Advocacy in action is about proactive engagement and raising our voices where it makes a…

By ATC CEO Raisa McNab
The conversation between clients and language service companies is changing. In an environment shaped by cybersecurity concerns, regulatory obligations, ESG requirements and growing supply-chain scrutiny, ISO standards are increasingly serving as evidence that multilingual communication processes are governed, secure, auditable and fit for purpose.
Discussion around ISO standards in the language services industry often focuses on quality, process improvement, and the value of certification in differentiating your business from competitors. These benefits remain important but the context in which clients evaluate suppliers is changing.
Clients are operating in a world shaped by growing regulatory requirements, heightened cybersecurity risks, expanding ESG obligations, AI adoption, and increasing scrutiny of global supply chains. As a result, more mature buyers are asking new questions of their suppliers. They want to understand how data is handled, how risks are managed, how continuity is assured, and how processes are governed. They want evidence that suppliers are capable of operating within increasingly complex and regulated environments.
The governance challenge
This reflects a wider shift across business. The EU’s Corporate Sustainability Due Diligence Directive (CSDDD), for example, requires large organisations to identify and address human rights and environmental risks throughout their value chains, extending responsibility beyond their immediate operations and into their supply chains. Meanwhile, procurement functions are increasingly becoming centres of risk management rather than simply purchasing departments. Deloitte’s latest Global Chief Procurement Officer Survey found that risk management remains one of the most important priorities for procurement leaders, while ESG and sustainability considerations continue to rise in strategic importance. Separate Deloitte research found that 72% of procurement leaders now identify ESG and corporate responsibility as a top enterprise priority.
Within this context, there is an opportunity for the language services industry to reposition ISO certification as a robust compliance and governance tool.
The UK’s economic and industrial policy direction clearly points towards this trend. The Government’s Modern Industrial Strategy highlights resilient supply chains, economic security, digital transformation, international competitiveness, and the adoption of recognised standards as enablers of growth. Professional and Business Services, one of the strategy’s eight priority sectors and the one in which language services sits, is specifically cited for its role in supporting businesses through complex regulatory, technological, and international challenges.
LSCs in the risk and compliance conversation
For language service companies, this has some important implications.
Language service providers routinely handle confidential commercial information, personal data, intellectual property, legal documents, healthcare content, technical documentation, and highly sensitive business content. The growth of AI translation has only added new layers of complexity to questions surrounding data handling, content security, and process control.
At the same time, clients are becoming more sophisticated in their understanding of supplier risk. Large organisations increasingly view third-party suppliers as extensions of their own operational environment. A weakness in a supplier’s processes can become a weakness in the client’s wider supply chain. This is particularly true in sectors such as financial services, healthcare, defence, life sciences, government, and technology, where regulatory requirements and data protection obligations are especially demanding.
In such an environment, trust remains essential but it is no longer sufficient on its own. Clients increasingly seek evidence and this is where ISO certification plays an increasingly important role.
ISO certification provides a mechanism through which language service companies can demonstrate that their processes have been independently assessed against internationally recognised standards. Rather than relying solely on claims made in proposals, websites, or supplier questionnaires, buyers look to externally audited management systems as evidence that specific controls, procedures, and governance structures are in place.
From certification to assurance
Viewed through this lens, ISO certification becomes less about obtaining a certificate and more about providing assurance. The language services industry is fortunate in having a mature ecosystem of standards that address many of the areas clients now care about most.
Despite some criticism over its relevance, ISO 17100 remains the cornerstone standard for translation services. It is often associated with linguistic quality, but its true significance extends far beyond the quality of translated content. In practice, 17100 also includes requirements for documented procedures for translator competence, project management, revision, review, resource management and workflow control.
This distinction is becoming increasingly important, and many organisations today are not simply seeking a translation supplier. They are looking for confidence that multilingual communication processes are controlled, repeatable, and auditable. They want assurance that qualified professionals are involved, that responsibilities are clearly defined, and that outputs are subject to appropriate review and verification. ISO 17100 addresses many of these concerns directly, and its upcoming iteration is undergoing significant transformation to reflect current operational realities, particularly the integration of AI-driven workflows and hybrid production environments and including the inclusion of current ISO 18587 requirements.
Of course, governance in language services extends beyond production processes alone. As concerns about cybersecurity and data protection continue to grow, information security has become a significant area of focus for clients. Language service providers frequently handle content that would be damaging if disclosed, altered, or accessed by unauthorised parties. In some cases, the information may involve commercially sensitive negotiations, patient records, legal proceedings, financial disclosures, or security-related documentation.
The rise and rise of information security
For organisations operating in such environments, information security is increasingly non-negotiable, and this explains the growing prominence of certifications to Cyber Essentials and ISO 27001 within the language services sector.
ISO 27001 provides a framework for establishing, maintaining, and continuously improving an information security management system. Rather than focusing solely on technical controls, it requires organisations to adopt a risk-based approach to information governance, including access management, incident response, supplier oversight, risk assessment and continuous improvement.
For clients, certification to ISO 27001 provides evidence that information security is being managed systematically rather than reactively. Importantly, it also demonstrates that security is embedded within organisational governance rather than treated as a standalone IT issue.
When combined, ISO 17100 and ISO 27001 can act as a demonstration of transparent, compliant processes. Together, they provide evidence that both multilingual production and information security are subject to structured governance and independent oversight.
Building a framework for trust through transparency
Other standards contribute to this picture as well.
ISO 9001 demonstrates the existence of a quality management system designed to promote consistency, customer focus and continual improvement. ISO 22301 addresses business continuity management, providing assurance that an organisation has assessed how it will continue delivering critical services during periods of disruption.
Taken individually, each standard addresses a specific area of organisational capability. Taken together, they begin to form a broader governance framework based on trust through transparency and compliance.
Governance is becoming embedded within how organisations select, monitor and manage suppliers, and the rise of AI may accelerate this trend further.
As clients seek to leverage the power of generative AI and machine translation within language services, questions surrounding transparency and governance will become more prominent. Clients want to know where content is processed, who has access to it, what controls are in place, whether data is retained, and how outputs are validated.
In this environment, standards provide a common framework for discussing these issues. They offer a shared language between buyers and suppliers, enabling organisations to assess capability and risk using recognised benchmarks rather than subjective claims.
This is particularly valuable in procurement environments where decision-makers may not possess deep expertise in language services themselves. A procurement professional may not be equipped to evaluate the finer details of translation workflows, but they can understand the significance of independently audited management systems and internationally recognised standards.
Standards compliance is a form of evidence-based trust. It does not replace expertise, relationships, or reputation. Nor do it guarantee excellence. However, it provides a transparent mechanism through which organisations can demonstrate that governance, risk management, and process control are being taken seriously.
As language service companies continue to evolve from transactional suppliers towards strategic partners, this distinction matters.
The most valuable conversations in the years ahead may not revolve solely around language quality or technology capabilities. Increasingly, they may centre on assurance. How is multilingual communication governed? How is sensitive information protected? How are risks managed? How can organisations demonstrate compliance and transparency to their own stakeholders?
In answering these questions, ISO certification offers something increasingly valuable: independently verified evidence that robust systems, controls, and governance structures are already in place.
This is something ATC Certification, the ATC’s global certification body, is committed to delivering. Through ATCC, language service companies can get certified to a wide range of ISO standards for translation and interpreting as well as to key business standards such as ISO 9001 for quality management, ISO 27001 for information security management, ISO 22301 for business continuity, and ISO 14001 for environmental management systems. This service offering is being strengthened through international accreditation for 9001 and 27001, and it will in the coming years expand to other emerging language services standards and to the compliance and governance standards that add tangible business value to LSCs and their clients.
