Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Dana shares her best and worst holiday shopping experiences.
With the busy holiday marketing season in full swing, Experian Marketing Services has released its online retail round-up for the week ending Dec. 8.
Twenty years ago this week, the first mobile text message, or SMS, was sent by British engineer Neil Papworth. Today, Americans are texting more than ever and among young adults, many of whom were not yet born when the first message was sent, texting is almost as common a mobile activity as talking. And why wouldn’t it be? According to the latest Simmons National Consumer Study, 48% of adults ages 18-to-24 say that a conversation via text message is just as meaningful as a telephone call. A similar share of adults ages 25-to-34 feel the same way. Regardless of age, texting is still, technically, the second most common activity that Americans engage in on their cell phone after talking. During a typical week, 95% of mobile adults talk on their mobile phone, while 59% text. Among adults ages 18-to-24, however, 89% talk on their phone and 85% text. Despite the increasing availability of mobile chat or instant message applications, texting remains the dominant means for exchanging short messages. Only 8% of all mobile adults use their phone to IM or chat. The fastest thumbs To get a more in-depth understanding of the texting habits of adults today, we leveraged data from the Simmons Connect mobile panel of 1,485 U.S. smartphone owners. Hands down, young adults text more than any age other age group. During a typical month, in fact, smartphone-owners ages 18-to-24 send 2,022 mobile text messages and receive another 1,831 for a combined total of 3,852 texts sent and received. With every age bracket we move up, the number of mobile texts drops by roughly 40%. For instance, smartphone owners ages 25-to-34 send, on average, 1,110 text messages a month and receive another 1,130 for a combined total of 2,240 messages. We are also able to leverage the Simmons Connect smartphone panel to understand mobile calling behaviors. The data shows that while young adults hold the record for the most text messages sent and received, they actually make and receive few calls, by comparison. During a typical month, smartphone owners ages 18-to-24 make 119 calls on their mobile phone and answer another 64 calls. Adults ages 35-to-44 make and receive the most calls on their mobile phones in a given month. (Call counts do not include inbound and outbound calls that go unanswered.) Text around the clock Unlike television and radio, which have peak hours for reaching consumers, mobile text messages reach Americans throughout the day, providing advertisers with a medium to connect with consumers any time they want or need. No surprise, young adults are the most likely to send and receive mobile text messages throughout the day. The smartphone panel data shows that during every hour between 8:00 A.M. and midnight, more than half of young smartphone owners are both sending and receiving mobile text messages. Even when most of us are asleep, young adults’ smartphones continue buzzing from inbound texts. In fact, 37% of 18-to-24 year-old smartphone owners receive texts at 4:00 in the morning. By comparison, just 20% of smartphone-owners ages 25-to-34 years-old receive texts at this late (or early) hour as do 17% of those 35-to-44, 15% of those 45-to-54 and 10% of those ages 55 and older. Better to send or to receive? During overnight hours, the share of young smartphone owners who send texts surpasses the share who receives them. However, by 8:00 A.M., the difference between those two figures narrows to the point that they are nearly equal. In fact, from noon until 11:00 P.M., young adults are more likely to send mobile text messages than they are to receive them. Call or text? While texting is still a secondary use of mobile phones after calling, that’s not the case all day, especially among young adults. In fact, while smartphone owners ages 18-to-24 are more likely to make an outbound call than they are to send a text from their phone between 7:00 A.M. and 10:00 P.M., they are more likely to send a text between 11:00 P.M. and 6:00 A.M., during hours when they might understandably wake the recipient. That should help us all sleep a little better.