Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Every organization has first-party data — and first-party data is every organization’s golden goose. But not all organizations understand how to capitalize on its potential. Part of the challenge: With data growing at such an exponential rate, many marketers struggle to sift through the attributes that can inform their next customer interaction. While the abundance of available data can have tremendous value, it can be rendered useless without the know-how to activate it properly. I recently participated in a panel at the AdExchanger Programmatic I/O Conference, where we discussed the nuances of first-party data, as well as how we’ve seen it evolve over the years. One of the many discussion points we came to a consensus on: All marketers need to develop a true data-driven marketing approach. Take stock of all available data Too many marketers lack sufficient knowledge about all the data housed by their organizations. With the sheer volume of data available, marketers need to determine which data points are most useful to their campaigns. Unfortunately, many organizations have decentralized first-party data sets — causing marketers to ask, “Who owns the data?” By breaking down departmental silos, marketers can connect the “data dots” and gain a true view of their evolving customer base. This single customer view leads to more thoughtful customer interactions. Make first-party data scalable The drawback to first-party data is that it is only representative of a brand’s current customer base. But how can brands expand their reach? One trend that has picked up momentum is more marketers are pooling their resources. By engaging in cooperative programs or leveraging third-party data sources, marketers are able to augment what they know about their customers with what other brands and publishers have on file. Now marketers can interact with their customers with relevant messages across more channels and devices. Track the return on investment Marketers leverage their first-party data to inform customer interactions across all channels, including websites, email, customer care centers, mobile apps, etc. But marketers have been challenged in quantifying the return on investment in their marketing efforts. Sure, marketers can rely on low-hanging fruit, such as clicks and impressions, but they need to think beyond these metrics. If marketers can properly activate their first-party data and create personalized communications, they will be able to measure the sales impact — both offline and online — for all campaigns. The power of first-party data knows no bounds. It truly is the gold standard of assets that most organizations carry. It just needs to be developed. If marketers can refine their approach and develop a true data-driven marketing strategy, they can realize the potential of first-party data. And that realization is the first step in the process to marketing success.
Cross-Screen Pioneer Explores the Power of Connected Cars as a Vehicle for Customer Engagement LAS VEGAS, NV — (October 26, 2016) –Kate O’Loughlin, GM of Media for Tapad, addressed the J.D. Power Automotive conference audience today in Las Vegas, NV. With more than 1,400 participants representing every facet of the automotive marketing profession, the conference has become the industry's leading marketing event. Bringing the unified, cross-screen perspective to the stage, O’Loughlin discussed the vital role of connected cars in the consumer engagement process. She is a founding member of Tapad which launched the world’s first cross-screen marketing technology in 2010. Tapad was acquired by the Telenor Group early in 2016. Key points from O’Loughlin’s J.D. Power 2016 address included: The marketers who deliver relevant and engaging content in a privacy-safe setting will be in the strongest position to navigate the proliferation of connected devices, including the connected points in cars. As automakers innovate the technology in cars, marketers need to be prepared for the size and diversity of data available for understanding consumers. It’s going to be increasingly difficult to wade through the data, so now is the time to build a solid framework for understanding the person behind the data. Marketers who evolve — and take a holistic approach — to their campaign measurements will achieve marked improvements in efficiency and an enhanced understanding of their core audiences. Actionable brand engagement metrics like Viewable Exposure Time (VET) will continue to overtake traditional advertising performance metrics. VET evaluates the optimal amount of time an ad is present on a screen to incite consumer action. In early testing by Tapad, campaigns that employ VET see conversion rate performance improvements from 13 to 60%. The consumer-centric technology solutions of the future need to be as scalable as they are affordable. Learn more about Tapads’ recommended Viewable Exposure Time metric contact us today! Contact us
NEW YORK, Sept. 28, 2016 /PRNewswire/ — Tapad, the leader in cross-device marketing technology, today announced a new metric for cross-device marketers, Viewable Exposure Time (VET). Viewable Exposure Time measures across screens and ad formats, identifying the optimal amount of time a consumer spends with an ad before they take action. The announcement coincides with Unify Tech '16, Tapad's third-annual cross-device summit during Advertising Week NY. Frequency caps are currently used to ensure that dollars aren't wasted on redundant ads. Viewable Exposure Time evolves the frequency capping approach to include accelerating a consumer's ad exposure rate up to the optimal time spent with the brand. VET is used in affinity, digital transaction and offline purchase models as a key indicator of marketing budget well-spent. Beta users of VET span every vertical, though interest is especially high from CPG, Automotive, Telecommunications and Retail. Viewable Exposure Time unifies and upgrades marketers' predictors of advertising success by leveraging cross-screen engagement across digital and television, with vendor-agnostic viewability scores for video, rich media and display. "Today's current measurement options, like click-through rate (CTR) and TV gross ratings points (GRP) tell an incomplete story," said Tapad GM of Media Kate O'Loughlin. "Tapad is focused on measuring what really matters to marketers – building an efficient connection with a customer. Innovation in metrics was long overdue." More than just a measurement tool, Tapad also provides clients with VET activation. Factoring in time spent with ads in viewable seconds and minutes, these analytics inform marketers about which audiences are underexposed, enabling them to adjust campaigns and deliver according to optimal viewable exposure time. This effectively increases conversion rates at the lowest cost. Contact us today