Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Fluctuation in consumers' behaviors and preferences during the pandemic has prompted a shift in the practices and patterns that we are accustomed to. Powerful market forces are emerging as society builds a new normal, forcing marketers to rethink their strategy, activation, and measurement. It is important for marketers to understand the forces that influence the industry, and to learn about alternative approaches that can be applied to help reach their goals. In our recent webinar, ‘How to Adjust to the New World of Advertising,’ Experian’s Chris Feo and guest speaker Tina Moffett, Principal Analyst at Forrester Research, lead an in-depth discussion of the market dynamics and developments guiding us to this new era of advertising. They talked about: The pandemic changing consumer behavior Emerging media channels Data deprecation The pandemic and increased media consumption The pandemic caused seismic shifts in consumer behaviors and business operations. Work from home became the norm, consumers made drastic changes in their routines, and businesses had to adjust to new operating models as local economies shrank and supply chains strained. As stay-at-home orders were put into effect, consumers increased their media consumption drastically as more time was spent at home in front of their devices. According to Forrester, by June 2020, 48% of US online adults subscribed to at least one streaming service, while 34% had signed up for multiple. Forrester contends that: Social and online video/OTT will grow fastest among other categories of ad spend Connected TV outpaces other video advertising channels 55% of consumers plan to continue watching movies at home rather than in theatres after the pandemic Data deprecation The ways that marketers can personalize content and measure the effectiveness of campaigns is changing with data deprecation. Consumer preferences, regulations, and technology providers are evolving the way advertisers understand consumers, causing changes to existing identity-based marketing strategies. According to Forrester, 66% of marketers are investing in first-party data collection strategies to adapt to these market forces. Marketers need to adjust Demand for a new advertising approach Changes in consumer behavior, evolving media consumption patterns, and data deprecation have marketers looking at new approaches to targeting and measurement. However, with the future uncertain in many of these areas, marketers need to test and experiment to determine which approach is best for them in particular use cases. Shifting to a new world of experimentation Advertisers need to start by assessing their current environment to determine where they have exposure today, which methods of identification they are using, and how those channels may be impacted by the market forces outlined earlier. From there, they need to start asking themselves how they can assess identity in the future or if there is another way to approach advertising in that specific channel. There are specific areas where marketers can look to make investments in terms of experimentation: Adoption of cleanrooms to support analytics and audience targeting Investment in first-party data to overcome the issue of data deprecation Shifting to a value-based, omni-channel advertising mindset to address customers’ needs Investment in data-savvy resources to manage media insights Adoption of consistent cross-platform advertising metrics and currencies to inform better planning If you missed our recent webinar ‘How to Adjust to the New World of Advertising,’ you can listen to the full discussion here.
Hashed Email is a privacy-safe digital identifier that can further enrich and expand the functionality and utility of The Tapad Graph with access to Tapad + Experian’s universe of email data. This provides maximum coverage for targeting and measurement when combined with household and individual IDs such as Cookies, MAIDs, CTV IDs, and IP Addresses. Gain back a clearer view Recent data from DMA shows that 51% of people have held the same email address for over 10 years. Email address data by its nature is authenticated and reliable due to its longevity. When leveraging Hashed Email as an extended functionality of The Tapad Graph, we are able to link on average 5 email addresses to each individual, reaching up to 90% of households across the US. Hashed Email expands the customer view by adding new email address identifiers into The Tapad Graph that associate with traditional digital IDs and cookie-less IDs emerging in the marketplace. Reduce fragmentation; and instead of viewing the emails as multiple customers, with Hashed Email they can be viewed as one user profile. When enabled, clients who wouldn’t traditionally have access to first-party customer emails are able to associate and link privacy-safe emails to individuals and their households. Brands and retailers can use Hashed Email to extend these linkages across offline purchases associated with each email; connecting traditional digital identifiers between walled gardens, activation in programmatic media buys, and addressable TV. With the holiday season quickly approaching, access to Hashed Emails will instantly increase scale, connectivity and improve measurement when efficiency, personalization and holistic attribution are pivotal to marketing strategies. Let’s visualize how quickly the customer journey can become fragmented when email addresses that belong to the same person are not associated. Mary has 3 email addresses that she frequently uses. One for social media accounts Email ID 1, one for shopping accounts Email ID 2, and another for work Email ID 3. Mary is a brand loyalist to a top national retailer and whenever there is a new season, there is a high likelihood that she will purchase the latest seasonal decor from that store. She recently did some holiday shopping in-store where she purchased nearly the whole holiday line. Email ID 2 was used to send her a receipt. However, Mary annoyingly receives the store's ads on Facebook for holiday decor that she had already purchased. This is because the retailer has not yet identified that Email ID 1 and Email ID 2 belong to the same consumer. If the retailer were to leverage Hashed Email, they would be able to identify that both email addresses used belong to Mary. This association connects her multiple email addresses together, enables her offline purchases to sync with her online activity, and helps to determine the most accurate ROAS. Hashed Email is a cookie-free added view into consumer behavior for control over messaging and for measurement. When leveraging it’s possible to report back across all channels and devices in a universal format to know when and how conversions are taking place. Don't leave valuable data on the table Hashed Email has use cases beyond reducing wasted media impressions. Hashed Email’s full capabilities extend to campaign measurement and attribution modeling. When utilizing The Tapad Graph combined with Hashed Email, know from the first touchpoint to the last where your customers are engaging. But more importantly, know where households and the individuals inside of those households are converting across all of their digital devices, by using traditional digital IDs, cookie-less IDs, and Hashed Email to associate, measure, and correlate online and offline purchases. Imagine what your campaigns could look like this holiday season if you expanded your graph with up to 5 additional IDs per household. This impact could be a game-changer to scale this holiday season. Hashed Email is a reliable cookie-less digital identifier that expands your customer universe that connects online and offline activity while improving the customer experience and reducing wasted media spend. Enabling Hashed Email for the holiday season is not an opportunity that should be passed on. Where do you sign up, you ask? Get started with The Tapad Graph For personalized consultation on the value and benefits of The Tapad Graph for your business, email Sales@tapad.com today!
Identified in The 2021 Digital Advertising Trends Report published by Postclick, marketers are striving to improve and enhance their segmentation and targeting strategies in their digital ad campaigns. Carlos Lopez, SVP of Brand Planning at Digitas Health predicted that in 2021, the challenge will be to overcome the death of third-party cookies and still deliver a personalized advertising experience. It’s fair to say that his prediction will still be impacting marketers past 2021 with the delay of cookie deprecation. These goals along with the constantly changing digital landscape paint a challenging picture for even the most advanced marketers. Marketers can be prepared for the next era of digital marketing by finding the right mix of partners that offer privacy-safe, cookie-free solutions. Smart marketers will employ these solutions and compare these results with data from cookies. The Tapad + Experian Take The Tapad Graph enables brands, agencies, and ad tech platforms to identify and target individuals and households across their digital touchpoints. With this data, they can personalize messages across devices, measure and optimize throughout the customer journey, and then report back on conversions at the individual and household levels. Tapad, now part of Experian, leverages a machine learning algorithm that determines these connections at scale by using probabilistic models with authenticated, privacy-safe, real-time data. There are a myriad of cookieless IDs emerging in the marketplace, and it’s not likely going to be a one size fits all situation. In order to be prepared for the next era of digital marketing, marketers should diversify ID partners and be proactive with testing while the cookie is still around to benchmark against. With Switchboard, a module within The Tapad Graph, we’ve been able to develop connections between traditional digital identifiers (IP Addresses, MAIDs, CTV IDs) and the new wave of cookieless IDs (UID2.0, Panorama ID, ID5 ID) that will be utilized in the future. Here’s an example of what The Tapad Graph and Switchboard looks like at the Household level with various traditional digital identifiers and cookieless IDs. Get started with The Tapad Graph For personalized consultation on the value and benefits of The Tapad Graph for your business, email Sales@tapad.com today!