Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Ensure you understand privacy compliance pitfalls with special attention on shopping cart abandonment emails.
Partnership combines customer connections and cross-device scale to deliver more strategic customer insights NEW YORK AND CHICAGO — March 16, 2017 — Signal, the global leader in customer identity, today announced a partnership with Tapad, now part of Experian and the leading provider of unified, cross-screen marketing technology solutions. This global integration extends device connectivity for Signal’s clients across North America, APAC and EMEA by leveraging Tapad’s proprietary Device GraphTM. With Signal’s Customer Identity Solution, brands benefit from more visibility of known customers, lower costs to reach those customers and decreased expenses and data loss that often results from using multiple vendors. Integrating with Tapad’s Device Graph, which connects billions of devices, enables Signal clients to build an even broader view of their known customers across multiple devices. This integration combines Signal’s customer identity scale with Tapad’s device scale to expand the reach of addressable media channels and enhance customer journey insights across touchpoints. Tapad and Signal were able to drive incremental device connections for more than 65 percent of customer profiles, linking an average of 6.8 browsers and devices per customer. With this combined data set, Signal clients can expand their authenticated view of a customer to all associated devices and realize more strategic insights into their high-value users. The partnership also allows Signal’s clients to integrate in real-time with Tapad’s media platform, Unify. This proprietary technology enables advertisers to make real-time activation and buying decisions with maximum scale, as well as automated reporting and measurement. “Continuously recognizing customers across devices instantly and in a privacy-safe way is essential for marketers to stay competitive,” said Marc Kiven, founder and CRO of Signal. “We are thrilled to enter this unique, global partnership with Tapad, enabling our clients to access their technology and more effectively reach customers in real-time and at scale.” “Being able to leverage a persistent view of customer connections across devices is a huge challenge for brands,” said Pierre Martensson, SVP and GM of Tapad’s global data division. “With Tapad, Signal is now able to connect with the billions of existing data points in our device graph to help clients better understand customer behavior and realize even stronger customer engagement.” Contact us today
Early successes include revenue increases, global partnerships and fundraising NEW YORK, March 16, 2017 /PRNewswire/ — Tapad's entrepreneurial mentorship initiative, the Propeller Program, has seen extremely positive results since it began in September 2016. The five early-stage startups selected from Norway have gained momentum in establishing a U.S. presence. Tapad, now a part of Experian, is the leader in unified cross-device marketing technology. The company was acquired by the Telenor Group in 2016. Among the successes within Propeller: Xeneta, the leading ocean freight price comparison platform and contracted rate database, has raised an additional $12M in funding since beginning the Propeller Program. Before the end of 2016, the company had exceeded its revenue expectations by nearly 30 percent, proving the European-focused business could succeed in the American market. "Aside from directly impacting our revenue, the Propeller Program has provided us with incredible access to a countless number of external resources, including subject matter experts from the fields of fundraising, public speaking, corporate structuring and immigration law," said William Di Ieso, GM of North America for Xeneta. "We remain extremely grateful for the opportunity and exposure the program has provided for Xeneta." Bubbly, an in-store real-time engagement tool for non-buyers, now has clients on four continents. After only a few months in the U.S. market, Bubbly has signed deals with one major retail brand, one major toy manufacturer and a major global consulting firm. The Propeller Program has also opened doors for greater opportunities in Scandinavia and EMEA. After an introduction to Telenor Group's President and CEO Sigve Brekke, Bubbly is currently piloting its IoT kiosk with the company. "The mentoring sessions have been very valuable and have given us guidance as to how to best enter the U.S. market," said Marianne Haugland Hindsgaul, Bubbly CEO and co-founder. "Learning to do business in the U.S. is not something you can necessarily learn from a book. The most impactful lessons are based on real-world experience, and that is what the Propeller Program has given us." BylineMe, a marketplace for freelancers, publishers and brands to connect for content creation and distribution services, has built an extensive network of potential clients and investors. The company has tested its product in the U.S. market and gained valuable feedback for further development. Eventum, a property-sharing group that digitally assists in securing venues for meetings and corporate events, has closed a seed round of funding for nearly $1M. Eventum has also made key hires in the areas of business development and engineering. Socius, under the influence of Tapad, pivoted into the ad tech space, positioning itself as "a social native ad platform" for digital publishers. The company has attracted top talent to begin building out its U.S. business development and sales divisions. As a result, Socius has signed a host of premium publisher partners to validate its exciting new direction. "It is so rewarding to be able to support these Norwegian startups in a meaningful way," said Are Traasdahl, CEO and founder at Tapad. "Mentor relationships are critical for strategic growth, and I am proud to be able to pay forward the experiences I have gained as an entrepreneur. To me, the Propeller Program is a shining example of the magic that can happen when Norwegian innovation meets American opportunity." Contact us today!