Security of the Translation Center Platform

Last Updated: 24 November 2015

Security Procedures, Policies and Logging

The Translation Center Platform is operated by ProZ.com in accordance with the following procedures to enhance security:

• User passwords are stored using a one-way salted hash.
• User access log entries will be maintained, containing date, time, User ID, URL executed or entity ID operated on, operation performed (created, updated, deleted) and source IP address. Note that source IP address might not be available if NAT (Network Address Translation) or PAT (Port Address Translation) is used by Customer or its ISP.
• If there is suspicion of inappropriate access, ProZ.com can provide customers log entry records to assist in forensic analysis.
• Logs will be kept for a minimum of 90 days.
• Logs will be kept in a secure area to prevent tampering.

Intrusion Detection

ProZ.com, or an authorized third party, will monitor the Translation Center Platform for unauthorized intrusions. ProZ.com may analyze data collected by users' web browsers (e.g., device type, screen resolution, time zone, operating system version, browser type and version, system fonts, installed browser plug-ins, enabled MIME types, etc.) for security purposes, including to detect compromised browsers, to prevent fraudulent authentications, and to ensure that the Translation Center Platform functions properly.

Security Logs

All ProZ.com systems used in the provision of the Translation Center Platform, including network devices and operating systems, log information to their respective system log facility or a centralized server in order to enable security reviews and analysis.

Incident Management

ProZ.com maintains security incident management policies and procedures. ProZ.com promptly notifies impacted customers of any actual or reasonably suspected unauthorized disclosure of their respective customer data by ProZ.com or its agents of which ProZ.com becomes aware to the extent permitted by law.

User Authentication

Protected access to the Translation Center Platform requires authentication via one or more industry standard security mechanisms, such as username/password or OAuth2. Following successful authentication, a random session ID is generated and stored in the user's browser to preserve and track session state.

Physical Security

Production data centers used to provide the Translation Center Platform have access control systems. These systems permit only authorized personnel to have access to secure areas. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, are secured by around-the-clock guards, two-factor access screening, including biometrics, and escort-controlled access, and are also supported by on-site back-up generators in the event of a power failure

Reliability and Backup

All networking components and web servers are configured in a redundant configuration. All customer data submitted to the Translation Center Platform is stored on database servers with multiple replicated clusters for higher availability. All customer data submitted to the Translation Center Platform is automatically replicated on a near real-time basis to a secondary data center and is backed up on a regular basis and stored on backup media. Any backups are verified for integrity and stored in ProZ.com data centers.