Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Marketers are under more pressure than ever before to prove ROI and efficiency of marketing activities in relation to business performance. On top of that, there are new privacy regulations and uncertainty around what new technologies will have to be implemented in order to replace the granular level targeting and measurement the industry historically has used third-party cookies for. It’s clear marketers are going to need the right tech stack and partners to continue to prove their team’s efficacy. We recently partnered with Forrester Consulting to evaluate the current state of customer data-driven marketing and surveyed over 300 global marketing decision makers at the brand and agency levels. We found that marketing is facing increased demands today, insights from the study include: Consumers expect brands to deliver engaging experiences across highly fragmented journeys. Seventy-two percent of decision-makers reported that customers demand more relevant, personalized experiences at the time and place of their choosing. Marketing runs on data, but the rules governing customer data usage are changing quickly. More than 70% of study participants stated that consumer data is the lifeblood of their marketing strategies, fueling the personalized, omnichannel experiences customers demand. These demands paint a challenging picture. Just as marketers are poised (and tasked) with delivering greater value to their organizations and customers, the ground rules are changing and threatening their ability to deliver. Indeed, 62% of respondents said that the forces of data deprecation will have either a “Significant” (40%) or “Critical” (21%) impact on their marketing strategies over the next two years. Effective identity resolution can help brands prepare for data deprecation challenges Marketers face a daunting landscape, but they can leverage the data, technology, and processes that comprise identity resolution to address business objectives, combat ecosystem complexity, and future-proof customer engagement efforts. By utilizing identity resolution, marketers will be able to match and connect multiple identifiers across devices and touchpoints. This allows for a cohesive, omnichannel view that enables brands to continue to deliver personalized and contextually relevant messages throughout the customer journey and without the use of cookies. The identity graph is the underlying infrastructure that defines connections between the numerous, fluid, and disparate identifiers created during moments of consumer engagement, turning disparate signals into addressable and actionable steps. These connections enable brands to bolster their ability to gain deeper customer insights and power audience building, attribution, and connected measurement. Identity resolution encompasses a wide range of capabilities that support an equally diverse set of marketing use cases. These include the targeting, personalization, and measurement of both known and pseudonymous audiences in the offline and digital worlds, which enables marketers to improve customer data management, drive more effective personalization, and gain insights and efficiencies through measurement across touchpoints. By taking the time to vet the privacy procedures and data collection processes of identity solutions you can reduce your regulatory risk and maintain customer trust. In an open-ended survey response, a marketer shared, “We’ve found that users are willing to volunteer data when they understand what it’s being used for and are asked for clear consent.” Finding the right partners to help navigate the changes The scramble to find an alternative to third-party cookies has slowed down since Google announced they will be delaying their cookie removal until late 2023. However, this gives marketers a unique opportunity to take advantage of the additional time and feel more prepared and confident in their solutions. With the delay, marketers can now test ID solutions and compare apples to apples with data from the third-party cookie while it’s still active and addressable. Test and find a solution that works now, so there are no surprises once cookies have finally made their way out the door in 2023. At Tapad, a part of Experian, we’ve developed a solution that provides agnostic interoperability for the myriad of cookieless identifiers emerging in the market. As a new module in the Tapad Graph, Switchboard will connect traditional digital identifiers to cookieless IDs to support the entire ad ecosystem with privacy-safe future-proof identity resolution. Get started with The Tapad Graph For personalized consultation on the value and benefits of The Tapad Graph for your business, email Sales@tapad.com today!
Scott Kozub, VP of Product Management, told the story of Experian Sanctuary, at the iAB Audience Connect event. Read the cliff notes on Marketing Forward.
The COVID variant is threatening holiday plans across the country. To protect many of the biggest campaigns of the year, Experian built Discovery Platform. Read the article to find out how you can brace your holiday campaigns for the holiday season.