Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Definition of an NHL and Non-NHL fan The behaviors and preferences of National Hockey League (NHL) and non-NHL fans are compared in this report. Below are the definitions of each consumer type: NHL fans are 18+ adults who are either “very”, “somewhat”, or “a little bit” interested in NHL Non-NHL fans are 18+ adults who are “not at all” interested in NHL Who Are NHL Fans? Compared to 2006, there are 11 percent more American adults who are NHL fans*. And with 52 percent of its fans under the age of 45, the NHL’s fan base is – for the most part – young. NHL Fans Are Educated and Well Paid NHL fans are more likely than non-NHL fans to have graduated college and attained a graduate degree. The benefits of their higher education is clear as NHL fans are 64 percent more likely than non-NHL fans to personally earn an income of $150,000 or more annually. Next we’ll examine a few luxuries NHL fans enjoy: home-ownership, watches, and vehicles. Home Owners Seventy-seven percent of NHL fans own their place of residence. The graph below charts the percentage of NHL and non-NHL fans who own any resident type (includes house, condominium, co-op and mobile home). As illustrated, there are more NHL fans than non-fans who own homes that value at $300,000 or more. Watches Twenty-six percent of NHL fans purchased a watch for themselves or someone else in the last 12 months and their tastes are not cheap. NHL fans are 2.6 times more likely than non-fans to have spent $500 or more on a timepiece. Vehicles Similar to their watch purchasing behavior, NHL fans are willing to splurge on their vehicles. For their most recent vehicle purchase, NHL fans were 13 percent more likely than non-NHL fans to spend over $30,000. Internet Purchases NHL fans spend big online. During the last 12 months, NHL fans spent a total $9.9 billion on Internet purchases. Among those who made a purchase in the last year, NHL fans are 25 percent more likely than non-NHL fans to spend $1,000 or more online during the year. In fact, 41 percent of NHL fans who shop the Internet spend at least $500 online a year. Business Purchase Decision Makers The previous slides established that NHL fans have expensive taste and aren’t troubled spending extra to purchase personal items. However, can the same be said for business-related purchases? Indeed it can. Not only are there more NHL fans than non-fans making business purchase decisions, they’re also 54 percent more likely than non-fans to spend $100,000 or more on office products. Conclusion The National Hockey League has a growing fan base that doesn’t mind spending extra for products and services.