Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
NEW YORK, Oct. 16, 2019 /PRNewswire/ — Tapad, part of Experian and a global leader in digital identity resolution, and The Trade Desk, a global advertising technology leader, partnered to integrate The Trade Desk's unified ID solution in April 2019. The Trade Desk's unified ID solution's objective is to serve as a standardized cookie ID to help marketers reach more of their audience on the open internet. After an initial six month period, Tapad reports significant adoption rates and enhanced customer results since their joint integration in April. As a result of the partnership, client brands, agencies, DMPs/ DSPs, Data Providers, Mobile Networks and Measurement/Analytics Providers, saw increased match rates up to 38% and more global coverage without compromising precision. With this combined offering, Tapad's global, privacy-safe digital cross-device solution, The Tapad Graph, connects brands with consumers over 4 billion devices globally. "There is a need for digital identity solutions outside the walled gardens that can accommodate the need for both precision and scale," said Chris Feo, SVP of Strategy and Global Partnerships at Tapad. "Through our partnership with The Trade Desk, we are empowering companies to have a comparable digital identity resolution across the open web as compared to the walled garden environments." Over 25 companies who license The Tapad Graph, such as Annalect, Semasio, Retargetly, and ThinkCX, have also included The Trade Desk's unified ID solution as a key identifier in their graph output. "The vast improvement in scale that Tapad has seen illustrates the value digital identity resolution products can bring for brands," said Nate Gawel, General Manager of Data Partnerships at The Trade Desk. "We're looking forward to continuing work with Tapad to prove that the open internet can deliver the very same benefits many reserve for large platforms." Adoption of the unified ID solution allows all parties across the supply chain (SSPs, DSPs, DMPs and data providers) to utilize The Trade Desk's cookie footprint to increase their own cookie coverage across the global independent internet. For more information, please visit The Trade Desk's unified ID solution site, or https://www.experian.com/marketing/consumer-sync to learn more about Tapad's digital identity resolution products. About Tapad:Tapad, Inc. is a global leader in digital identity resolution. The Tapad Graph, and its related solutions, provide a transparent, privacy-safe approach connecting brands to consumers through their devices globally. Our one-of-a-kind Graph Select offering enables marketers the flexibility and freedom of choice to correlate devices to varied objectives, driving campaign effectiveness and business results. Tapad is recognized across the industry for its product innovation, workplace culture and talent, and has earned numerous awards including One World Identity's 2019 Top 100 Influencers in Identity Award. Headquartered in New York, Tapad also has offices in Chicago, London, Oslo, Singapore and Tokyo. About The Trade Desk:The Trade Desk™ is a technology company that empowers buyers of advertising. Through its self-service, cloud-based platform, ad buyers can create, manage, and optimize digital advertising campaigns across ad formats and devices. Integrations with major data, inventory, and publisher partners ensure maximum reach and decisioning capabilities, and enterprise APIs enable custom development on top of the platform. Headquartered in Ventura, CA, The Trade Desk has offices across North America, Europe, and Asia Pacific. To learn more, visit thetradedesk.com or follow us on Facebook, Twitter, LinkedIn and YouTube. Contact us today!
Gen Z is ready to be noticed and become a force to be reckoned with in the market. In the auto market alone, Gen Z made up 3.8 percent of all new vehicle registrations in the first quarter of 2019.
For as long as the ad buying process has existed, most brands and agencies have put an emphasis on the channel – meaning there were specific campaigns for direct mail, email, TV, social media, banner ads, etc. In fact, the teams responsible for these campaigns often work in silos. But with more people consuming information through multiple channels, it’s important for brands and agencies to put the customer at the center of the ad buying process – to develop and implement true omnichannel campaigns. I recently wrote a byline article for Broadcasting & Cable that explored the concept of the “PeopleFronts.” While the Upfronts and Newfronts have dominated the ad buying world, brands and agencies need place larger emphasis on the customer. At the end of the day, the right mindset can open the door for more powerful campaigns and relevant messages that resonate with the consumer.