// Trust & Security Report
RWS Holdings plc
Trados translation technology suite (RWS-owned brand): Trados Studio (desktop CAT tool), Trados Enterprise/Team/Business (cloud Translation Management System on RWS Language Cloud), Trados Go (lightweight cloud subscription), GroupShare (on-premise or cloud translation memory server), Language Weaver (machine translation / generative AI engine), Passolo (software localization tool)
Certifications held
4
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trados.com“RWS Cloud Operations are ISO 27001 certified for all hosted products and have achieved 100% compliance with the controls and objectives of SOC 2 Type 2 attestation.”
Verify on rws.com“ISO 27001:2022 certification across many of our products, services, and supporting functions ... we have embraced the ISO 27001 framework to establish a robust structure for our Information Security Management System.”
Verify on rws.com“ISO 9001:2015 - Quality Management System certifications, applicable across 43 offices (38 certified, 5 compliant).”
Verify on rws.com“RWS complies with applicable data protection laws including the EU General Data Protection Regulation of 2016 ('GDPR'). ... certain RWS companies in the USA comply with the EU-US Data Privacy Framework (DPF), Swiss-US DPF and UK Extension.”
> Show 6 unconfirmed / not-held certifications
source: rws.comNo public evidence. RWS's security policy page and certifications page list ISO 27001, 9001, 17100, 13485, 14001, 21500 and 18587, but do not mention ISO/IEC 42001.
source: trados.comNo public evidence on RWS/Trados vendor-owned domains. The Trados security FAQ page (72 questions reviewed) and RWS security policy page contain no mention of HIPAA or a Business Associate Agreement. A third-party comparison blog claims Trados is 'HIPAA compliant' with 'Gold CSA STAR,' but this claim could not be corroborated on any rws.com or trados.com page and is not treated as verified.
source: rws.comNo public evidence on vendor domain. No mention of PCI DSS found on the RWS security policy page or Trados security FAQ.
source: rws.comNo public evidence on vendor domain. Not referenced on any RWS or Trados security/compliance page reviewed.
source: rws.comNo public evidence on vendor domain. Not referenced on RWS security policy page or Trados security FAQ; a third-party blog's 'Gold CSA STAR' claim could not be corroborated on rws.com/trados.com.
source: rws.comNo public evidence on vendor domain. RWS's certifications page lists ISO 9001, 17100, 13485, 27001, 14001, 21500 and 18587 only; no cloud-security or privacy-specific ISO extension standards are claimed.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Amazon Web Services (AWS) Frankfurt, Germany and AWS Montreal, Canada. For existing Trados Enterprise, Trados Business, or Trados Team customers, and for all Trados Studio or Trados Go customers (new and existing), hosting location is not configurable.
Default posture is no training: 'In the Trados platform, no AI model training takes place. When your content is processed by a large language model (LLM), it is only available for the duration of the query and response' and 'your data is not stored or retained once the request is complete.' RWS's broader Language Cloud security page states: 'We do not train our machine translation models with your data, without your consent' and 'We do not train our AI models with your data, without your consent' - implying opt-in consent is required for any training use. Language Weaver (RWS's MT/generative engine) can be used to train private adaptive/auto-adaptive/generative language pairs 'on request and with consent,' after which 'all training data is immediately purged.' Users who connect their own external LLM subscription assume responsibility for that provider's data handling: 'the security and privacy of your data is managed by the provider you select, and you assume all associated risks.'
// Security controls
Encryption in transit
Whether in transit or at rest, your data is always encrypted to ensure your data remains secure and protected at all times.
trados.comEncryption at rest
Data is encrypted both in transit and at rest, providing further protection against any potential security breach.
trados.comVulnerability scanning
We regularly run rigorous vulnerability scans using the Open Web Application Security Project (OWASP) Top 10 web application security risks.
trados.comHosting infrastructure
Cloud platform securely hosted by Amazon Web Services (AWS) with hosting locations in Germany (Frankfurt) and Canada (Montreal), ensuring compliance with data sovereignty and privacy regulations.
trados.comExternal audits / governance
Facilities, teams, policies and procedures are regularly audited by external assessors to ensure compliance with major information security standards. Information security program owned by the Chief Information Officer, managed by an executive-level Information Security Steering Committee and a Security Governance, Risk and Compliance Manager.
rws.comData retention (personal data)
Retention period is globally up to 7 years from the date of your last interaction with our Trados Products, after which personal data is processed for deletion. Payment information is retained only for the duration of the subscription and deleted without delay once payments are processed.
rws.comData retention (post-cancellation)
Translation data - including projects and resources - is retained for approximately 28-30 days after subscription cancellation.
trados.com// Products & data scope
data: Translation memories, terminology, and source/target documents processed locally; optional AI features send content to RWS-hosted or user-selected external LLMs. Hosting location is not configurable for this tier.
Long-standing flagship desktop product (originally SDL Trados); 2026 release adds native 64-bit architecture and AI translation features.
data: Project files, translation memories, terminology, user/account metadata hosted on AWS (Frankfurt or Montreal). In scope for RWS Cloud Operations' SOC 2 Type II attestation and ISO 27001 certification.
Enterprise-tier customers cannot change hosting location once provisioned; existing customers' region is fixed.
data: Same AWS-hosted environment as Enterprise/Team tiers; hosting location not configurable.
Entry-level cloud offering positioned below Enterprise/Team/Business tiers.
data: Centralized TM and termbase data; can be deployed on-premise or in the cloud.
Only Trados sub-product with a self-hosted (on-premise) deployment option, giving customers direct data-residency control.
data: Customer content processed for MT output; can optionally be used to train private adaptive/auto-adaptive/generative language pairs with explicit customer request and consent, after which training data is purged.
The only Trados-family product where customer content can be used for model training, and only opt-in.
data: Software UI strings and resource files, primarily desktop-based.
Niche product for software/app localization workflows; not covered separately in security FAQ beyond generic platform statements.
// What to watch
- IDENTITY / STRUCTURE: 'Trados' is a product brand owned and operated by RWS Holdings plc (LSE-listed), not a standalone company. Certifications (ISO 27001, SOC 2) are held at the RWS Cloud Operations / corporate level and apply to 'many' RWS products and offices, not a Trados-specific certificate. Buyers should not assume every Trados sub-product/office is individually certified.
- PARTIAL ISO 27001 SCOPE: RWS's own certifications page states ISO 27001:2022 covers IT, Cloud Operations, Product Development, Support, HR, Operations and Facilities across 15 applicable offices, of which 10 are certified and 5 are only 'compliant' (not independently certified). Ask RWS to confirm whether the specific Trados hosting/support entity relevant to a given customer is in the certified set.
- THIRD-PARTY OVER-CLAIM RISK: At least one third-party comparison site claims Trados is 'HIPAA compliant' with 'Gold CSA STAR' certification. Neither claim could be found on any rws.com or trados.com page after direct review of the security FAQ (72 questions) and the RWS security policy page. Do not list HIPAA or CSA STAR as held without a direct vendor confirmation (e.g., BAA availability) since this could be a conflation with another vendor or a marketing overstatement.
- NO DEDICATED TRUST CENTER PORTAL: RWS does not have a single unified 'Trust Center' (e.g., no SafeBase/Vanta-style portal was found). Security/compliance information is split across rws.com/legal/security/, rws.com/about/corporate-sustainability/certifications/, and trados.com/product/discover/security/faq/. Treat the combination of these three vendor pages as the de facto trust center.
- AI TRAINING NUANCE ACROSS SUB-PRODUCTS: the Trados platform (Studio/Enterprise/Team/Go) states no AI model training occurs on customer content, but the related Language Weaver product can train on customer data with explicit opt-in consent. Buyers evaluating multiple Trados-family products should confirm which specific product they are procuring before relying on the 'no training' claim.
// At a glance
Pricing model
Tiered subscription (Trados Studio Freelance, Trados Go, Trados Enterprise/Team/Business); legacy perpetual licenses for older Studio versions; custom enterprise pricing for GroupShare/Language Weaver.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on RWS Holdings plc's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
rws.com