One of the most popular questions we get asked by clients, in particular university researchers and academics who are undertaking ongoing research projects, is how safe is the data that we send you – what protection is there and how do we know that it is going to be stored securely and kept confidential?
You can rest assured that your data is completely secure with TP Transcription Limited and University Transcriptions. For our upload services we offer a number of different options to our university clients, including our main system which is supplied and operated by Maytech. Maytech are a UK government and public sector data security supplier, working with the likes of the Department for Environment, Food and Rural Affairs, Innovate UK, the Post Office (not sure this is a good endorsement after the Horizon scandal!), the Department for Education, Reading Borough Council and Suffolk County Council.
Quatrix is the name of the system. It is a secure file upload service used by a wide range of local authorities, government institutions and universities around the world. It is ISO27001 accredited and the data is uploaded directly to a data storage centre in the UK and accessed solely by us. You may see Quatrix.it on some of our sites – we can confirm that this does not mean the company are in Italy (‘.it’ is used by some technology companies in the same way as .ai and .io).
The level of encryption is military grade and we have full data sheets available for anyone who wants to go through them and see what security is applied in each and every case. The security details are summarised below:
- Data is encrypted in transit over HTTPS, SFTP or FTPS and at rest using AES-256 bit encryption.
- Advanced PGP encryption.
- PIN protection for files, folders and for user login.
- Antivirus scan for file uploads.
- File tokenisation.
Data Send UK Limited
We also use a separate service as a backup from Data Send UK Limited, a UK based upload service which is both GDPR and ISO27001 accredited and compliant. The company holds ISO 27001 and ISO 9001 and , and this is again a file upload service which involves full encryption, password protected files and accessed solely by our transcription manager, managing director and the transcribers working on a particular project. All files are stored on secure, private, dedicated servers with transfers using SSL encryption. Files are automatically deleted from the Data Send servers after 7 days.
TP Transcription Limited Systems
Our systems are protected by a Sophos internet firewall, which restricts access to data when it is stored at our offices. You can see our company policies on our website for IT security, as well as our IT security incident management policy. We are happy to provide clients with a Data Processing Agreement as required (a lot of universities have their own we have already signed). We are UK ICO registered as a data controller and our company holds Cyber Essentials and the IASME accreditation for GDPR compliance, which means that we are annually assessed and recognised for the way we handle data on a daily basis.
Our office PCs and laptops are kept fully up to date at all times (we use Microsoft systems). Data is stored securely on site and is never allowed off site. We have policies in place restricting including the use of USB memory sticks within the business and in the last 18 years of trading we have never had a security breach.
Our websites are protected by Sucuri, a large website security company in the USA, and we have full website backup services in play via BlogVault. This means that in the unlikely event of a hack occurring we can get the websites up and running again within a matter of minutes.
We limit the personal data we collect to the bare essentials in order to process orders and handle transcription work. Your personal data is kept on our systems for the agreed amount of time, which is usually one month for recordings and one year for transcriptions, but this varies from institution to institution and clients can request a different timeframe.
UK Based Transcribers
All of our transcribers are UK based and native English speakers (for English to English transcription). This means that data is kept within the UK at all times for all transcription work when it is in English. We can also use DBS checked transcribers if required and our transcription manager, Anna Gresty, has had a BPSS security clearance check completed.
Translation work can be slightly different if we have translators working on particular specialist projects around the world. We can notify clients at all times where your data is going to be or has been and in which countries.
Data Protection Training
Our transcribers are given regular training in data protection and the importance of keeping data secure when they first start work with us. We then update the training on an annual basis. All our transcribers are fully aware that we require them to be conscious of our clients’ security at all times and will sign a confidentiality undertaking with our company when they commence work with us. We will also often comply with client requests for transcribers and transcription managers to sign individual confidentiality undertakings for particular projects.
Safe, Secure and Reliable
Rest assured that if you use our service we have worked on highly sensitive projects for a wide range of clients including government institutions around the world, academic institutions, police investigations, local authority investigations, covert surveillance, highly sensitive political recordings and many more besides.
We hope this article gives you a little flavour as to the level of importance we place on data security and our IT systems. If you have any questions in relation to this, particularly if technical, please drop us an email to firstname.lastname@example.org.