Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
As my colleague Jake Davis and I were planning this blog post, we had a lengthy conversation about what we were going to focus on. If you’ve experienced even one holiday season as a digital marketer, you know there’s a ton of crucial decisions to be made about your Q4 digital endeavors. Some of our clients have been planning since the end of the summer for “prime time,” and more than a few mentioned that they earn up to 40% of their annual revenue between October and December. Jake and I are both marketers – my perspective is from the strategy and planning angle, while Jake is The Man when it comes to data and analysis. Together, we make each other better by challenging each other’s ideas and perceptions. We think this blog post captures the best of both of our perspectives. Ultimately, there are a lot of variables at play all year long, but making smart decisions about creative, segmentation, deployment time, content, etc. carries a lot more weight as you close out Q4. I am interested in volume trends and thematic changes through the holiday season; because I believe marketers truly want to be proactive about crafting their holiday plans. In the real world, however, the calendar is a living document and a moving target – if a brand is not hitting its projections, course correction at the 11th hour can happen. Our goal is to ensure that type of recalibration is more the exception than the rule (and to give you some pointers even if you find the calendar is more of a guide than a concrete plan). Jake and our analytics team do some of their most innovative analysis annually, after the holiday season. That analysis of the 2015 holiday season, along with projected trends and industry developments, is what we are using to help frame this particular piece of thought leadership. With that being said, here are four charts and some explanations that can help you win by December 31st: 1. Peak Days Black Friday and Cyber Monday still have a hold on the public’s attention and wallet, even with promotions that began at the end of October. Factor in mobile shopping, and Cyber Monday in particular could be especially lucrative: mobile first consumers are ready, willing and even more able to make purchases from virtually anywhere, not just in front of their computers or tablets. But expect a decline in email marketing effectiveness from the year before…for all of the same reasons it will be so lucrative elsewhere. 2. Send size matters Batch and blast is probably here to stay, no matter how much we preach about the long-term benefits of smaller, targeted campaigns. Even the savviest marketers will resort to some large sends this holiday season, so when you do, it will serve you well to remember this maxim: volume is negatively correlated with email KPIs. Your send size might be the only reason you see a decline in your open rate – and that’s just math! 3. Animation: a key to unlocking engagement Animation has been around for a while now, but that doesn’t mean it’s any less effective. Last holiday season, mailings that included animation were clicked on 30% more than expected based on other trends. While that might because only the best mailings get this treatment, expect animation to get your customers moving. 4. Free shipping Free shipping was the most popular offer in 2015, although slightly less effective than 2014. As recent news about an increase in shipping rates reaches consumers, free shipping could prove to be even more compelling than past years. On the other hand, marketers that offer free shipping may see their bottom line affected (so prepare for Free Shipping with higher qualifiers, and remind your consumers about all the other great benefits they’ll receive by shopping with your brand). As with last year, our ultimate take-aways included the strong Jake and Liz approved suggestion to look at performance from your digital channels in a holistic sense. How have you been communicating with your customers the entire year? Is your website mobile optimized? Is your content personalized and relevant? Are you targeting the right audience? Are you using browse and abandon behavior to send triggered emails and make product recommendations? Most importantly, do you understand the context in which you’re deploying your email? It’s a competitive world out there, and most everyone has the same tricks up their sleeves. Be creative and daring when thinking of what minor innovations could prove major to your bottom line. While the charts above describe holiday 2015 (and rest assured, they will likely describe holiday 2016), it’s the tiny variations – the curious interpretations – that will drive your program forward. And when you’re struggling to come up with that variation? We’re here to help. Read more analytics posts here.
NEW YORK, Nov. 29, 2016 /PRNewswire/ — For the second consecutive year, Tapad, part of Experian, has been listed among Deloitte's Technology Fast 500™, a ranking of the 500 fastest-growing technology, media, telecommunications, life sciences and energy tech companies in North America. Tapad, number 147 on the 2016 Deloitte list, is the leading provider of unified, cross-device marketing technology solutions. "It is an honor to once again be recognized by Deloitte for our growth and momentum, particularly given the stature of the other technology companies on the list," said Are Traasdahl, founder and CEO of Tapad. "Our product innovation, particularly in TV analytics and measurement, is a major contributor to our progress. I'm extremely proud of our hard-working, talented team for continually executing at such a high level." "Today, when every organization can be a tech company, the most effective businesses not only foster the courage to explore change, but also encourage creativity in using and applying existing assets in new ways, as resourcefully as possible," said Sandra Shirai, principal, Deloitte Consulting LLP and U.S. technology, media and telecommunications industry leader. "This ingenious approach to innovation calls for the encouragement of curiosity and collaboration both within and outside the office walls." "This year's Fast 500 winners showcase that when organizations are open to diverse perspectives and insights, they are able to create an environment for their employees and customers to see the possibilities and ingenious solutions that might lie ahead," added Jim Atwell, national managing partner of the emerging growth company practice, Deloitte & Touche LLP. "Entrepreneurial environments foster change and innovation within businesses, and we look forward to watching these companies continue to drive change across all sectors." Contact us today
Distribution via LiveRamp enables seamless cross-device customer experiences through more platforms NEW YORK, Nov. 15, 2016 /PRNewswire/ — Tapad, now part of Experian and the leading provider of unified cross-device marketing technology solutions, today announced an expanded partnership with LiveRamp™, an Acxiom® company and leading provider of omnichannel identity resolution, to make the proprietary Tapad Device Graph™ accessible beyond Tapad-hosted direct integrations. Through LiveRamp, Tapad's Device Graph Access now extends to more than 400 ad tech and mar tech platforms. Tapad's Device Graph™ enables marketers to understand, monetize and measure consumer engagement across all digital channels, and Tapad's unified consumer view is recognized as one of the most accurate, scalable cross-device solutions in the market today. Through the expanded partnership with LiveRamp, the Tapad Device Graph can be distributed to the hundreds of platforms used to reach consumers on digital channels and measure campaign performance – even as devices are added daily to Tapad's extensive graph. "Increasingly, marketers want access to cross-device targeting and measurement capabilities within their preferred platforms," said Anneka Gupta, chief product officer of LiveRamp. "Our expanded partnership makes it easy for marketers to access Tapad's graph through the rapidly growing set of integrations available in our partner ecosystem." This is the latest of several initiatives between the two technology platforms designed to make the integration of cross-screen platforms seamless, privacy-safe and easy to use for dynamic and engaging marketing efforts. "During the past year, Tapad has expanded its global presence and rapidly grown its data business – Tapad Coral – doubling the number of companies integrating our device graph into their platforms and growing our annualized run rate by 210%," said Pierre Martensson, GM of Tapad Coral and APAC. "Our expanded partnership with LiveRamp positions us to meet the increased demand for Tapad Device Graph Access and enable new platforms to apply our graph with unprecedented speed." Connect with us today to get started