Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
The Tapad Device Graph™ increases Throtle’s amplification by 475 percent. NEW YORK, Nov. 1, 2017 /PRNewswire/ — Tapad, now a part of Experian, the leader in cross-device marketing technology, today announced a partnership with Throtle, a leading data onboarding company. The Tapad Device Graph™ will enhance Throtle's best-in-class onboarding capabilities by providing accurate and privacy-safe cross-device reach as well as precise audiences at scale. In partnership with Tapad, Throtle will deterministically link its services to a corroborated individual with hundreds of targeting attributes. This linkage allows Throtle to offer true cross-device identity management and identity resolution services to accompany its robust onboarding capabilities. Throtle will also work with Tapad to validate its device graph, building larger, more comprehensive audience segments. To date, the Tapad Device Graph™ has connected 61 percent of Throtle IDs to related ones in the graph, with an average amplification rate of 475 percent for Throtle's IDs, or 4.8 new IDs per each of Throtle's. Throtle has also seen its overall match rates involving Tapad's identity insights rise an average of 15 percent since the inception of the partnership. More specifically, Tapad's mobile advertising IDs (MAIDs) have increased Throtle's in-app identity inventory by 35 percent. "Tapad has proven to be a trusted source for cross-device matching and has a tremendous reputation in the advertising and marketing technology industries for delivering superior precision and scale with the utmost dedication to privacy," says Paul Chachko, CEO, Throtle. "Since we first began our test phase, and continuing through to this day, Tapad has met and exceeded our expectations for what a partner should be." With Tapad's strong commitment to precision and accuracy, Throtle was confident that this partnership would prove to be the right choice for the strategic expansion of its platform. Not only does Tapad deliver in-depth insights, parsing deterministic from probabilistic linkages, but its pool of device-level touchpoints enables Throtle to increase scale without seeing a decline in precision. "Accuracy and precision are core characteristics of our proprietary Device Graph," explains Chris Feo, SVP, Strategy & Global Partnerships, Tapad. "When Throtle approached our team, we knew we would be the right partner to assist their leading onboarding technology. We're excited to work with Throtle to achieve cross-device reach, audience scale and precise deterministic and probabilistic linkages for its clients." For more information about the Tapad Device Graph™, or to request a demo, visit https://www.experian.com/marketing/consumer-sync About TapadTapad Inc. is a marketing technology company renowned for its breakthrough, unified, cross-device solutions. The company's signature Tapad Device Graph™ connects millions of consumers across billions of devices. The world's largest brands and most effective marketers entrust Tapad to provide an accurate, privacy-conscious, and unified approach to connecting with consumers across screens. In 2015, Tapad began licensing the Tapad Device Graph™ and swiftly became the established gold-standard throughout the ad tech ecosystem. Tapad is based in New York and has offices in Boston, Chicago, Dallas, Detroit, London, Los Angeles, Miami, Oslo, San Francisco, Singapore, and Tokyo. Tapad's numerous awards include: Forbes' Most Promising Companies, Deloitte's Technology Fast 500, Crain's Fast 50, TMCnet Tech Culture Award, and Global Startup Award's "Startup Founder of the Year". In 2016, Tapad was acquired by the Telenor Group, one of the world's largest mobile operators. About ThrotleThrotle is a data onboarding company focused on deterministic matching and identity resolution, empowering brands with true individual-based marketing. Our data centric onboarding approach guarantees the highest level of accuracy, scale, and responsiveness for our clients. For more information on Throtle, please visit, throtle.io. Contact us today!
Autotrader leverages The Tapad Device GraphTM to achieve higher performance and reach new audiences across all devices New York, NY – September 6, 2017 – Tapad, the leader in cross-device marketing technology and now a part of Experian, today revealed findings from a campaign conducted with Autotrader which connects with more actual car buyers than any other third-party listing site.* Autotrader’s premium audience, combined with the Tapad Device GraphTM, delivered significant audience extension across desktop, mobile, and tablet to drive awareness and maximize both reach and delivery across screens. To help analyze shopping behaviors across multiple devices, the global automotive brand for this campaign turned to Autotrader and Tapad, who created a cross-device pre-roll video strategy with a focus on viewability, concentrating on potential customers already searching for vehicles. By using a one-to-one connection, instead of look-alike modeling, Tapad also ensured that the automotive brand discovered only new consumers across all of their devices. This approach discovered a new potential audience of more than 14 million consumers, eliminated communication waste and the risk of duplicates, increased overall performance, and ensured more of their campaign dollars reached meaningful audiences. Overall, this case study represents a leap forward in terms of audience-based targeting and the highly-sought after multi-touch attribution modeling. “We really enjoy working with the team at Tapad to help execute our Audience Extension campaigns”, said Lynne Green, product manager at Autotrader. “Their ability to meet the demands of an ever-changing industry, as well as their dependable customer service has allowed us to confidently deliver against our unique in-market automotive audience and provide our clients ongoing messaging opportunities to our audience beyond Autotrader.com.” “How identity relates to conversion behavior is a complex part of any advertising campaign,” said Jeff Kelosky, RVP and head of global automotive at Tapad. “After identifying auto consumer’s behavioral patterns and device usage while shopping for vehicles, we knew we could successfully help Autotrader and its automotive brand clients maximize campaign viewability and drive results.” To learn more about using Audience Extension with Autotrader, click here. For more about the Tapad Device GraphTM, or to request a demo, visit https://www.experian.com/marketing/consumer-sync Contact us today!
With campaigns applied to seven major holding companies, Tapad continues to see healthy adoption with The Trade Desk clients NEW YORK, NY – August 23, 2017 – Tapad, now a part of Experian, the leader in cross-device marketing technology, today announced its ongoing momentum with The Trade Desk, Inc. (Nasdaq: TTD), a global technology platform for buyers of advertising. Tapad is providing cross-device segments from the groundbreaking Tapad Device GraphTM through The Trade Desk’s platform. Since 2015, Tapad has seen steady growth in the use of its cross-device data across The Trade Desk platform. This forward progress continues, as 1H2017 saw important milestones for Tapad. Seven major private and independent holding companies now apply Tapad’s data to their campaigns, in addition to more than 1,500 unique brands. Tapad’s proprietary Device GraphTM connects billions of devices, providing unified and insightful data for brands, agencies, and marketers across the globe. Several of these clients, representing varying industries from financial, to auto, CPG and retail, apply Tapad’s data across a number of key tactics and strategies, including: first party CRM extension, third party audience extension, cross-device retargeting, cross-device frequency management, and more. Clients in these verticals continue to rely on Tapad’s cross-device data, as Tapad saw the amount of usage by financial and retail clients grow by four times over the past year, and double for automotive and CPG clients. “We are pleased to offer our clients access to Tapad’s device graph”, said David Danziger, VP of Data Partnerships, The Trade Desk. “Their cross-device identification capabilities have been a powerful addition to our omnichannel platform.” “This integration is a shining example of the amplifying effect of two of the best platforms working together,” said Chris Feo, SVP of Global Partnerships at Tapad. "Clients leveraging Tapad's Device Graph in The Trade Desk platform have the potential to see higher returns and reach with access to substantial cross-device data, as well as a very effective media platform." Contact us today!