We are currently going through our ISO 27001 assessment and busy ensuring our processes are compliant, ready for our two audits coming up in the new year. TP Transcription Limited goes a lot further than a good number of our competitors when it comes to data security – we know from tender submissions and industry meetings that most transcription businesses are not Cyber Essentials Plus accredited & audited, do not hold ISO 27001, rarely carry the standard levels of insurance, and a number of them are not registered with the ICO (Information Commissioner’s Office). As a good amount of our work is with universities and government institutions, we take data security very seriously indeed.
One item arising from this audit is the level of security of transcripts we apply when returning transcription and translation work to clients. We are always reviewing our systems and processes to ensure that client data is as secure as possible.
We have decided following a recent internal audit that we will password protect all transcription work when returned to clients as Word documents or open source equivalents. This will mean that only recipients with a password can open the document and then read the content. The password protection transfers with the document no matter where it is stored or sent. This is not completely secure, but tampering with a protected document takes time and effort.
Not only this, but we also use Egress to send transcription and translation work to clients. Egress is military grade encryption, and sets a level of protection that prevents any 3rd parties accessing the transcription documents or the emails with the documents attached.
The passwords for Microsoft Office use AES.
AES (Advanced Encryption Standard) has been used by Microsoft since Office 2007 came into being. AES is a modern protection algorithm, and we understand that options to hack AES are very limited at the moment. In 2007, passwords entered to protect word documents were ‘stretched’ into a 128-bit key 50,000 times. This means that it takes a considerable amount of effort and time to crack it. Office 2010 went one step further and doubled the stretching to 100,000 times. Office 2016 and beyond doubled the key, so it is now a 256 key, which makes it even more secure.
Our clients can set their own passwords or we set one for them. We communicate the password via an alternative media, very often text message or whatsapp. Passwords have to be at least 12 characters long and have to include lower case, upper case and a special character.
One problem that has arisen is with qualitative data analysis software some academic researchers use called NVivo. NVivo does not allow password protected Word documents to be uploaded to the software, and consequently anyone using the software needs to ask us not to apply the password protection to their files. We can still send via Egress, so security during transit remains high.
Removing Word Document Passwords
Once you have received the transcription from us, you can easily remove the password. Simply do the following:
Open the document and enter its password.
Go to File > Info > Protect Document > Encrypt with Password.
Clear the password in the Password box, and then click OK.
Very straightforward, but if you have any issues please contact us.