Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
If you live in an early primary or caucus state, you’ve probably already had your fill of political advertising. According to The Washington Post, politicians and political groups spent more than $23 million on campaign television ads as of December 1, 2011. With record ad spending predicted for the 2012 election, the rest of the nation will soon be bombarded with television ads “approved by” politicians from the left, right and the center of the political spectrum. Candidates and those groups that support them need to know where to allocate their ad dollars to either connect with their base or reach swing voters. Experian Simmons analyzed the viewing audiences of over 600 broadcast, cable and syndicated TV programs that were measured in our most recent National Consumer Study in order to pinpoint opportunities for politicians to reach partisans and middle of the road voters. This analysis has already gathered the attention of major media outlets, including Entertainment Weekly, The Washington Post, AOL, Huffington Post and more. Below are the entertainment and news programs that score the highest concentration of liberal Democrats among their viewers, Conservative Republicans and Middle-of-the-Road Voters registered with any party. Be sure to check out our free 2011 PoliticalPersonas report in which Experian Simmons delivers the mindset of the American voter, including attitudes, brand preferences and their penchant for social media. You can also check out a similar analysis of TV preferences of political partisans that we conducted last year here and here.
Social media continues to be one of the fastest growing industries online. Between September 2010 and September 2011 visits to Social Networks and Forums have increased by nearly 11% and, if you saw my Internet clock blog last month, social media accounts for nearly a quarter of all time spent online. But when are people engaging with social media the most? We took a look at the UK Internet visits to the Social Networks and Forums category each month between 2009 and 2011. We then averaged those visits across the months to see the seasonal trends with social media. What this shows is that social media usage is at its lowest at the beginning of the year and climbs throughout the course of the year towards a peak in December. Over the last three years December has always seen the peak of online visits and in fact last Christmas Day Facebook overtook Google for the first time ever in terms of UK Internet visits. We know that Christmas is a very social time and a time for sharing messages with loved ones, friends and family, so the increased visits to social networks during December is to be expected. More generally, what this graph shows is that social media observes two seasonal trends. The first is an early summer peak in visits in June, before a decline in visits in July and August. This seasonal dip in July and August can be explained by summer holidays where people are more likely to go abroad and therefore less likely to be using social networks. The second seasonal trend is a recovery in visits in September and October before a yearly peak at Christmas. With students starting university terms, kids going back to school, and the working population returning from holiday this would account for the increased interaction in September and October before the Christmas surge. In particular what we’ve seen in September data is a resurgence in market share of visits to Facebook, which bounced back after the summer dip to account for nearly 52% of all visits to a social network. The message here for brands who want to capitalise on social media traffic is to start implementing their social strategy now rather than waiting for Christmas. As October is the second busiest month of the year for social media visits we are expecting over 800 million hours to be spent on social networks this month, which represents a huge opportunity to engage with new and existing customers online. Follow Hitwise UK on Twitter.
Marketing by mobile device is now as popular as ever as retailers send shoppers text messages with special offers and sales. More and more companies are also offering their own phone apps so customers can search for product information and deals on the go. With more than 80 million mobile internet users in the United States, retailers can really benefit from this communication channel. One perk for shoppers is that they no longer have to save and print out coupons from emails! Through their mobile phones, shoppers can receive texts about sales and coupons as they enter stores. They can keep track of their favorite stores and make a purchase anywhere/anytime. One perk for shoppers is that they no longer have to save and print out coupons from emails! All they have to do is show the coupon on their phone at the point of purchase to redeem their coupon. With “QR” bar codes or quick response codes directly on coupons on your phone, savings can be redeemed on the spot. While many people don’t know yet that they can use QR codes on a mobile device, retailers have only begun to take advantage of this technology and more customers are now able to scan items in a store and pay for it using their mobile phones. While it’s just the beginning of a new era, mobile marketing is taking us by storm and now is the perfect time to put this trend into effect.