[GALA Valencia 2024] Navigating information security standards and privacy regulations
From the client side, there is an increasing demand that all suppliers, including localization providers, meet certain information security and privacy requirements. In many cases, this includes certification by a standard or another, and there is also a number of privacy laws and regulations that an organization must meet – if it hopes to operate in certain regions (such as the EU). At the same time, using and especially implementing AI, raise new risks and new kinds of information security and privacy concerns, adding to the already unfamiliar burden of meeting the demands of large enterprises.
The presenters of this workshop will first outline the most common standards and regulations that are likely to apply to the participants. They will then give an overview of the journey to – first – compliance, then to certification. In essence, this will be a common-sense introduction that makes these standards and regulations approachable to the audience.
During the introduction, the participants will also get introduced to GALA’s new Standards Compendium. (One of the presenters is member of GALA’s Standards Committee, and is co-author of the Compendium.) The most important standards and regulations that the workshop will touch on are ISO 2700, SOC 2 Type 2, GDPR, and CCPA. But there are other standards and regulations that are at play if a business aspires to operate fully globally. Information security and privacy measures – that are defined in standards and regulations – protect an organization from various risks. This means that the compliance journey begins with risk assessment and analysis.
The workshop will introduce the participants to these risks and raise awareness about how they affect essentially all parts and functions of an organization. The audience will be divided into discussion groups of 6-8 participants, and each group will receive a brief case description. The groups need to size up all the risks in the situations described, and then put the risks together in the final, sharing, session.
Host organization: Globalization and Localization Association
Event Speakers
Balázs Kis
memoQ Translation Technologies
Balázs Kis is one of the co-CEOs of memoQ. He is also one of the founders of the company. Balázs has decades of experince in IT, translation, and natural language processing. He has a degree in IT engineering and a PhD in applied linguistics. At the start of his career, he was a Microsoft systems engineer and trainer and one of the prominent Hungarian IT authors with over 20 titles published. He was also the head of research and development at MorphoLogic, a Hungarian company specializing in language technology research. He taught translation technology at the ELTE University of Budapest. He has massive experience in collaborative translation and project management. In the early years of memoQ, he was instrumental in product design - he is the author of the first design document of memoQ - and running the company. Later on, he became responsible for technical communication. Since memoQ became a shareholding company in 2016, he has been chairman of the board. From 2018, he was responsible for compliance matters at the company, until, in 2020, he was appointed one of the co-CEOs of the company. Balázs is passionate about educating both the professionals and the general public on translation, localization, and the technologies related to them.
Adam Klar
memoQ Translation Technologies
With over 12 years of experience in the IT industry, I am a highly qualified and accomplished professional specialising in IT operations, quality, and security management. I have extensive experience in leading teams in a 24/7 operation centre, overseeing multiple layers of IT infrastructure, and ensuring Service Level Agreements are met. My certifications include ITIL Intermediate, ISO 20000 Service Management Auditor, ISO 22301 Business Continuity Management System Auditor, and ISO 27001 Security Management System Lead Auditor. My educational background includes a Master's Degree in Leadership and Management with a concentration in Change Management and a Computer Science course of study.
Most recently, I held the position of Chief Information Security Officer, where I was responsible for overseeing all security operations, developing security policies, managing security monitoring and assessment, and training staff on security protocols. Additionally, I have experience in training more than 200 employees on Agile methodology and leading organizational transformation initiatives. These skills, combined with my expertise in ISO 27001 Security Management Systems audits and my background in First Line Management, have enabled me to effectively collaborate with engineering staff, C-level managers, and everyone in between.