Security & Compliance
Secure Confidential Transcription Services
How do we keep your files safe and secure?
Â
We offer transcription services you can trust, and that means providing robust security assurances. Whatever your transcription needs and whatever audio or video you need us to transcribe you can rest assured that we take the security of your data extremely seriously.Â
We offer a robust catalogue of security features to assure that we are ISO Accredited and compliant with Data Protection Laws while striving to bring our diverse clientele complete peace of mind.
Our security credentials at a glance
-
We are fully ISO accredited and have ISO 27001 and 9001 certificates. This is an extremely important part of our security infrastructure and ensures that our extremely high standards remain consistent.
-
Your content is only visible to the people specifically managing or working on your transcription.
-
Our online portal used https protocol for a secure and encrypted connection.
-
All uploaded files are stored in an encrypted AWS bucket and are never downloaded or stored outside our system at any point.
-
All our servers and databases are firewalled to permit the minimum amount of traffic necessary to run the service.
-
Our servers can only be accessed by Take Note staff and our development teams. Even then it requires authentication and can only be accessed from a restricted number of IP addresses.
-
We use Amazon Web Services (AWS) for all our hosting.
-
All personal data stored is protected by the European Data Protection Act.
-
All audio files are automatically deleted 3 months after the project close date. Formatted transcriptions are deleted after 12 months.
Why security is important (for you and for us)
We pride ourselves on being able to deliver a fast and accurate service. But that means nothing if our customers can’t trust us with their data. We value our relationships with our customers and strive to keep their data secure.Â
It’s not only important for our customers, it’s important for us, too! Our catalogue of security redundancies allows us to ensure compliance with stringent UK Data Protection laws which are always changing and evolving in this fast-moving digital landscape.
The importance of the personal touch
Not only is the human touch essential in ensuring accuracy, the unfortunate truth is that automated services can actually represent serious security vulnerabilities.Â
Developers of Automated Speech Recognition (ASR) apps are able to access the data in your recordings. While this is usually done for quite benign reasons like quality control, it can bring them into contact with your potentially sensitive data.
What’s more, these developers may outsource their testing to third party companies. Some of these companies may be overseas in territories where Data Protection laws are less stringent. The unfortunate truth, in this case, is that you really have no way of knowing who has your data, where it is stored, who has access to it or how many times it has been copied.
Sensitive data
Our audio transcription services are used by a range of professionals for many different purposes. These include those working in the legal and medical professions. As such we are often required to handle sensitive data. We need robust security provisions to assure our clients that their data is in safe hands.
Confidentiality
Our video transcription and captioning services are used by a range of clients in the realm of commercial and creative media. As such, their work is highly confidential and not yet subject to general release. We need to provide the strictest confidentiality regarding video materials they send us.
So, as you can see, security is at the heart of everything we do at Take Note.
Our security redundancies bring you peace of mind
Your security is our priority! We take great care to ensure that the data you upload to us is completely safe.
Compliant with all UK Data Protection Laws
We are a UK-based team of 600 strictly vetted transcribers. We use an encrypted online system and are fully compliant with all UK Data Protection legislation and 100% GDPR compliant. Your data is only as secure as the people who have access to it, and our stringent recruiting process ensures that our compliance starts with people we know we can trust, if you still feel uneasy, we are happy to sign a strict NDA.
Our upload portal is fully secure
When you upload an audio or video file to us, you can do so with the knowledge that our portal is completely secure. We use state of the SSL encryption to make sure your data is invisible to third parties. What’s more, the data you upload to us is not locally downloaded but stored in-browser. This reduces the vulnerabilities associated with centralised data storage.
Non-Disclosure Agreements (NDAs)
Even with this robust suite of security measures, we appreciate that some of our customers might need a little extra reassurance. For this reason, we are always happy to commit to a Non-Disclosure Agreement or NDA.Â
This gives us greater legal accountability for your data and provides extra peace of mind that makes us one of the country’s most trusted transcription services.
ISO Accreditation… What does it mean?
ISO Accreditation is a standard that you should expect from any transcription service. But what does it mean in real terms?
Quite simply, our ISO 27001 and 9001 certificates mean that our information security management infrastructure has undergone a rigorous formal assessment by an independent third-party.Â
All of this combines to give you, our customer, the assurance you need and deserve!
Are transcription services secure?
Transcription services are used for a wide variety of reasons, often the content being transcribed contains sensitive, personal or confidential information, particularly when it comes to Market Research projects. However, despite this, the emphasis when selecting a supplier is accuracy, time and budget. Although keeping data safe will have been a priority during a project, security can be overlooked when it comes to the transcription stage.
We want to ensure that you have all the information you need in order to find a quality transcription service that also delivers on security.
Some services are very secure and pride themselves on keeping your information safe, others have a lot of work to do. The truth is, you can’t just assume that a service is secure, you’ll need to do some checks.
Levels of security vary greatly between transcription services. But, the good news is that there are some clear things you can look for, to ensure you find a secure service that’s right for you.

How is your transcript being produced?
Looking into how your transcript is produced is a good place to start, as the level of security is highly dependent on the tools being used to complete the work. Â
Companies use different approaches which will influence the level of risk to your data. Some providers allow their freelance transcribers to download the content to their own computers to carry out the transcription using a word processor. As you can imagine, this introduces a high level of risk into the process. The security of your data becomes reliant on individuals and the protection they have put in place. It is almost impossible to ensure they are using secure networks, have installed the latest updates and are following all security protocols, particularly if they are offshore workers where data protection laws may be different.Â
Instead, look for a service with a secure software platform. This enables the transcriber to play the audio or video and complete the transcript, all within a secure environment. The transcriber will not have the ability to download the files and store them locally, which would have posed a further risk to your data. A secure platform not only reduces the opportunity for any unfortunate malicious behaviour, it also helps to minimise any human error.

Who has access to your data when using transcription services?
When using human based transcription services it is inevitable that people will be looking at your data. When selecting a service, there are some key elements that you should consider to ensure your data is as safe as possible.
- Find out where the transcribers are based. The use of an offshore workforce is common and could mean tens of thousands of people around the world can access your information.
- Find out how the provider manages your data when getting it transcribed. Some companies will only give access to your content to those who will actually be transcribing and quality checking it. Other companies may make the content accessible to much larger numbers (potentially 10,000s across the globe), even if those people don’t end up working on the transcription. This is not good practice when it comes to information security, is contrary to the principles of GDPR and obviously adds another level of risk.
- Ensure the transcribers use a secure portal whenever they access or work on your files. If transcribers download content as a local file to their machines you’re reliant on the security measures they have or don’t have in place to keep your information safe.
- Check that the provider is willing to sign an NDA. This provides you with a level of recourse should there be a security breach.
Consideration on who has access to your content also applies to Automatic Speech Recognition Services (ASR). Although machines are carrying out the transcription it is likely that people will have access to the information too. This could be for product development reasons, quality control or customer success and support. This means that any security concerns apply to both human transcription services and ASR.
Whether using a human transcription service or ASR also look for other signs of security such as relevant ISO certifications, https websites and the use of encryption.

What certifications should my transcription service have?
There are International certifications focused on information security management and quality management systems, which together are a sign that a transcription service takes security seriously.
ISO 27001 and ISO 9001 demonstrate that a company has invested in its processes and been through a rigorous assessment to achieve the certification. ISO 27001 relates to all aspects needed for a robust information security management system. ISO 9001 sets out the criteria for a quality management system with a strong customer focus. ISO provides peace of mind that the service adheres to high standards and has been approved by an impartial third-party expert.

Are UK transcription services more secure?
UK transcription services are a good choice if you are concerned about the security of your information.
- The UK has been subject to GDPR which has meant businesses have policies, processes and procedures in place to protect data and privacy. Even though the UK has left the EU, there is now a UK version of the GDPR in domestic law.Â
- It is crucial that any rights conferred on data subjects by data protection legislation are reliably enforced in a court of law. Otherwise, unfortunately, the legislation is worthless. The UK has a robust judicial system which pursues privacy and security violations should they occur.Â
- UK companies are typically happy to sign NDAs.
Although UK transcription services are likely to provide a good standard of data privacy and security, you should check that the actual workforce is also based in the UK. The UK has strong employment laws which offer another level of peace of mind.

Are transcription services that use offshore workers safe?
A large offshore transcriber base can be beneficial to turnaround times and cost, however you should also consider the security of your information alongside the quality of the work and whether using low paid transcribers aligns with your brand values.Â
- If NDAs are signed it may be challenging for them to be enforced, particularly in countries with limited privacy laws and low tendencies to pursue violations.
- The use of offshore transcribers can mean your information is open to a large number of people which increases the risk when it comes to the security of your data.
- Offshore workers often receive a low wage and training on keeping data safe may be limited. They may not have the technology, processes and procedures in place to ensure security and it is also likely to not be their first priority.
Â
It’s also important not to just focus on the traditional offshore countries that might immediately spring to mind. For example, transferring personal data to the US has become much more complicated and the burden is usually on you, as the data controller, to assess and be confident that the correct levels of protection are in place and that those rights are enforceable.

Should a transcription service have an HTTPS website?
A service without an HTTPS website is a big warning sign. If they haven’t gone through the process to gain the SSL certificate it is likely that they won’t be security conscious or have procedures in place to keep your data safe.
An HTTPS provides the padlock you see on legitimate websites and gives a basic level of encryption between the website and your browser. However, you should view this as a minimum requirement and look for additional levels of protection when you are sharing information.Â

What types of encryption should a transcription service use?
Alongside the basic level of an HTTPS website, there are additional layers of protection that should be in place.Â
Ideally, you want the portals where you upload your content to be encrypted and also for the service to store that information in encrypted formats too. If you can’t find information about security protocols on a company’s website, drop them a line. Reputable companies will have the information to hand and will be happy to share the details.Â
It’s probably a bit of a red flag if a supplier can’t, or doesn’t want to, provide you with any details!

Are cheaper transcription services less secure?
Although cost is not a direct sign of security, a cheaper price is an indication that a service is likely to be using offshore transcribers. Outsourcing to offshore workers can pose several concerns with regards to security as outlined.
In addition to offshore workers, If a service seems particularly cheap it is worth understanding how they are able to offer that price.
- Are you comparing like with like? Many advertised prices are based on perfect audio quality, with ‘additions’ quickly adding up for poor audio, multiple speakers, accents or specialist topics.
- Are they using up to date security protocols? Things to look for include an HTTPS site and the use of encrypted portals and storage.
- Do they have any security certifications in place? Certifications, such as ISO are usually time and resource-intensive so may not be prioritised by companies competing on price.

Is ASR more secure than human transcription services?
You may feel that by removing the ‘human’ element from the transcription process you’ll automatically get a more secure service. However, regardless of the type of service, people inevitably will have some level of access to your content and therefore the checklist for a secure service applies to both human transcription services and ASR.
For ASR, people are likely to have access to your information for a number of legitimate reasons. This can include carrying out quality control on the platform and the subsequent returned transcripts. Customer success teams are likely to have access and view the content to provide support and resolve any potential issues.Â
Content may also be used in product development to help develop and test new features and for tasks such as algorithm training. Using ‘real-life’ content can be helpful in these circumstances to ensure new features and functionality work well for the provider’s use cases. Using existing content tends to be quicker, easier and cheaper than generating fresh content. This does mean more people might have access and listen to your content than you expect. Check the fine print in the T&Cs to understand exactly how your content will be used.Â
Make sure you’re comfortable with who has access to your content, including any potential third parties, and ensure you have clarity on how it will be used.
Disclaimer - This blog aims to provide you with some basic information regarding security when using transcription services. It is not legal, security or technical advice and should not be relied on as such. Please seek professional advice where required.
For more articles on security and compliance please see blog.
