Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
For British Petroleum (BP), 2010 has been marked by the unfortunate developments resulting after the Deepwater Horizon oil rig explosion in the Gulf of Mexico on April 20. Since then, BP’s crisis mismanagement and failed attempts to stop the oil spill have transformed this unfortunate event into an ecological disaster with political and financial consequences for the company. The oil leak has caused BP to lose a noticeable number of its American customers, namely their most loyal consumers. Experian Simmons DataStream shows that between April 26 and June 28, 2010 the percentage of American adults who report going to BP fell from 26.4% to 16.4%, a relative loss of 38% of their client base in just nine weeks. More astounding is the fact that BP’s most loyal consumers (those who said that BP is the gas or service station that they go to most often) declined a relative 56% during the same time. In fact, on June 28, 2010, only 9.5% of adults went to BP most often compared with 21.5% who were loyal to BP the week of the spill. With the flow of oil temporarily ceased and nearing a permanent solution, BP may finally be able to cap the flow of bad publicity and to reverse some of their loss in market share. Experian Simmons will continue to monitor this and other important consumer trends and share those findings here.
According to data released by Standard and Poor’s and Experian for S&P/Experian Consumer Credit Default Indices, “default rates nationally fell in May across the board.” Defaulting balances declined among all types of credit lines, including bank card loans, first and second mortgage default rates and auto loans. Further research from Experian Simmons DataStream underscores this trend. Between November 17, 2008 and May 10, 2010, there has been a 15% increase in the share of major credit card holders who report usually paying their credit card balance in full each month. This increase is reflected among both VISA and MasterCard credit card holders, during the same time period. Specifically, the percent of VISA and MasterCard credit card holders who usually pay their credit card balance in full increased by 25% and 17%, respectively. During the later part of 2008 and much of the first half of 2009, MasterCard holders were the more likely to pay their card balance in full each month. Today, however, VISA card holders are the more likely to pay the full amount due. As of May 10, 2010, 42% of VISA card holders usually paid their VISA balance in full compared with 40% of MasterCard holders. American consumers’ attempt to become solvent shows that personal financial responsibility standards are increasing in response to the recent financial crisis. According to data released by Standard and Poor’s and Experian for S&P/Experian Consumer Credit Default Indices, “default rates nationally fell in May across the board.” Defaulting balances declined among all types of credit lines, including bank card loans, first and second mortgage default rates and auto loans. Further research from Experian Simmons DataStream underscores this trend. Between November 17, 2008 and May 10, 2010, there has been a 15% increase in the share of major credit card holders who report usually paying their credit card balance in full each month. This increase is reflected among both VISA and MasterCard credit card holders, during the same time period. Specifically, the percent of VISA and MasterCard credit card holders who usually pay their credit card balance in full increased by 25% and 17%, respectively. During the later part of 2008 and much of the first half of 2009, MasterCard holders were the more likely to pay their card balance in full each month. Today, however, VISA card holders are the more likely to pay the full amount due. As of May 10, 2010, 42% of VISA card holders usually paid their VISA balance in full compared with 40% of MasterCard holders. American consumers’ attempt to become solvent shows that personal financial responsibility standards are increasing in response to the recent financial crisis.
Forward thinking marketers leverage the power of social networking sites like Facebook, MySpace, Twitter and more to connect to consumers in a more personal and meaningful way. That's why Experian Simmons is focusing on social networking in this issue of Consumer Insights, featuring the freshest insights available from the latest Simmons New Media Study. The 2010 Social Networking Report provides the hard data behind this consumer revolution, including the fact that fully 66% of online Americans use social networking sites today, up from just 20% in 2007. Social networking is an increasingly addictive activity, with nearly half of those who access such sites (43%) reporting that they visit them multiple times per day. While users of social networking sites may have initially signed up to better keep in touch with friends, a growing number say they now use sites like Facebook to connect with family members. An astounding 70% of social networkers keep in touch with family via their various online networks, up from 61% a year ago. Fully two-thirds of all online adults today have visited a social networking site in the last 30 days, up from 53% in 2008 and 20% in 2007. Social networks have most thoroughly penetrated the young adult market, as nearly 9-in-10 online 18-to 34-year-olds visit such sites today. But even older Americans are tapping into social networks, with 41% of online adults age 50 and older making monthly visits to sites like Facebook, MySpace and Twitter. The rise of social networking tracks closely with that of Facebook. As of April 26, 2010, 46% of the U.S. online adult population reported having visited Facebook in the past 30 days. While keeping in touch with others is an important part of social networking, the popularity of games like Farmville and Mafia Wars illustrate that fun is a big part of the appeal of social networking. Whether it’s keeping in touch with others, playing games, debating politics or any of the other reasons people use social networking sites, it cannot be denied that there’s a sense of addictiveness to it all. Visiting social networking sites multiple times a day is up 28% over last year, while less frequent visits are down across the board. As social networking sites extend their reach across generations, Americans are increasingly using such sites to connect with more than just their friends. Today, 17% of social networkers communicate with their parents via those sites and 22% connect with their kids, up from 9% and 15%, respectively, a year ago. An astounding two-thirds of social networking site visitors (68%) say they have shown their support of a product, service, company or musical group by becoming a “fan” or a “friend” on a social networking site. One year earlier, only 57% of social networkers had publicly declared their “like” for a product, service, company or musical group. Knowing that social networkers are comfortable connecting with products and brands they support, it's important to understand which brands have the best opportunity to connect with this group. Top retail brands among Facebook users, for instance, include H&M, Hot Topc and Forever 21. Specifically, Facebook users are full twice as likely as the average American adult to shop at H&M. Twitter visitors are 3.7 times more likely to shop at Nordstrom. Heavy users of social networking sites are primarily concentrated in the Northwest and markets that are heavily influenced by major colleges or universities.