Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Experian Simmons presents a new list of the top 20 television programs for reaching political party loyals as well as three key swing voter segments.
Marketers have always struggled to target the right consumer with the right offer. And with more than 313 million people live in the United States according to the U.S. Census, the challenge is more difficult than ever. With the proliferation of the Internet and mobile technology, today’s consumer operates differently and expects more from their favorite brands. To adapt to that new American consumer, marketers are using highly targeted strategies to drive interest. These can be messages that are relevant to a few hundred consumers or detailed one-on-one communications that target individuals at the point of sale or online. But some marketers struggle to execute these tactics effectively. Most segmentation is currently done prior to a campaign, meaning that marketers determine which message a consumer will receive before ever interacting with that individual. Unfortunately, with the rapid nature of purchasing decisions and buying transactions, businesses often miss opportunities because it takes too long to get the right message to the right consumer. To keep up, marketers need to collect intelligence at the point of contact so they can understand each individual consumer’s habits and preferences during that connection. This intelligence can then feed modeling algorithms that enable automatic offers based on an individual’s preferences. To develop a strategy around real-time marketing intelligence, marketers should take the following steps: Clean existing data – at the root of any intelligence strategy is data. Information determines a company’s ability to reach target individuals – and understand who they are and what they’re interested in. Unfortunately, if the data that feeds intelligence efforts is inaccurate, marketers are simply unable to communicate with or understand consumers. Ensuring the validity of contact information, internal records and third-party data elements helps organizations target consumers and ensures that sophisticated analysis is as precise as possible. Identify strategies – organizations should analyze their target markets and determine which communication channels could benefit from a more personalized customer experience. Marketers should decide how they want to change each communication to help drive the desired action from each consumer. Consider personalizing website displays based on geographic regions, customizing an introductory message or revamping loyalty campaigns based on purchase history and consumer interests. Real-time intelligence – marketers should build models to help predict the best offers for each target audience. These models can be designed to take into account demographic and behavioral information, as well as purchase history and internal data. Marketers can feed these models with intelligence gained at the point of contact to prompt consumers in real time with specific, relevant offers. As marketers continue to enhance and refine targeting efforts, it’s important to gain customer insight. Those who leverage these advanced technologies and strategies will create stronger customer engagement. Segmenting customers and taking measurable action in real time are advanced techniques that appeal to many marketers today. Achieving this level of interaction allows organizations to optimize marketing efforts and provide the right offer at the right time to the right consumer.
In today’s multi-channel shopping world online behavior can’t be overlooked. Marketers need to enhance their offline marketing efforts with online data to take advantage of incorporating online behavior into targeting efforts.