Pages in topic:   [1 2 3 4 5 6 7] >
SecurePRO update - list of security practices derived from SecurePRO cards
Thread poster: Henry Dotterer
Henry Dotterer
Henry Dotterer
Local time: 12:13
SITE FOUNDER
Aug 18, 2017

Hi folks,

An update on the SecurePRO program announced, as part of the Plus package rollout, at http://www.proz.com/about-plus-package#secure_pro

* Just over 3000 people have entered content into one or both of the free text areas in their SecurePRO card.
* Many more have made use of other fields (over 15,000 people have registered email addresses, for exa
... See more
Hi folks,

An update on the SecurePRO program announced, as part of the Plus package rollout, at http://www.proz.com/about-plus-package#secure_pro

* Just over 3000 people have entered content into one or both of the free text areas in their SecurePRO card.
* Many more have made use of other fields (over 15,000 people have registered email addresses, for example.)
* Job posters have specified project sensitivity levels about 7000 times.
* The most commonly used sensitivity level is MEDIUM, and the next most common is HIGH. About 10% of the time, LOW is used to indicate that confidentiality is not an issue.
* Around 800 profile owners have explicitly opted out of using SecurePRO cards.

Given the above we are ready to move to the next steps in development of the program.

-----

Steps taken, or that can be expected:

- A comprehensive list of potential security practices has been extracted from the unstructured texts entered into SecurePRO cards. It is currently available to members, at: http://www.proz.com/security-practices

An example of a security practice shown on the list is "I delete project files upon completion of work, or am willing to do so upon request".

- It is possible to indicate -- if you choose to do so -- which practices from the list you offer, or do not offer.

- In some cases two possible choices are given, and in other cases, three.

An example of a security practice that offers two possible choices is "I have a home office." (Basically, you either have one or you don't.)

An example of a security practice that offers three possible choices is "I am willing to deliver to the client any translation memories created." We see, from the data, that some people offer this for all projects, some people do not offer it, and some people are willing to offer it depending on rate of payment or other factors.

- Data on profile owner responses to each security practice is shown to members, in aggregate form, when at least ten people have specified whether or not they offer the practice.

- Right now, SecurePRO cards are visible to profile owners only. At some point during the upcoming process of curating the list and collecting responses, accessibility settings will be updated and it will be possible for SecurePRO cards to be used in practice.

- Additional steps are anticipated after that time.

-----

If you are interested in participating in the focus group, please contact me.
Collapse


Samuel Barfield
Ahmed Elngar
Roberto Rostagno
JUNG WON PARK
Aktar Hussain
Elina Mark
Eric Foko Foko
 
Henry Dotterer
Henry Dotterer
Local time: 12:13
SITE FOUNDER
TOPIC STARTER
The list and FAQ Aug 20, 2017

Thanks to M. Ali for taking a look at the list.

The list of security practices has now been published (for members only, for now -- want to get member feedback first) at http://www.proz.com/security-practices

-----

FAQ

What is the goal of the SecurePRO™ program?

To enhance the ability of LSPs and freelancers to ensure the co
... See more
Thanks to M. Ali for taking a look at the list.

The list of security practices has now been published (for members only, for now -- want to get member feedback first) at http://www.proz.com/security-practices

-----

FAQ

What is the goal of the SecurePRO™ program?

To enhance the ability of LSPs and freelancers to ensure the confidentiality of end-client data, while still carrying out work in an efficient manner.

How does the SecurePRO™ program accomplish that?

For a start, by raising awareness of security practices. Beyond that, a means is provided for freelancers to efficiently present their security practices and capabilities, and for clients to specify security needs on a project-by-project basis. Other important program features are forthcoming.

What is a SecurePRO™ Card?

A SecurePRO™ Card is the digital card, accessible from within profiles, where a freelancer can specify his or her security practices.

Who can create a SecurePRO™ Card?

Anyone with a ProZ.com profile of type freelancer or "both".

How does a freelancer create a SecurePRO™ Card?

By going to the comprehensive list of security practices and indicating which ones he or she offers.

What happens when I indicate that I offer, or conditionally offer, one of the security practices on the list?

The fact that you offer or conditionally offer that practice will be stated in your SecurePRO™ card.

If I indicate that I never offer a certain practice, is that shown in my SecurePRO™ card?

No. The card shows what you offer. No mention is made of what you do not offer.

What is the point of ticking "Never" if it does not even get shown?

It gets displayed in the aggregate data, which will be displayed not only to colleagues but also to clients when they are indicating which security practices they wish to require. (It may be useful for a client to know that by requiring a particular security practice, one is reducing one's pool of available translators by one-half, one-third, or whatever.)

What is the effect of ticking "Clear/Skip"?

Ticking "Clear/Skip" lets the system know that you choose not to specify whether or not you offer that particular practice. You will not be prompted to enter a response to this practice in the future.

Can I change settings?

Yes, you can freely change your setting for each practice at any time.

What legal ramification is there, if any, of my ticking a given security practice?

Consider it similar to making the same statement in free text form in your profile.

How was the comprehensive list of security practices created?

The list has been derived from practices described, in free text form, by freelance translators in their SecurePRO™ cards.

What if I want to offer security practices that are not on the list?

Apart from ticking off the practices that you offer from the list, you can enter additional information in the SecurePRO Card in free text form.

Who gets to see SecurePRO™ cards?

Full SecurePRO™ support is part of ProZ.com's Plus service package. For a SecurePRO™ card to be visible, either the owner of the card or the viewer must be a Plus subscriber (professional or business.)
Collapse


Sharon Zarb (X)
Samuel Barfield
Michala Hajkova
Katarzyna Bezak-Goebel (X)
Aktar Hussain
Elina Mark
Eric Foko Foko
 
Maija Cirule
Maija Cirule  Identity Verified
Latvia
Local time: 18:13
German to English
+ ...
I would add Aug 20, 2017

=== Other personal characteristics ===

* I have either endorsed the ProZ.com Professional Guidelines or am bound by the code of conduct of a recognized industry association.
* I am able to provide my own NDA / security policy for clients who do not have one readily available.
* When no NDA has been signed, my assumption is that material is confidential.
* I am experienced working with highly confidential content.
* I have experience working on clients' tools
... See more
=== Other personal characteristics ===

* I have either endorsed the ProZ.com Professional Guidelines or am bound by the code of conduct of a recognized industry association.
* I am able to provide my own NDA / security policy for clients who do not have one readily available.
* When no NDA has been signed, my assumption is that material is confidential.
* I am experienced working with highly confidential content.
* I have experience working on clients' tools/applications/portals.
* I do not subcontract/outsource work, or I do not do so without client permission.
* I have been trained in, or I have worked in, the data security field.
* I am willing to submit to personal background checks.
* I am willing to submit to drug testing. [/quote]

* I am willing to submit to STD testing
Seriously speaking, I have nothing against the listed activities only the most part of them seems to be some kind of "overacting" and not applicable to an ordinary freelance translator.
Hope that the list'll be scaled down and wish good luck
Collapse


Samuel Barfield
Sylvia Izzo
Aktar Hussain
Elina Mark
Eric Foko Foko
JleShBiyena
GUILHERME A ARAUJO
 
Katalin Horváth McClure
Katalin Horváth McClure  Identity Verified
United States
Local time: 12:13
Member (2002)
English to Hungarian
+ ...
Overwhelming Aug 20, 2017

I stopped reading somewhere in the second group. Seriously, this is not practical. At all.
We are freelancers, not employees. Some of the items listed look like requirements for government security clearance. Those jobs are handled differently, not by checklists like this.
Do you think that someone posting translation jobs here would go over such a long and detailed list to check items from it? I doubt it. They will either ignore it, or click the button that checks everything.
... See more
I stopped reading somewhere in the second group. Seriously, this is not practical. At all.
We are freelancers, not employees. Some of the items listed look like requirements for government security clearance. Those jobs are handled differently, not by checklists like this.
Do you think that someone posting translation jobs here would go over such a long and detailed list to check items from it? I doubt it. They will either ignore it, or click the button that checks everything.

Just one example of the items that I find very strange.
How is delivering or not delivering the TM to the client is a SECURITY matter? - It is not. It is a business matter. Some people refuse to give the TM to the client for free, because they used their own tools and time to create and maintain it. Some people deliver the TM as a matter of routine, with the translation, because the client can recreate it anyway, so there is no business leverage to be gained by not delivering it.
I think it is strictly a business decision, not a security one.
Collapse


Samuel Barfield
Eric Foko Foko
Heike Kurtz
JleShBiyena
Yoonhee Jun
Yvonne Gallagher
GUILHERME A ARAUJO
 
Tom in London
Tom in London
United Kingdom
Local time: 16:13
Member (2008)
Italian to English
No idea Aug 20, 2017

Katalin Horváth McClure wrote:

I stopped reading somewhere in the second group. Seriously, this is not practical. At all.
We are freelancers, not employees. Some of the items listed look like requirements for government security clearance. Those jobs are handled differently, not by checklists like this.
Do you think that someone posting translation jobs here would go over such a long and detailed list to check items from it? I doubt it. They will either ignore it, or click the button that checks everything.

Just one example of the items that I find very strange.
How is delivering or not delivering the TM to the client is a SECURITY matter? - It is not. It is a business matter. Some people refuse to give the TM to the client for free, because they used their own tools and time to create and maintain it. Some people deliver the TM as a matter of routine, with the translation, because the client can recreate it anyway, so there is no business leverage to be gained by not delivering it.
I think it is strictly a business decision, not a security one.




I have no idea what this thing is - haven't got time to think about it. Proz has been working just fine for me and I don't have any security issues.

I would be grateful if Proz could help busy people like me with a monthly newsletter telling us all what's going on.


Samuel Barfield
Eric Foko Foko
GUILHERME A ARAUJO
Marcia Dos santos
Asmaa Elbatal
Said Laabaci
Farnaz Namvar
 
Lincoln Hui
Lincoln Hui  Identity Verified
Hong Kong
Local time: 00:13
Member
Chinese to English
+ ...
Is this what you're talking about? Aug 20, 2017

Tom in London wrote:

I have no idea what this thing is - haven't got time to think about it. Proz has been working just fine for me and I don't have any security issues.

I would be grateful if Proz could help busy people like me with a monthly newsletter telling us all what's going on.


Clipboard02

Full disclosure: I never read it.


Samuel Barfield
GUILHERME A ARAUJO
Asmaa Elbatal
Said Laabaci
Sanaa Zahy
Mian Khisro
Seljan Abasova
 
Henry Dotterer
Henry Dotterer
Local time: 12:13
SITE FOUNDER
TOPIC STARTER
What else, Katalin Aug 20, 2017

... not applicable to an ordinary freelance translator ...

Seriously, this is not practical... We are freelancers, not employees.

In case it was not clear, this list of security practices was taken from the descriptions of security practices that freelancers are entering, for prospective clients, in their profiles. In other words, these are the sorts of things that some freelancers think are relevant to clients.

How is delivering or not delivering the TM to the client is a SECURITY matter?

That's a good point. I've taken it out. If someone can tell me how it relates to security I'll put it back in.

You said there were other things you found strange, Katalin. What else?


Samuel Barfield
Hassan Bekhit Hassan
Asmaa Elbatal
Said Laabaci
ADEN DEKOW
Anne Marie Uzamukunda
Mian Khisro
 
Sheila Wilson
Sheila Wilson  Identity Verified
Spain
Local time: 16:13
Member (2007)
English
+ ...
I am NOT a happy bunny now Aug 20, 2017

=== Handling of content/files ===

This:
* I take care to prevent project files and content from being accessed by unauthorized parties
with a bit of tweaking to cover non-digital client information, covers all the others relating to data/client privacy perfectly adequately, with any T&C specific to particular clients being negotiable.

=== Physical office ===

What on earth do any of those
... See more
=== Handling of content/files ===

This:
* I take care to prevent project files and content from being accessed by unauthorized parties
with a bit of tweaking to cover non-digital client information, covers all the others relating to data/client privacy perfectly adequately, with any T&C specific to particular clients being negotiable.

=== Physical office ===

What on earth do any of those have to do with any client? Is it so they can have more leverage over us because we 'just homeworkers', as though we stick things in envelopes for a loaf-of-bread-per-hour rate? Why should any business make its offices available for inspection (unless by the authorities - who will do it if they so wish, SecurePRO or not)? These and many others that follow are just simply none of their business, or else they're covered by the first one.


In short, I do not see any need for all this, and I see it as a definite step by ProZ.com to incite clients (not employers, remember?) to be intrusive and tell us how to run our professional and even our personal lives. By refusing to go along with this feature we'll be made to look as though we're somehow a risk. That makes this feature a really, really serious negative, to my mind.

I thought this security thing that was promised, and that encouraged me to opt for the Plus grade of membership, was going to somehow give ME security. I'm sick to death of getting job requests from outsourcers who don't have to disclose anything at all. I'm forced to do everything from the very beginning, trying to track down real names, real premises, real reviews (as all too often they're getting themselves linked to better BB records). I thought ProZ.com was going to put us in touch with clients who had given all THEIR information to the site, so that we could be confident that the company at least existed and was in country A or B, not someone who just fancied posting a job and lying about everything.
Collapse


Daniel Erlich
Samuel Barfield
Heike Kurtz
Elzbieta Dubois
Yvonne Gallagher
Asmaa Elbatal
Said Laabaci
 
Tom in London
Tom in London
United Kingdom
Local time: 16:13
Member (2008)
Italian to English
No. Aug 20, 2017

Lincoln Hui wrote:

Is this what you're talking about?


No.


Samuel Barfield
Asmaa Elbatal
Said Laabaci
Anne Marie Uzamukunda
Seljan Abasova
Mohamed Osman
 
Ali Bayraktar
Ali Bayraktar  Identity Verified
Türkiye
Member (2007)
English to Turkish
+ ...
I think this feature can help you Aug 20, 2017

Sheila Wilson wrote:
I'm sick to death of getting job requests from outsourcers who don't have to disclose anything at all. I'm forced to do everything from the very beginning, trying to track down real names, real premises, real reviews (as all too often they're getting themselves linked to better BB records). I thought ProZ.com was going to put us in touch with clients who had given all THEIR information to the site, so that we could be confident that the company at least existed and was in country A or B, not someone who just fancied posting a job and lying about everything.


You can make suggestions to site.
They may be reorganize their "Message Me" form.
In your "Message Me" section you can add mandatory sections.
For example if somebody writes you a message you can select mandatory sections.
Name, E-Mail Address, Country, Company Name, Subject.
You can suggest site to make all those parts mandatory before sending you a message.
Other translators may select other mandatory fields.
And I think this feature will solve all your problems (in contacting of course)

Best,

M. Ali


Samuel Barfield
Ismail Hassan
Asmaa Elbatal
Said Laabaci
Farnaz Namvar
Azmy Gamal
Anne Marie Uzamukunda
 
Ali Bayraktar
Ali Bayraktar  Identity Verified
Türkiye
Member (2007)
English to Turkish
+ ...
Some questions Aug 20, 2017

Henry Dotterer wrote:
1- === Handling of content/files ===
2- === Productivity tools ===
3- === Physical office ===
4- === Work computer / mobile phone ===
5- === Networking ===
6- === Personal identity ===
7- === Password practices ===
8- === Certifications ===
9- === Ethics ===
10- === Other personal characteristics === .


To my opinion Points 1, 5, 7, 9 and 10 are subjective points and can not be verified by any third party (here we can say ProZ)
But Points 2, 3, 4, 6, 8 are objective points and can be verified by any third party.

All those SecurePRO thing is about being able to prove the trustworthiness, security, carefulness and professionalism with the files and contents of the client right?

How to verify subjective statements?
Shortly speaking how to use ProZ.com and its tools as our witnesses in the subject of Privacy and Security?

Security is a subject area where personal statements do not have any meaning.
All parts should consist of verifiable data.
1, 5, 7, 9 and 10 are not verifiable data but personal statements.

Any plans about this?
Or am I understanding the meaning of SecurePRO wrong?

Best,

M. Ali


Samuel Barfield
Asmaa Elbatal
Said Laabaci
Anne Marie Uzamukunda
Seljan Abasova
Mohamed Osman
 
Jennifer Forbes
Jennifer Forbes  Identity Verified
Local time: 16:13
French to English
+ ...
In memoriam
Another UNHAPPY bunny Aug 20, 2017

Exactly like Sheila, I'm not at all happy with this new list of "security" declarations.
Apart from the fact that many of them are truly unverifiable, there are few items in the list which I would be willing or even able to endorse.
However, that doesn't mean I am not who I say I am or that I'm not an honest, hard-working, trustworthy and reliable translator.
Won't my "non-ticking" of most of the items in the list convey the contrary impression?
Please, Proz, what freelan
... See more
Exactly like Sheila, I'm not at all happy with this new list of "security" declarations.
Apart from the fact that many of them are truly unverifiable, there are few items in the list which I would be willing or even able to endorse.
However, that doesn't mean I am not who I say I am or that I'm not an honest, hard-working, trustworthy and reliable translator.
Won't my "non-ticking" of most of the items in the list convey the contrary impression?
Please, Proz, what freelancers need is greater security regarding the identity and reliability of outsourcers. Isn't this site intended mainly for the benefit of translators and interpreters?
Collapse


Samuel Barfield
Hellali Pénanguer
Heike Kurtz
Yvonne Gallagher
Asmaa Elbatal
Said Laabaci
Azmy Gamal
 
Fiona Grace Peterson
Fiona Grace Peterson  Identity Verified
Italy
Local time: 17:13
Italian to English
Complete blood count or just urinalysis? Aug 20, 2017

Henry Dotterer wrote:

* My home office is in its own room.
* I am the only one who uses my home office.

* I am willing to agree to make my home office available for on-site audit.


I live in an extremely small flat, and do not have the luxury of the first two.
Does that make me "unprofessional", or my working methods "unsecure"? Or maybe clients (and Proz) look more favourably on a freelancer who lives in a house with twenty-one rooms and posts forty-six KudoZ questions a day, as long as these queries have been "approved"?

As for the third... why should anyone need/want to AUDIT my home office?
The mind boggles, quite frankly.


But I think the two below are my favourites!!!

Henry Dotterer wrote:
* I am willing to submit to personal background checks.
* I am willing to submit to drug testing.


Erm... WHAT???

I subscribed to the Plus package, but this is getting ridiculous. The security measures I adopt as a freelancer are written into my Terms and Conditions that I send to each client; the infinite variety of freelancers' homes and working conditions are such that trying to impose some kind of "one size fits all" approach is discriminatory and unfair.

Henry Dotterer wrote:

* Just over 3000 people have entered content into one or both of the free text areas in their SecurePRO card.
* Many more have made use of other fields (over 15,000 people have registered email addresses, for example.)
* Job posters have specified project sensitivity levels about 7000 times.
* The most commonly used sensitivity level is MEDIUM, and the next most common is HIGH. About 10% of the time, LOW is used to indicate that confidentiality is not an issue.


The fact that "people have entered content" into text areas of their SecurePRO card, or that "Job posters have specified project sensitivity levels about 7000 times", does not mean that either of these user categories perceived a necessity for this information. It was an option and they took it.



[Edited at 2017-08-20 16:49 GMT]


Samuel Barfield
Hellali Pénanguer
Heike Kurtz
Elzbieta Dubois
Yvonne Gallagher
Asmaa Elbatal
Said Laabaci
 
writeaway
writeaway  Identity Verified
French to English
+ ...
Baffled bunny Aug 20, 2017

I really don't get it. Proz.com is a commercial website that welcomes any and all who profess to be translators. No questions asked. Just sign up and preferably pay.
What is the purpose of all this? I thought the 'invoicing feature' (even non-payers can use it) was invasive enough but this really takes the cake.
Is it only for those who buy into the full package? Do the rest of us automatically escape (I hope)?
...
See more
I really don't get it. Proz.com is a commercial website that welcomes any and all who profess to be translators. No questions asked. Just sign up and preferably pay.
What is the purpose of all this? I thought the 'invoicing feature' (even non-payers can use it) was invasive enough but this really takes the cake.
Is it only for those who buy into the full package? Do the rest of us automatically escape (I hope)?
Collapse


Samuel Barfield
Asmaa Elbatal
Said Laabaci
Anne Marie Uzamukunda
Seljan Abasova
Mohamed Osman
 
Michele Fauble
Michele Fauble  Identity Verified
United States
Local time: 09:13
Member (2006)
Norwegian to English
+ ...
Says it all Aug 20, 2017

Fiona Grace Peterson wrote:

... this is getting ridiculous.


Samuel Barfield
Elzbieta Dubois
Mohamed HAJI
Asmaa Elbatal
Said Laabaci
Azmy Gamal
Seljan Abasova
 
Pages in topic:   [1 2 3 4 5 6 7] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

SecurePRO update - list of security practices derived from SecurePRO cards






CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

Buy now! »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »