Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Partnership Yields Increased Match and Connectivity Rate Through Tapad Graph, acquired by Experian March 27, 2018 — New York, N.Y. — Tapad, part of Experian, is reinventing personalization for the modern marketer and today announced the impactful results of its strategic partnership with Flashtalking, the leading global independent platform for ad delivery, unification and insights. Flashtalking is one of Tapad's most engaged partners, using the Tapad Graph to unify cross-device engagement and identity-driven consumer behaviors for attribution modeling. The company leverages a unique identifier that, in conjunction with Tapad's Graph, provides robust multi-touch attribution solution for its clients. This partnership has resulted in above-industry match and bridge rates for Flashtalking and its customers. Overall, the Tapad Graph yielded a 71 percent match rate with 41 percent of converters engaging on multiple devices, highlighting the importance of cross-device measurement. Tapad’s identity solutions provide Flashtalking with a more holistic view of global engagement. Flashtalking marries ad server log file data with the Tapad Graph to connect all interactions in the consumer journey. This enables Flashtalking to provide more accurate and impactful cross-device attribution, which ultimately enables better optimization. These achievements have led to recognition of Tapad and Flashtalking’s work by the I-COM Global Forum for Marketing, Data and Measurement. “Tapad allows us to understand user engagement across devices and platforms at both the household or individual user level, which is extremely beneficial when providing marketers with true path to conversion and attribution,” said Steve Latham, global head of analytics at Flashtalking. “Since our relationship began, we’ve successfully leveraged Tapad data to provide more accurate, actionable insights that have helped numerous brands achieve substantial gains in media effectiveness.” Flashtalking client Michael Lamontagne, SVP of analytics and CRM at 22squared says “We are big believers in using cross-device insights to improve our campaigns. Flashtalking has been a strategic partner in the pursuit of that goal. By incorporating the Tapad Graph, Flashtalking delivers powerful insights into user engagement and media attribution across browsers and devices. Of equal importance, their bundled solution makes it easy and efficient, saving our team countless hours of busy work.” “Our ongoing work with Flashtalking has had a significant impact on the accomplishments we’ve achieved,” said Chris Feo, SVP, strategy & global partnerships at Tapad. “Being able to grow with a dedicated partner that leverages our proprietary technology in unique ways has helped us uncover the global impact our services can have on a business. We’re proud to drive success for Flashtalking’s clients on a global scale.” Contact us today
Digital Marketing Challenges Are you new to digital marketing? If you answered yes, then you may already know this is a complex world made up of cookies, pixels, attribution, and unique KPIs. With nearly 10 years of advertising experience, Experian is familiar with the challenges advertisers face as they prepare for their first digital marketing campaign. Those challenges include: determining a target audience, justifying data fees for targeting, sending a consistent message to every channel and measuring the success of a campaign. Of these challenges, creating an accurate, data-driven target audience and understanding the attribution process are the two most common. Coincidentally, these two challenges tend to be the most difficult to overcome and have the highest impact on a campaign’s success. 1.) Creating an accurate, data-driven target audience Understanding the basic demographics of your customer is the first step in the audience creation process. Your next step should be to understand your customers’ lifestyles, purchase behaviors, and current interests. By truly knowing your customer, you are then able to build out a multi-channel targeting strategy comprehensive of not only basic demographics and past behavioral data, but current behavioral trends that lead to individuals who are in market for a product or service. This reduces irrelevant marketing to individuals who may have the demographic characteristics, but are not yet in market. Overall, creating a relevant target audience saves media spend by focusing on targeting tactics that have a higher potential for success. 2.) Understanding the attribution process Now that you have your target audience, you need to determine how to measure the success of your campaign. Is your goal to increase online purchases? Drive store visits? Or, do you want your overall revenue to grow by a certain amount? Before launching your campaign, make sure you have a clear goal as well as a plan for measuring whether or not you meet your goal. Most digital marketers will judge the success of a campaign by online events, such as site visits, form completions, or online purchases. However, you may also want to measure offline metrics like phone calls or in person visits to a brick and mortar store. Offline metrics are essential to campaign performance, but are frequently over looked. Experian’s OmniActivation Strategic Services recommends having one clear goal that can be accurately measured. This ensures your campaign’s target audience and optimizations support the metric that will ultimately determine the success of your campaign.
Every day it seems, mobile device fragmentation increases. With consumers spending their time online across multiple devices – phones, tablets, over-the-top TV devices, gaming consoles, a nascent, yet growing internet-of-things, and a variety of other internet connected devices – the challenge of keeping up with consumers continues to be a daunting one. The industry has, of course, adopted many different identity solutions and cross-device technologies. Perhaps you’ve adopted some of them. Perhaps you feel like they are working. But perhaps you feel you could be doing a better job at connecting the dots. Marketers require solutions that can truly unify identities across channels and devices in order to understand consumer behavior, predict intent, and ultimately reach them with relevant communications. The easier it is to do that, the better. So, consider a couple scenarios and see how well are you doing. Within your core CRM data, are you able to connect your email subscribers to your in-store customers, all without relying on a loyalty program? Can you do this all the way down to an individual level? And are you leveraging this connected identity information to inform future online targeting? This kind of PII-based identity management is foundational to consumer engagement! Next scenario. Are you an app publisher? Or a media platform? Or any other type of organization that has a steady stream of device data? How much do you know about the consumer behind the device? Behavioral information is certainly a step in the right direction. But what about known consumer insights? How deep is the profile of information you’ve built for each device? Does it include both online and offline insights? Done in a compliant manner? There are a myriad of different techniques and approaches available to you to keep up with consumers. If you’re considering implementing a new strategy in the near future, or have questions about your current ones, contact Experian and we can help assess the opportunities available to you.