Compliance, Privacy & Security
Compliance. Data security. Privacy.
Language World has got you covered!
The importance of government regulatory non-compliance for language service organizations, healthcare providers, telehealth platforms and all businesses delivering interpretation services is significant.
Language World understands the consequences of regulatory non-compliance and recognizes that compliance issues are a constant and ongoing concern for organizations. Our commitment to regulatory excellence is demonstrated by SOC 2 Type II compliance. With SOC 2 Type II compliance, we assure our clients that their sensitive information is handled with the utmost care. We focus on all relevant domestic and international regulatory changes and updates, keeping track of the ongoing challenges emerging from new and pending data privacy legislation.
At Language World, we take the threat of regulatory action and any subsequent disruption to your business processes and business continuity seriously. We continuously strive to tighten controls for handling and processing all information.
HIPAA Compliance
Through HIPAA (Health Insurance Portability and Accountability), the United States provides privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers.
HIPAA is an effective compliance regulation and requires multiple risk assessments:
- Security Incidents – To track unauthorized access attempts to reduce risk and exposure to threats from outside network attacks and malware.
- Access Management – To requests to/from our servers are made over encrypted HTTPS (TLS 1.2) using only the most secure cipher suites.
- Encryption and Decryption – Operates through a multitenant public cloud infrastructure solution to segregate data by the tenant on their dedicated instance. All user information in the database is encrypted.
- Key Management – The management service we utilize takes advantage of Hardware Security Modules to protect the security of the keys.
- Logging and Audit Controls – HTTPS is the only form of communication allowed to the application programming interface. The SSL certificate can (and should) be validated in the client’s web browser. All security incidents are tended to by technical staff and when found to be true threats, are logged against the internal ticketing system for mitigation.
- Monitoring – All servers and network hardware the application is running on are securely monitored. Roles-based management can be used to restrict access to those users who should not have access to protected health information.
- Additional Security Incidents – Security incidents are communicated to administrators through email/text/phone calls and require recognition.
At Language World, we are staying up to date with privacy trends for our clients. Our security framework is based on the ISO 27001 Information Security Standard and includes security mechanisms that cover:
- Personnel Security
- Product Security
- Cloud and Network Infrastructure Security
- Continuous Monitoring and Vulnerability Management
- Physical Security
- Business Continuity and Disaster Recovery
- Third-Party Security
- Security Compliance