Compliance & Information Security Policies
Cadence Translate, Inc. (“Cadence”) takes the security and privacy of our users’ data extremely seriously. As an international firm, we employ rigorous controls to ensure that any data shared with us is transmitted securely and such accessibility is easily audited. This document outlines key procedures and vendors that constitute Cadence’s information security as of the date of this document.
Linguist Contractor Compliance
Any events and/or meetings and/or documents where Cadence is asked to provide service, whether attended live via in-person, live via remote (e.g., conference call or web meeting), or attended after the fact (e.g., by transcribing a recording of a meeting or an event) are governed by the following procedures:
Cadence and its representatives will only utilize publicly accessible information to prepare for such events and/or meetings unless otherwise provided by the client for the explicit purpose of assisting to prepare for our services to be rendered.
Cadence and its representatives may make use of industry glossaries previously assembled, though such glossaries only contain industry terminology, participants, and brands which are publicly available. These glossaries are maintained by Cadence for internal use only. Glossaries are published, edited, and modified only through our editorial staff and cannot be edited by individual linguists.
The content of the events and/or meetings shall be in no way transmitted back to Cadence. The exception is a qualitative event summary that is mandatory for all cloud-based events. The questions for this summary are limited to:
Technical issues (e.g, audio quality)
Timing issues (e.g., duration of the event)
Terminology issues (e.g., if there was some particular vocabulary that the translator was not prepared for)
Satisfaction issues (e.g., did the client appear satisfied)
The industry being discussed and the format of the event/meeting is retained by Cadence in order to assist with our matchmaking. The options for industry and format are deliberately generic and can be further anonymized upon written request by clients (e.g., ‘5G networks in China’ can be reduced to ‘Telecom in Asia’).
Under no circumstances will Cadence make recordings of any events or meetings available to the public unless explicitly authorized by the client in advance.
If an event and/or meeting and/or document is expected to contain material, non-public information (MNPI), the following additional policies apply:
Any materials received in connection with these events are to be deleted from all of Cadence’s servers (including those of its representatives) 48 hours after the event has concluded and/or the document has been returned to the client and acknowledged as complete.
Shorter time periods for document retention can be enforced upon written request from a client at the time service is requested.
An audit trail for such deletions can be viewed upon written request from a client at the time service is requested.
Vendors & Data Handling
Our systems and processes are compliant with the new General Data Protection Regulation (GDPR). GDPR is the new standard in the European Union (EU) governing the privacy and data protection. You can look at Cadence's effort to comply with GDPR here: https://www.cadencetranslate.com/gdpr
Cadence does not own any servers and uses third-parties for business data management. We utilize a third-party, Salesforce, to store all of our business data. Our data is kept on redundant servers located in the Western U.S. Salesforce has industry-leading data security and administrative procedures. Permission rights are set based on the role of a user in the Cadence organization.
If clients have specific document/data retention policies, such customizable procedures are prominently displayed when our team accesses that client’s data. We utilize a third party, Google, to manage our email.
All of Cadence’s full-time employees work out of an office that is leased to Cadence. Each office has a physical lock and exists in a co-working space or Class-A commercial building that has 24/7 security and monitoring.
All of Cadence’s full-time employees are required to use a password manager in order to generate robust, safe passwords and prevent any one password from being used in more than one place.
Two-factor authentication is available for several of our systems, though only certain executives are required to utilize this added layer of protection.
The majority of our business data is kept on Salesforce, and such passwords are required to be changed every 90 days. Furthermore, suspicious logins based on geography or device OS will trigger a second layer of authentication.
Cadence takes information security and compliance extremely seriously, and any questions about these policies can be directed to our team for prompt resolution.
Have more questions about Cadence's compliance policies? Reach out to our team directly at firstname.lastname@example.org.
Last updated: April 2019