Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Marketers are under more pressure than ever before to prove ROI and efficiency of marketing activities in relation to business performance. On top of that, there are new privacy regulations and uncertainty around what new technologies will have to be implemented in order to replace the granular level targeting and measurement the industry historically has used third-party cookies for. It’s clear marketers are going to need the right tech stack and partners to continue to prove their team’s efficacy. We recently partnered with Forrester Consulting to evaluate the current state of customer data-driven marketing and surveyed over 300 global marketing decision makers at the brand and agency levels. We found that marketing is facing increased demands today, insights from the study include: Consumers expect brands to deliver engaging experiences across highly fragmented journeys. Seventy-two percent of decision-makers reported that customers demand more relevant, personalized experiences at the time and place of their choosing. Marketing runs on data, but the rules governing customer data usage are changing quickly. More than 70% of study participants stated that consumer data is the lifeblood of their marketing strategies, fueling the personalized, omnichannel experiences customers demand. These demands paint a challenging picture. Just as marketers are poised (and tasked) with delivering greater value to their organizations and customers, the ground rules are changing and threatening their ability to deliver. Indeed, 62% of respondents said that the forces of data deprecation will have either a “Significant” (40%) or “Critical” (21%) impact on their marketing strategies over the next two years. Effective identity resolution can help brands prepare for data deprecation challenges Marketers face a daunting landscape, but they can leverage the data, technology, and processes that comprise identity resolution to address business objectives, combat ecosystem complexity, and future-proof customer engagement efforts. By utilizing identity resolution, marketers will be able to match and connect multiple identifiers across devices and touchpoints. This allows for a cohesive, omnichannel view that enables brands to continue to deliver personalized and contextually relevant messages throughout the customer journey and without the use of cookies. The identity graph is the underlying infrastructure that defines connections between the numerous, fluid, and disparate identifiers created during moments of consumer engagement, turning disparate signals into addressable and actionable steps. These connections enable brands to bolster their ability to gain deeper customer insights and power audience building, attribution, and connected measurement. Identity resolution encompasses a wide range of capabilities that support an equally diverse set of marketing use cases. These include the targeting, personalization, and measurement of both known and pseudonymous audiences in the offline and digital worlds, which enables marketers to improve customer data management, drive more effective personalization, and gain insights and efficiencies through measurement across touchpoints. By taking the time to vet the privacy procedures and data collection processes of identity solutions you can reduce your regulatory risk and maintain customer trust. In an open-ended survey response, a marketer shared, “We’ve found that users are willing to volunteer data when they understand what it’s being used for and are asked for clear consent.” Finding the right partners to help navigate the changes The scramble to find an alternative to third-party cookies has slowed down since Google announced they will be delaying their cookie removal until late 2023. However, this gives marketers a unique opportunity to take advantage of the additional time and feel more prepared and confident in their solutions. With the delay, marketers can now test ID solutions and compare apples to apples with data from the third-party cookie while it’s still active and addressable. Test and find a solution that works now, so there are no surprises once cookies have finally made their way out the door in 2023. At Tapad, a part of Experian, we’ve developed a solution that provides agnostic interoperability for the myriad of cookieless identifiers emerging in the market. As a new module in the Tapad Graph, Switchboard will connect traditional digital identifiers to cookieless IDs to support the entire ad ecosystem with privacy-safe future-proof identity resolution. Get started with The Tapad Graph For personalized consultation on the value and benefits of The Tapad Graph for your business, email Sales@tapad.com today!
Identity is being constrained, forcing the industry to rethink the way it has operated for 27 years. Industry, regulatory, technology and data trends are leading to a fundamental shift in the way that data is permissioned, accessed, and used for marketing purposes. How the industry defines digital identity moving forward, consumer trust and transparency need to be at the forefront. We, as an industry, have the opportunity to build a more effective advertising framework that puts consumers and data privacy at its core, a framework that won’t rely on a single prevailing identifier. That approach requires all of us to be upfront and transparent about our data practices and usage and make it easy for consumers to opt-out of the use of their information for advertising and marketing solicitations. We, at Experian, also believe that there are a lot of ways to improve the experience for consumers, who are becoming more aware and apprehensive of giving away their data. We believe we can ease the minds of consumers and work within these new constraints by offering better controls and practices around the ways data is shared and utilized. There will be new approaches that come to the market as well that include modeled, non-identifiable information, cohorts, contextual
It’s no secret that the COVID-19 Delta variant is threatening holiday plans across the country. As CDC mandates change and the flu season matures, we’re asking big questions that impact businesses and marketers across the country: Will customers mostly stay at home and order online? Or will people drive to the store and fly to family gatherings? The answer is probably both—but, as we’ve learned, a lot can change overnight. And we want to be prepared this time around. While many of us make vacation plans with a “wait and see” attitude, we want firmer footing at work. To cope with uncertainty, holiday marketing strategies straddle assumptions and require agility. To protect some of the biggest campaigns of the year, marketers need the ability to: Monitor changing customer behaviors during flu season. Track marketing KPIs for campaign performance and quick adaptability. Pivot audience targeting strategy when safety guidelines change. We built Discovery Platform to give you all three so that you can execute your marketing strategy with confidence. Discovery is built on top of robust consumer data and the best-in-class Identity graph that Experian is known for. It offers turn-key activation capability to keep your marketing campaigns agile and efficient this holiday season. Here’s how you can use Discovery Platform to protect your marketing interests from rapidly changing safety guidelines. Track store traffic against competitors Discovery Platform enables Experian clients to keep a tap on their store traffic and relate it to how competitors and overall business category is doing. Monitoring these trends can help marketers adapt to changing consumer behaviors as flu season evolves. Track marketing KPIs Tracking and adjusting ongoing campaign targeting strategy remains a top priority throughout the pandemic, especially during colder, winter months. Discovery enables you to evaluate your campaign targeting strategy in relation with your loyalty card shoppers and in-flight campaign KPIs to drive higher return on ad spend and Customer Lifetime Value. With Discovery’s OmniImpact integration clients can even conduct control test measurement studies. Pivot campaigns quickly You can use Discovery’s Audience Engine integration to build and deploy custom audiences to social, digital, email and Connected TV partners. This gives you the ability to quickly pivot campaign channels once you detect changes in consumer behavior or dips in campaign performance. The sales and customer data flowing into Discovery Platform puts all the insights you need in one place to inform your team’s next marketing strategy. Watch our Discovery Platform demo or contact us to learn how Experian can help you create more effective, agile marketing campaigns for the holidays.