust antivirus and antimalware protection on all devices.
- Activate firewall settings to block unauthorized access over the internet.
- Enable automatic updates to install the latest patches and security updates for operating systems, applications and web browsers.
- Establish a secure user and password management process. This includes, using strong, unique passwords for all accounts, changing default factory passwords, promptly revoking access when personnel leave the organization, avoid using the same password across multiple platforms. Enable two-factor authentication (2FA) whenever possible to add an extra layer of security to your accounts.
- Use only trained personnel who have entered into a confidentiality agreement with the supplier.
- Develop a replacement program for end-of-support hardware and software to mitigate risks.
- Assign user permissions based on roles and restrict the number of users with elevated permissions (Admin level).
- Utilize at least TLS 1.2 for publishing websites or establishing internet connections.
- Promptly notify Argos Multilingual of any actual or suspected security breaches, compromises, or unusual activities by contacting dataprivacy@argosmultilingual.com.
By adhering to these guidelines, our suppliers can help safeguard both their systems and the broader ecosystem we share.
Changes to the Security Policy
Argos Multilingual reserves the right to amend this Security Policy from time to time. Any changes are effective when posted on our website.