Pages in topic:   < [1 2 3 4 5 6 7] >
SecurePRO update - list of security practices derived from SecurePRO cards
Thread poster: Henry Dotterer
Henry Dotterer
Henry Dotterer
Local time: 12:56
SITE FOUNDER
TOPIC STARTER
Opting not to show it counts as completion Aug 24, 2017

Mirko Mainardi wrote:

Just a few minutes ago I noticed my "profile completeness" had suddenly and inexplicably dropped from 100% to 88%. After a lot of digging around, I finally managed to find (again) this: http://www.proz.com/profile-completion

Apparently, that happened because I had decided to tick the "I choose not to enter my security procedures" in the new "Data security" section of our profiles, which is now part of the list of fields used to calculate profile completeness.

I don't think so. The SecurePRO card has been an "Encouraged/Recommended" field since late last year. Indicating your intent not to show it counts as completion.


 
Mirko Mainardi
Mirko Mainardi  Identity Verified
Italy
Local time: 17:56
Member
English to Italian
Screenshot Aug 24, 2017

Henry Dotterer wrote:

Mirko Mainardi wrote:

Just a few minutes ago I noticed my "profile completeness" had suddenly and inexplicably dropped from 100% to 88%. After a lot of digging around, I finally managed to find (again) this: http://www.proz.com/profile-completion

Apparently, that happened because I had decided to tick the "I choose not to enter my security procedures" in the new "Data security" section of our profiles, which is now part of the list of fields used to calculate profile completeness.


I don't think so. The SecurePRO card has been an "Encouraged/Recommended" field since late last year. Indicating your intent not to show it counts as completion.


Profile_security_procedures


 
Henry Dotterer
Henry Dotterer
Local time: 12:56
SITE FOUNDER
TOPIC STARTER
Why not, Lincoln? Aug 24, 2017

Lincoln Hui wrote:

1. The number of items is self-defeating. The list is so long that it fragments emphasis, drawing focus away from the things that really matter. Assuming that one answers Always or Sometimes to all the items, the SecurePRO card display becomes very effective at preventing people from reading it by virtue of sheer length. (If that was the point, disregard this.)

Ha, no, not intentional. We've noticed this issue. Any ideas?

2. One of the fundamental issues of the program is that translators are incentivized to provide positive responses that are, for all due intents and purposes, impossible to prove one way or the other.

If it were true that anything not proven ought not even be stated, then you (and everyone else) will probably have to delete most or all of your profile and CV. Just because statements are not proven does not make them worthless.

I also do not believe that this can replace a custom NDA or confidentiality agreement between client and contractor from a legal perspective, which means that it is entirely superfluous and does not serve any practical purpose.

The SecurePRO program is not meant to replace NDAs, any more than listing services in your profile is meant to replace purchase orders. I'll add that to the FAQ.

3. Most importantly, though, I would like to ensure that the SecurePRO card cannot be used as a search criteria or a filtering criteria (whether for postings or searches). No one searching for translators should be able to set search parameters based on what security policies the translator has set, or whether he or she has a SecurePRO card.

Why ever not? Some medical interpreting assignments in the US require that the interpreter be HIPAA certified. What is your argument against allowing clients to limit their search to interpreters who who report that they are HIPAA certified? (And where does that end? Should people not be allowed to (self)report that they are interpreters?)


 
Henry Dotterer
Henry Dotterer
Local time: 12:56
SITE FOUNDER
TOPIC STARTER
I don't see any issue in your profile, Mirko Aug 24, 2017

Mirko Mainardi wrote:
Profile_security_procedures

Yes, the check mark shows that it is completed. And it appears in the list of sections that is completed. Your profile completion seems to be at 100%. If you see something different, let's follow up via support ticket.


 
Mirko Mainardi
Mirko Mainardi  Identity Verified
Italy
Local time: 17:56
Member
English to Italian
Just switched it back Aug 24, 2017

Henry Dotterer wrote:

Mirko Mainardi wrote:
Profile_security_procedures

Yes, the check mark shows that it is completed. And it appears in the list of sections that is completed. Your profile completion seems to be at 100%. If you see something different, let's follow up via support ticket.


Yes, you saw it at 100% because I unticked the checkbox to make it complete again after reporting the issue... Not I ticked it again, and my completeness is back at 88%.

Profile_completeness


 
Henry Dotterer
Henry Dotterer
Local time: 12:56
SITE FOUNDER
TOPIC STARTER
OK, we'll look into it! Aug 24, 2017

Mirko Mainardi wrote:

Yes, you saw it at 100% because I unticked the checkbox to make it complete again after reporting the issue... Not I ticked it again, and my completeness is back at 88%.

OK, then thanks for reporting this. We'll investigate!


 
Henriette Saffron (X)
Henriette Saffron (X)  Identity Verified
Denmark
Local time: 17:56
English to Danish
+ ...
100% changes back to 88% Aug 24, 2017

I have declined to enter Standard Security Features. When go to my profile, the Encouraged completeness is 88%. When I click “Update completeness” the Encouraged completeness changes to 100%, but it changes back to 88%, if I click “Save and update profile” or leave and revisit my profile.


[Edited at 2017-08-24 13:37 GMT]


 
Henry Dotterer
Henry Dotterer
Local time: 12:56
SITE FOUNDER
TOPIC STARTER
Thanks, Henriette! Aug 24, 2017

Henriette Saffron wrote:

I have declined to enter Standard Security Features. When go to my profile, the Encourages completeness is 88%. When I click “Update completeness” the Encouraged completeness changes to 100%, but it changes back to 88%, if I click “Save and update profile” or leave and revisit my profile.

Thanks, that sounds like it might be useful debugging info.


 
Lincoln Hui
Lincoln Hui  Identity Verified
Hong Kong
Local time: 00:56
Member
Chinese to English
+ ...
- Aug 24, 2017

Why ever not? Some medical interpreting assignments in the US require that the interpreter be HIPAA certified. What is your argument against allowing clients to limit their search to interpreters who who report that they are HIPAA certified? (And where does that end? Should people not be allowed to (self)report that they are interpreters?)

Actually, "where does it end" is exactly what I want to ask. HIPAA certification is one of the things that I can accept being searchable, but keep in mind that this is something that is relatively verifiable.

The main searchable filters in the directory often directly pertain to the translator's ability to complete certain types of work, and for better or for worse claims can usually be proven or disproven at some point. With some of the security practices listed, there is virtually no way to ever tell.

(And by the way, I find some of the additional search options to be quite questionable as well - Last posted "What I'm working on now"? Really? Maybe that's something that deserves a topic on its own.)

Right now I see that there are plans to add country of citizenship and security clearance, and I have no issue with that personally (how you handle that practically is another matter). But there are a lot of things on that security practice list that are a lot more questionable as search criteria, and right now it's not clear what will or will not be used as filters, and to use the same point as my previous post, the more criteria are made available, the less useful each one becomes.


 
Jason Grimes
Jason Grimes
Local time: 12:56
SITE STAFF
Fixed: Profile completeness respects opt-out of security procedures now Aug 24, 2017

The profile completeness checker now correctly respects the opt-out setting for security procedures. (If you've opted out, it will count as complete.)

If your profile completeness indicator still seems incorrect, please click "Update completeness" once more to fix it. If for some reason that still does not work, please let me know.

Thanks, Mirko and Henriette, for helping to solve this issue.

Best regards,

Jason


 
Otha Nash
Otha Nash
United States
Local time: 12:56
Arabic to English
+ ...
Simpler Would Be Better Aug 24, 2017

If the purpose of this list is to serve as a screening tool, I'm not sure that presenting it on a "card" that is supposed to represent our trustworthiness and reliability as professionals is appropriate or effective. As I see it, the conditions listed are so specific, so complex, and so varied from jurisdiction to jurisdiction, that the only appropriate place to address them is in the contract negotiated between the client and contractor. It would perhaps be better to simply indicate that the co... See more
If the purpose of this list is to serve as a screening tool, I'm not sure that presenting it on a "card" that is supposed to represent our trustworthiness and reliability as professionals is appropriate or effective. As I see it, the conditions listed are so specific, so complex, and so varied from jurisdiction to jurisdiction, that the only appropriate place to address them is in the contract negotiated between the client and contractor. It would perhaps be better to simply indicate that the contractor:

1) Subscribes to the ethical guidelines set down by ProZ and/or the professional membership body to which they belong
2) Respects and protects client privacy and confidentiality and,
3) Observes secure computing and data handling practices

[Edited at 2017-08-24 17:07 GMT]
Collapse


 
Mirko Mainardi
Mirko Mainardi  Identity Verified
Italy
Local time: 17:56
Member
English to Italian
Confirmed Aug 24, 2017

Jason Grimes wrote:

The profile completeness checker now correctly respects the opt-out setting for security procedures. (If you've opted out, it will count as complete.)


Thank you Jason. This is to confirm it is now working.

P.S. So the grey checkmark (i.e. "Standard security procedures", in the first screenshot I posted) is supposed to look like that by design?

[Edited at 2017-08-24 18:04 GMT]


 
Henry Dotterer
Henry Dotterer
Local time: 12:56
SITE FOUNDER
TOPIC STARTER
Thanks for posting, Otha. Aug 24, 2017

Otha Nash wrote:
Simpler Would Be Better

Agree!

If the purpose of this list is to serve as a screening tool, I'm not sure that presenting it on a "card"...

Yes, I'm also wondering if there is not a better way to present the information derived from the bullet point list.

...that is supposed to represent our trustworthiness and reliability as professionals is appropriate or effective.

Well, I would not say that that is quite the point of the card. In the form for entering information, it states: "Use this section to communicate to potential clients and collaborators your philosophy and practices related to confidentiality and data security." Basically, this is a space to present information related to your handling of data security. The section is not meant to divine which professionals are "trustworthy" and "reliable" in a general sense.

As I see it, the conditions listed are so specific, so complex, and so varied from jurisdiction to jurisdiction, that the only appropriate place to address them is in the contract negotiated between the client and contractor.

The SecurePRO card is not meant to replace the NDA process, but rather, to support it. Since several people have this impression, I wonder if there is something about our presentation of SecurePRO that is misleading. Can someone help me to understand what is giving the impression that SecurePRO is somehow contrary to NDAs?

It would perhaps be better to simply indicate that the contractor:
1) Subscribes to the ethical guidelines set down by ProZ and/or the professional membership body to which they belong
2) Respects and protects client privacy and confidentiality and,
3) Observes secure computing and data handling practices

That would be fine, but it would fail to achieve part of the objective here. To use the recent example, what you propose would not help an LSP that needs HIPAA-certified interpreters to more quickly connect with some (and vice versa, that is, it wouldn't help HIPAA-certified interpreters to make themselves available as such to potential new clients).


 
Henry Dotterer
Henry Dotterer
Local time: 12:56
SITE FOUNDER
TOPIC STARTER
Which terms, if any, ought to be discarded? Aug 25, 2017

Lincoln Hui wrote:
HIPAA certification is one of the things that I can accept being searchable...

OK, good.

but keep in mind that this is something that is relatively verifiable.

I understand the issue you are getting at, and I also have my concerns about dishonest entries, but at the same time, I would say that "verifiability" ought not be a showstopper in and of itself. To illustrate, consider this: If you need a HIPAA-certified interpreters, and I tell you that I am not HIPAA-certified (as have most people who have specified that practice), won't you believe me and move on, even though the fact that I am not HIPAA-certified has not been verified by a third party? Of course you would. And if I am able to convey such information to you in an agreed-upon place (the SecurePRO card) in a standardized format, won't that potentially save both you and I a bit of time? Of course it will.

With some of the security practices listed, there is virtually no way to ever tell.

True, but that's the real world for you. "Files will be deleted upon completion of project" is a term that is not uncommonly asked for by clients, and not uncommonly agreed to by freelancers. The fact that it is very difficult (some would say impossible) to tell with certainty that no copy of a file has not been kept, does not prevent clients from asking and freelancers from agreeing, in legally binding NDAs, to the term. Now, if such clauses can and in some cases "must" be written into NDAs, what's wrong with giving people a way -- for efficiency purposes -- to indicate in advance their willingness, or lack thereof, to agree to such a clauses?

(And by the way, I find some of the additional search options to be quite questionable as well - Last posted "What I'm working on now"? Really? Maybe that's something that deserves a topic on its own.)

Hmm. I didn't know, or didn't remember, that that existed. Maybe that does deserve a look.

Right now I see that there are plans to add country of citizenship and security clearance, and I have no issue with that personally...

Good.

But there are a lot of things on that security practice list that are a lot more questionable as search criteria, and right now it's not clear what will or will not be used as filters, and to use the same point as my previous post, the more criteria are made available, the less useful each one becomes.

On that I agree. We've already removed one term. Which other ones do you feel are particularly questionable?


 
Otha Nash
Otha Nash
United States
Local time: 12:56
Arabic to English
+ ...
Simpler Would Be Better Aug 25, 2017

Henry Dotterer wrote:
Well, I would not say that that is quite the point of the card. In the form for entering information, it states: "Use this section to communicate to potential clients and collaborators your philosophy and practices related to confidentiality and data security." Basically, this is a space to present information related to your handling of data security. The section is not meant to divine which professionals are "trustworthy" and "reliable" in a general sense.


That's not how the program is presented. The card itself prominently says on the front "Identity information (Know Your Translator™)", implying that the program is intended to verify the identity and reliability of providers in general, rather than identify compliance with a specific set of privacy and security practices.


The SecurePRO card is not meant to replace the NDA process, but rather, to support it. Since several people have this impression, I wonder if there is something about our presentation of SecurePRO that is misleading. Can someone help me to understand what is giving the impression that SecurePRO is somehow contrary to NDAs?


Not contrary to, but meddling with. The NDA clause of a contract is only one part of the terms that govern a contractor's methods and obligations to protect a client's privacy, security, and confidentiality. I'm an independent contractor, and I've freely chosen to accept the responsibility of negotiating those terms for myself. I'd rather not run the risk of ProZ prejudicing or interfering with those negotiations.

That would be fine, but it would fail to achieve part of the objective here. To use the recent example, what you propose would not help an LSP that needs HIPAA-certified interpreters to more quickly connect with some (and vice versa, that is, it wouldn't help HIPAA-certified interpreters to make themselves available as such to potential new clients).


HIPAA certification is a specific government mandated requirement, much like a security clearance. You either have it or you don't. A basic legal/professional qualification is different from negotiable contract terms. And I think that is the major issue here. It seems to me that you're running the risk of turning matters that can be negotiated into disqualifiers before the contractor ever has an opportunity to be considered by an outsourcer.

[Edited at 2017-08-25 02:57 GMT]

[Edited at 2017-08-25 02:58 GMT]


 
Pages in topic:   < [1 2 3 4 5 6 7] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

SecurePRO update - list of security practices derived from SecurePRO cards






Trados Studio 2022 Freelance
The leading translation software used by over 270,000 translators.

Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop and cloud solution, empowering you to work in the most efficient and cost-effective way.

More info »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »