Data Security.
Othello operates under institutional data security practices appropriate to the listed-company, Big Law, UN-system, and government clients the firm serves. The standard combines technical controls (access-controlled systems, audit logging, encryption in transit), administrative controls (employee NDAs, role-based access, training), and physical controls (Bangkok office security).
Technical security controls
Engagement data resides on access-controlled systems with role-based access scoped to minimum-necessary personnel per engagement. File access is logged for audit. Document transfers use encrypted channels. Backup and disaster recovery procedures align with standard institutional practice.
CAT/TM environments are configured to prevent cross-engagement data exposure — translation memory and term base segregated by client and project to avoid material non-public information leakage across unrelated engagements.
Personnel and procedural controls
All translators, editors, and project managers are in-house Othello employees bound by employment contracts including confidentiality obligations. Role-based access scopes data access to engagement-necessary personnel. Confidentiality training is part of onboarding and refreshed periodically. Incident response procedures are documented and tested.
GDPR, PDPA, and engagement-specific requirements
Where engagement scope involves EU data subject personal data, GDPR-compliant practices apply per the firm’s GDPR compliance posture. Where engagement scope involves Thai data subject personal data, PDPA-compliant practices apply. Specific engagements with elevated security requirements (e.g., pre-disclosure financial figures, M&A documentation) have additional engagement-specific controls documented in the engagement contract.
Send the document. NDA from the first email.
Quote response within one business hour. Mutual NDA standard, ISO 17100 workflow, 2M+ words/month capacity.