Crowdin is now officially an ISO 27001-certified company.
As a team, we want to build not only a platform that will help your product reach new markets, but also be sure that your data is safe, so security plays a major role in what we do. It’s an integral part of how we work, handle customer data, and develop our product. We pay attention to hardware, organization, software, and network security to ensure your localization path at Crowdin, from registration to downloading your translations, is safe.
Read on to learn more about security at Crowdin.
Crowdin is Now Officially ISO/IEC 27001 Certified
We’re thrilled to announce the great news. We’ve successfully completed our ISO/IEC 27001 certification. ISO/IEC 27001 is the leading international standard focused on information security, published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC). Both are leading organizations that develop international security standards. Its guidelines and policies are recognized worldwide and help companies like Crowdin protect their customer data.
ISO/IEC 27001 aims to ensure the confidentiality, integrity, and availability of information within a company. The process involves discovering and identifying what potential problems the information might face (risk assessment) and defining how the company would prevent them (risk mitigation or risk treatment).
Following an audit of our infrastructure, software, in-company processes, and policies around handling customer data, we received ISO/IEC 27001 certification. As a result, we’re happy to ensure that we have all the necessary security procedures and controls in place, and you can work on Crowdin knowing that your data is safe.
View our Security at Crowdin page to find our policies and more.
Crowdin and EU General Data Protection Regulation (GDPR)
To protect the personal data of our customers and users, Crowdin has implemented technical and organizational measures in compliance with the GDPR.
In simple words, GDPR enhances your ability to access and control your personal identifiable information and limits what organizations can do with it. You can request to receive your data or to remove it from the system at any time. On the website, you can decide whether to agree to cookies and see what kind of data is stored and its purposes.
To learn more about our compliance with GDPR and what data-related roles and responsibilities come into effect, once you choose Crowdin as your localization platform, read our GDPR Commitment article.
In addition to the authentication methods provided by Crowdin, we offer you a SAML Single Sign-On (SSO) feature. Its purpose is to help users instantly and securely log in to Crowdin.
SAML, the Security Assertion Markup Language, works by passing authentication information in a particular format between two parties, usually an identity provider (IDP), Auth0, G Suite (SAML), Okta, and a web application, Crowdin in our case. Since the identity provider stores all login information, the service provider (Crowdin) does not need to store user credentials in the system.
By enabling SAML SSO, you:
- receive centralized control over who has access to your projects
- simplify username and password management
- reduce security risks for your customers, vendors, and other project members
This feature is available only for the Business subscription plan on Crowdin Enterprise.
Read about how to set up SAML SSO for Crowdin Enterprise.
Manage Roles and Access Levels
Localization is a multi-layered process that involves multiple people, each with individual tasks. In Crowdin, you can assign different user roles, each with different permissions (project owner, localization manager, translator, proofreader). For example, proofreaders can translate and approve strings, while translators can only add translations. Managers can configure integrations and upload content, while proofreaders don’t have access to the project settings.
On Crowdin Enterprise you can also create projects, groups, and subgroups. You can give access only to a specific group or project in your organization.
If you are working with an agency, they should create a free Vendor Organization that is separate from yours. Once you invite a Vendor to your project, they only receive a copy of the content on the assigned workflow step. This way, you can ensure that the language service provider (LSP) has limited access to your content.
Restrict Access to Organizations with IP Allowlist
You can use Crowdin IP Allowlist to restrict access to your organization on Crowdin Enterprise. You need to specify a list of IP addresses you want to grant access to your organization. This way, you can be sure that only people from your team and company will access your localization projects and resources.
To add or remove IP addresses, contact our support team at email@example.com, and we’ll help you with configuration.
IP allowlist is exclusively available for Crowdin Enterprise organizations on a Business plan.
Permissions Granularity Mode
Enable Permissions granularity mode in Crowdin Enterprise to share resources between specific project groups. This includes managing Workflows, Resources (Translation Memories, Glossaries), and Machine Translation engines. With this feature, you can grant managers access to all the projects within a group at once or add different glossaries to different project groups that won’t be available to managers of other groups.
Read more about permissions granularity mode.
If you have a public localization project, you can use a custom domain to make it more recognizable, by including your product or company name. For example, GitLab uses translate.gitlab.com. Public projects on Crowdin are easily discovered, but it doesn’t mean anyone can join it, you can decide whether people should send a join request first or can start contributing translations right away.
Read how to set up a custom domain.
More on Security at Crowdin
Looking for more information? View our Security at Crowdin page to see more security policies, data on sub-processors and what we do to ensure internal and application security.