Any translation business working with military contractors must adhere to International Traffic in Arms Regulations (ITAR). This set of rules controls the export and import of both goods and services used by the United States Department of Defense (DOD), but the regulations extend to any vendor or party along their supply chain.
Information security should always be a top priority for language service providers (LSPs). However, when approaching ITAR compliance, translation companies need to take a closer look at their current protocols and consider whether additional security measures are needed.
Here are three particular points of focus when it comes to achieving ITAR compliance.
Providing secure file transfers
The primary goal of ITAR is to prevent private and/or sensitive information from being disclosed to a foreign national. To achieve this, all file transfers and data import/export processes must go through a secure file transfer process that meets ITAR specifications.
The required features of this file transfer process include end-to-end encryption through a secure transfer portal. Access to this portal should also be cryptographically secured. Established channels for secure file transfer should also be monitored and tested to check for vulnerabilities that could become the source of a security breach.
Conducting background and location checks on linguists and other staff
It’s normal for LSPs to work with linguists and other language experts based around the globe. When it comes to ITAR compliance, though, any project or account subject to ITAR must be handled only by professionals working in the United States. Furthermore, the projects themselves may only be managed on U.S.-based servers, providing greater control in safeguarding this information from foreign nationals.
Linguists and other professionals must also undergo a rigorous background screening before they are cleared to work on any projects or accounts where ITAR compliance is being enforced. Your LSP should have access to a large, domestic network of language experts who can meet these requirements and support your various translation needs.
Implementing robust data security protocols
To stay in compliance with ITAR, security experts recommend extensive best practices when it comes to improving and enforcing your data security. While not an exhaustive list, some of the more foundational security protocols include:
- A secure network protected with a firewall
- Individual IDs assigned to each person to manage access and permissions
- Regular testing and monitoring of networks, network resources, and security processes
- Regular updating to security protocols in response to emerging threats
- A vulnerability management program to identify and respond to security concerns
Any translation company interested in servicing military contractors must first register itself with the State Department’s Directorate of Defense Trade Controls (DDTC). But registration is only the starting point: A qualified LSP will have a strong background in meeting robust security requirements, including for clients that fall outside of ITAR’s purview.
Looking for a translation company that makes data security a top priority? Contact us today.