Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
To our valued customers and partners,It’s been an exciting week here at Tapad! As announced in a press release this morning, Tapad is now a member of the Experian family. We’re thrilled to continue to grow as a leader in identity resolution under the umbrella of a global expert in data, analytics and technology. Tapad and Experian are deeply connected by our commitment to serving the needs of our customers; and with a focus on quality of the data we provide, we have a common goal for the future of identity in the advertising ecosystem. As part of this announcement, we wanted to assure you, our valued customer, that we remain deeply committed to serving you today just as we always have. Nothing will change in your daily operations with Tapad. Experian immediately recognized that the success and growth of Tapad was directly tied to the strength and depth of its team members. As such, the acquisition will not result in any changes to day-to-day contacts at Tapad, or processes with weekly graph deliveries and other product support. Experian’s faith and investment in Tapad’s future and the future of identity resolution underscores what we’ve always believed our products could achieve and that we will be able to continue serving brands, advertisers, publishers, and the advertising and marketing ecosystem for years to come. On a personal note, I am excited to be transitioning my role as Chief Operating Officer of Tapad to the General Manager position of a global business that’s achieved exponential growth over the past several years; culminating in this strategic acquisition that will no doubt bring even more value to our customers in the future. We remain committed to open communication and welcome any questions you may have. Thank you, Mark Connon | General Manager, Tapad
Addressable TV has been through a transformation in the past year. Streaming content has become the most coveted space for creators and advertisers with the rise of new apps and platforms; but the influx of stay-at-home orders around the country have shifted television viewership as we know it, and streaming apps are popping up in droves to take advantage. So, how can you? With no shortage of opportunities to advertise on addressable TV and CTV, how does it fit into the media mix? And furthermore, how can you attribute this household-level device into your overall strategy? Tying it all together Layering addressable TV within digital ad campaigns couldn’t be easier today — but applying the right targeting and cadence between all of your digital efforts; and tying them together in attribution takes the right kind of data. Marketers can use CTV identifiers coupled with other device identifiers available in The Tapad Graph to not only target impressions but also map addressable TVs within the consumer journey; and unify strategies between household decision makers to better personalize messaging. Let's get to work, together At Tapad, we provide actionable insights for marketers to deliver better ad experiences to their consumers through identity resolution. Interested in learning more? Contact us today at sales@tapad.com for a more personal conversation about your identity strategy. 1 The Trade Desk Q2 2020 Earnings Call Transcript, August 2020; 2 iSpot Report, via Deadline, July 2020; 3 Flixed.io, January 2020
For the past several years ad-tech defined the value of identity at the individual level; made possible by the evolution of data, technology and machine-learning. But, earlier this year COVID-19 set in motion many shifts in consumer digital behavior. The more we’ve been working and learning from home, using devices that are shared amongst an entire household, the more apparent it is that marketers need to shift their strategies to align with these changes. Did you know the average household owns eleven or more connected devices? And the longer we’ve been at home, the more these devices are shared by multiple individuals. If you’re looking for a few simple ways to evolve from an individual focused strategy to a household strategy, here’s a good place to start: Audience segmentation Traditionally, audiences are built with a narrow focus on a single user, and what known attributes about that individual or their brand engagement can be leveraged for a targeting strategy. Now that screens are being shared between multiple users in a home, how can you be sure you’re identifying them correctly, and thus, segmenting them in the right buckets for targeting? The key lies in the ability to connect those points through identity resolution. Using ad exposure from household level devices, followed by a second engagement from an individual within that household can indicate a user is a better candidate for purchase or conversion than others. So before you build audiences for targeting, you can qualify them at the household level for segmentation with more confidence. Example: An auto advertiser uses audience segments from a third party provider such as ‘auto intenders’ to target individuals with new pricing offers. They would continue retargeting these users, unaware that some are connected in the same household, and thus are probably not all in the market to actually get a new car. By bucketing users that share a common household device within this third party segment, they can hone in on which individuals are actually in-market for a car and evolve their strategy to be more effective. Targeting Retargeting, frequency capping and sequential messaging have always been meant for an individual user — the more they’re exposed to your brand in a personalized way, the more likely they are to take the desired action. But, have you considered that multiple users could have a shared initial exposure to your brand? Today, you can target a household of potential consumers on a shared device like a CTV, and employ those retargeting strategies based on that common initial exposure. Starting at the household level, means you can compare movement through the funnel between different individuals in that household, and tailor your targeting accordingly. Perhaps you realize only one person in that household will convert and you tailor messaging to them more frequently, while confidently suppressing the other individuals. Example: a CPG brand uses OTT advertising, but doesn’t incorporate it within their sequential strategy, because they consider it just a ‘brand awareness’ opportunity. By using OTT more strategically as a household level engagement, it can reveal which individuals within a household are more favorable towards a brand further down the funnel. So, you can spend impressions targeting those users, rather than wasting impressions on multiple individuals within the household. Measurement Measurement and attribution are imperative to understanding the path to purchase and making strategies more efficient over time. Often that efficiency involves adding or removing devices and channels from a targeting strategy based on their contribution to an action or conversion by an individual. This year we’re seeing addressable TV devices explode in use, which are shared at the household level. Even desktop computers are being used by more people in the home due to COVID-19. So, assuming a linear path of attribution by an individual is missing the full picture. Identity resolution can help you understand where messaging was more effective for some users in the household than others, and leverage that insight to continue more effective strategies in the future. Example: Without a household view, a direct-to-consumer brand would assume all interactions from one device would be coming from a single individual, and that could create a higher cost-per analysis. By incorporating the household level devices into attribution models, they can find efficiencies between touch points of multiple users, and learn how those split off into individual paths to conversion. Not only can this DTC create a more effective model, but they can use that model to create cost efficiencies in the future. Get started with The Tapad Graph For personalized consultation on the value and benefits of The Tapad Graph for your business, email Sales@tapad.com today!