Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur vel dolor quis elit vestibulum bibendum eu in mi. Maecenas bibendum tristique lacus, sit amet tincidunt tellus dictum et. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Maecenas vel diam lacinia magna efficitur congue. Aliquam tempus, lectus nec ultrices sagittis, purus ipsum imperdiet felis, ac gravida enim massa vel augue. Quisque non neque at augue volutpat sodales nec eget ipsum. In sed consectetur odio, ut tincidunt ipsum. Sed non pellentesque nulla, non iaculis mauris. Etiam faucibus sit amet mauris eu efficitur. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer sed blandit metus, at finibus ligula. Ut non rhoncus lacus. Nulla mattis est quis cursus laoreet. Nullam porta odio eu tortor consequat vulputate. Suspendisse nec massa ac neque ultrices eleifend. Integer porta tristique tempus. Nulla aliquet, erat tincidunt imperdiet vehicula, urna tortor molestie nulla, ut porttitor erat erat ac nunc. Nulla facilisi. Etiam a tellus in lectus vulputate maximus vitae eu nisl. Fusce eget libero non ipsum pellentesque egestas. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla ut metus sapien. Maecenas aliquam libero et ipsum eleifend, et maximus felis sagittis. Donec id massa et massa molestie varius. Quisque dignissim placerat augue vel mollis. Mauris accumsan, mi vel elementum suscipit, eros elit malesuada justo, ut tempor mi nunc quis tortor. Nullam ut laoreet mi. Nam euismod lectus id dictum consectetur. Praesent quis lacinia ipsum. Donec lobortis massa in erat interdum, consectetur consectetur purus posuere. Nullam feugiat, erat non hendrerit rutrum, velit ante rhoncus nibh, ac laoreet felis ante ac mauris. Etiam ex erat, vulputate vel nulla non, placerat dictum tellus. Praesent orci lacus, dictum in vestibulum non, semper ut tortor. Nullam vitae ornare ipsum, a cursus quam. Vivamus vitae vulputate lorem, ac scelerisque lectus. Fusce at lacus non enim fringilla consequat. Sed laoreet mi eget vulputate auctor. Proin placerat tempor nunc vel mollis. Ut quis mi ut lorem ultrices hendrerit nec vehicula felis. Vestibulum tempus sapien vel porta aliquet. Phasellus quis auctor augue. Morbi nec tellus in massa venenatis ornare. Vivamus eleifend lacus lacus. Suspendisse ac commodo orci, vel fringilla turpis. Proin enim turpis, egestas quis nulla a, ultrices volutpat massa. Nam luctus sapien odio, ac blandit ante accumsan et. Nunc luctus ligula odio, ac faucibus urna rutrum vitae. Donec eu lorem gravida nisi pretium consectetur. Morbi vel mauris non odio iaculis aliquam sed nec leo. Vestibulum sed libero quis ante hendrerit porttitor eget eu orci. Morbi est arcu, maximus eu lobortis sit amet, suscipit et felis. Morbi sodales mattis pretium. Curabitur sodales porttitor eros vitae efficitur. Nam id turpis tristique, aliquam sapien ac, convallis mi. Sed risus sapien, dapibus euismod mauris vitae, fringilla vulputate augue. Morbi efficitur, ex vitae semper mattis, tellus sem luctus lorem, eget viverra metus nibh eu neque. In eu orci est.
YouTube Embed Yoast FAQ Block FAQ Question #1 FAQ Answer #1 FAQ Question #2 FAQ Answer #2 FAQ Question #3 FAQ Answer #3 CTA Embed Button Test InfoGram Embed
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam vitae nibh eu massa cursus eleifend quis in quam. Nunc mollis aliquam eros sed laoreet. Suspendisse et elit ut metus elementum aliquet ut sit amet metus. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Pellentesque fringilla, nibh eget convallis scelerisque, nisl nisl vestibulum ipsum, sit amet placerat neque nunc eget nisi. Cras cursus, sapien non interdum mollis, nibh augue efficitur eros, eget congue tellus nulla id lectus. Nullam vestibulum vitae erat sit amet mollis. Sed gravida tortor nec nibh blandit ultrices. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Nam justo lectus, tempus a velit at, tempus malesuada est. Aenean dictum tellus id lorem venenatis, quis sodales nisl tempus. In quis libero id est rhoncus dictum. Praesent ipsum dui, mattis vel augue ut, lacinia ultricies ex. Suspendisse sit amet gravida purus. Vivamus tempus tellus augue, ac placerat arcu efficitur non. Nam auctor at nulla sed porta. Vivamus lobortis eu nunc a efficitur. Vestibulum condimentum ante nec nisi imperdiet vulputate. Duis varius metus ac est fermentum congue. Aenean tincidunt ut erat non pharetra. Nulla elit orci, semper sed porttitor ac, convallis vitae velit. Praesent egestas blandit ullamcorper. Praesent a porta lectus. Aliquam et pellentesque lectus. Integer placerat mauris risus, ut semper dui commodo at. Vivamus efficitur pharetra ligula id rhoncus. Pellentesque gravida purus vitae viverra luctus. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; In vitae augue nec odio fermentum ultrices a sed libero. Nulla ullamcorper nulla id sagittis convallis. Pellentesque cursus metus et orci iaculis, non laoreet nisi aliquam. Proin porta velit risus, ac ultricies lectus tincidunt at. Pellentesque scelerisque ullamcorper euismod. Phasellus eget velit malesuada, faucibus enim a, ultrices ante. Morbi ut diam non metus interdum placerat gravida quis arcu. Integer ultricies molestie nulla sed convallis. Curabitur mi dui, aliquam vel nibh rutrum, convallis tempor lacus. Cras porttitor laoreet varius. Ut tincidunt massa congue mauris lobortis euismod. Pellentesque a odio ut est consequat tristique ut in mi. Nullam sed ultricies justo, eu varius eros. Nunc ipsum nulla, vehicula at sagittis a, ornare ut nisi. Aenean imperdiet felis at aliquet porta. Nunc sed leo ut justo efficitur aliquet. Sed et urna vel urna maximus laoreet. In facilisis porttitor nisi in sagittis. Fusce magna sapien, molestie ac maximus eu, tincidunt sit amet massa. Praesent non mauris metus. Aliquam dapibus sit amet tortor at scelerisque. Ut vel dolor at nisi rhoncus finibus auctor non velit. Integer pellentesque venenatis diam, nec eleifend ipsum pellentesque quis. Vivamus vitae mi nisl. Curabitur lectus orci, ornare et ipsum venenatis, sagittis blandit mauris. FAQs Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam vitae nibh eu massa cursus eleifend quis in quam. Nunc mollis aliquam eros sed laoreet. Suspendisse et elit ut metus elementum aliquet ut sit amet metus. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Pellentesque fringilla, nibh eget convallis scelerisque, nisl nisl vestibulum ipsum, sit amet placerat neque nunc eget nisi. Cras cursus, sapien non interdum mollis, nibh augue efficitur eros, eget congue tellus nulla id lectus. Nullam vestibulum vitae erat sit amet mollis. Sed gravida tortor nec nibh blandit ultrices. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Nam justo lectus, tempus a velit at, tempus malesuada est. Aenean dictum tellus id lorem venenatis, quis sodales nisl tempus. In quis libero id est rhoncus dictum. Praesent ipsum dui, mattis vel augue ut, lacinia ultricies ex. Suspendisse sit amet gravida purus. Vivamus tempus tellus augue, ac placerat arcu efficitur non. Nam auctor at nulla sed porta. Vivamus lobortis eu nunc a efficitur. Vestibulum condimentum ante nec nisi imperdiet vulputate. Duis varius metus ac est fermentum congue. Aenean tincidunt ut erat non pharetra. Nulla elit orci, semper sed porttitor ac, convallis vitae velit. Praesent egestas blandit ullamcorper. Praesent a porta lectus. Aliquam et pellentesque lectus. Integer placerat mauris risus, ut semper dui commodo at. Vivamus efficitur pharetra ligula id rhoncus. Pellentesque gravida purus vitae viverra luctus. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; In vitae augue nec odio fermentum ultrices a sed libero. Nulla ullamcorper nulla id sagittis convallis.