Keeping our clients’ data safe is central to the way we work and is a principle which informs every aspect of our service delivery.
Apple Transcription Ltd adheres to the Data Protection Act 1998 and will hold and process any personal information provided to them by clients and other interested parties in order to facilitate the provision of transcription services. All data is held and processed in accordance with the requirements of the Act.
All third parties who are given access to our information agree to follow our information handling, retention and security policies. Suppliers have limited access to data relating to staff and clients and are required to sign an agreement in respect of confidentiality and security.
Staff and transcribers
All staff and transcribers work in accordance with our security and confidentiality policies and procedures. They are advised of the importance of security and confidentiality of data as part of their induction programme and have to familiarise themselves with all procedures including password protocols, data protection requirements, as well as signing a confidentiality clause.
The Employee Handbook sets out all employees’ responsibilities with respect to their use of computer systems and all sets of data, computer-based or otherwise.
A security checklist, covering levels of PC security, passwords, anti-virus software and deletion of files is completed and signed by transcribers at induction stage and annually thereafter.
The organisation operates a secure website which holds completed Word documents and digital audio recordings, for a limited period of time. This system is located in a secure data centre and a number of steps have been taken to secure the system and the data contained within it.
- Use of a dedicated hardware firewall to increase security and reduce threats from viruses while maintaining high system throughput.
- A signed server certificate guaranteeing 2048bit encryption using the HTTPS protocol for secure transactions.
- Numerous backup mechanisms including database and full system backups (on and off site) to ensure user data is not lost.
- Various auditing and logging mechanisms to analyse user activity and identify misuse of the system.
- Encryption all files during transit
- ‘Timeouts’ in operation to increase security
The database has different levels of access, restricting access to personal data to staff and transcribers who need it to complete the specific requirements of their jobs.
An online real time security audit is in place to audit any unauthorised access attempts and attempted breaches of security. The audit also monitors online activity of users.
Cryptographic methods are employed to ensure high levels of security through our online systems:
- We use a standard Microsoft .NET development lifecycle. All our cryptographic keys are unique to the Apple application and are compiled into the application so that there’s no visibility of the keys.
- All data is encrypted at rest and in transit
- Off-site data backups are encrypted
- Encryption is to the US FIPS 140-2 standard for IT security
All systems and procedures are reviewed regularly to ensure compliance with security standards and legal regulations.