Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Five Norwegian startups selected to establish U.S. presence NEW YORK, Aug. 15, 2016 /PRNewswire/ — Tapad, the leader in cross-device marketing technology and now a part of Experian, has announced its new entrepreneurial mentorship initiative, the Propeller Program. Five early-stage startups from Norway have been chosen by Are Traasdahl, native of Norway and Tapad’s CEO and founder. The selected companies will share Tapad’s New York City workspace, receive C-level guidance and help establish a U.S. presence. The following companies have been selected to participate in the inaugural Propeller Program – a 12-month program beginning September 19, 2016: Bubbly – Developers of a platform that enables in-store customer feedback with dashboards and tools that facilitate real-time store response BylineMe – A marketplace for freelancers, publishers and brands to connect for content creation and distribution services Eventum – A property-sharing group that digitally assists in securing venues for meetings and corporate events Socius – A content provider for publishers to tell stories using social media Xeneta – A database that organizes the best contracted freight rates in real time and on demand “We are supporting startups that we feel represent the future of service offerings,” said Traasdahl. “It is with incredible pride that we invite these entrepreneurial teams from Norway to join us in New York Citythis year. Mentorship opportunities for early-stage companies are so important, particularly for those based outside the U.S. I look forward to giving the Propeller Program participants access to the expertise of my seasoned team and to our wide network of resources. Hopefully, it will be a game-changing year for many of them.” Contact us today!
As partnership deals mount, aggressive hiring underway for unified cross-screen technology leaders NEW YORK, July 19, 2016 /PRNewswire/ — Tapad, the leader in cross-device marketing technology and now a part of Experian, has announced plans for aggressive expansion in the Asia Pacific (APAC) region. This move capitalizes on Tapad's exceptional performance for brands and marketing technology companies in North America and Europe. With it's proprietary Tapad Device Graph™, the company will enable global, regional and local clients and partners to understand, monetize and measure marketing to users across screens. The Tapad Device Graph is recognized as the most accurate, scalable cross-screen solution in the market today. The decision to expand into APAC was based on increased demand from global, as well as local, brands and clients, many of which have a strong market presence throughout the region. In addition to expanding its roster of world-class data partners, plans include building a world-class team in Singapore. Over the next few months, Tapad APAC will also establish local entities in additional markets. To accelerate its ramp-up, Tapad APAC is actively recruiting in many areas, ranging from skilled and experienced solutions engineers to seasoned sales and marketing professionals. "Tapad is thrilled to be answering the call for cross-device excellence in APAC," said Pierre Martensson, GM of Tapad APAC. "Our Device Graph is adding millions of devices daily and achieves unmatched levels of scale and accuracy while protecting consumer privacy. This meets a critical need in the region." Tapad appointed Martensson as General Manager of Tapad APAC in May, kicking off expansion in the region. Martensson comes to Tapad with nearly a decade of operations experience throughout APAC, having transformed, developed and grown global organizations. To learn more about partnership and employment opportunities available with Tapad in APAC, visit www.experian.com/careers. Contact us today!
Combined technology gives marketers an enhanced view of the customer for improved planning, targeting and optimization NEW YORK, July 12, 2016/PR Newswire/ - Tapad, the leader in cross-device marketing technology and now a part of Experian, today announced a partnership with Conversion Logic, the martech industry's most accurate unified marketing attribution provider. Conversion Logic will incorporate unified cross-screen data from Tapad's Device Graph™ to identify related devices and media exposures to enhance reporting on the path to conversion. By connecting Conversion Logic's proprietary Ensemble Method, which combines numerous state-of-the-art machine learning algorithms, tuned for each customer use-case for the most accurate results, with Tapad's unified, cross-device technology, marketers will benefit from a highly scientific approach to assessing advertising effectiveness with full, comprehensive customer insights. Linking these technologies will increase marketers' real-time ability to optimize brands' marketing channel spend and creative at a more granular level. During the past six months, Tapad has rapidly grown its data business, doubling the number of companies integrating the Device Graph™ into their platforms and growing the annualized revenue run rate by 210%. Tapad's highly scalable, cross-device data has been confirmed by Nielsen to be very precise. Tapad augments platforms' and publishers' tech stacks with additional scale and relevancy, granting advertisers amplified targeting and analysis options. The growth of the Device GraphTM has allowed Tapad to provide a growing network that benefits all partners with more efficient, effective consumer engagement. "Combining highly accurate data from Tapad with our own user ID technology and understanding how devices may be related at an individual level provides additional visibility into the path to conversion," said Alison Lohse, COO and co-founder of Conversion Logic. "The more we know about the customer journey, the more effective, efficient and customized marketers can be with marketing efforts. With Tapad, we have achieved a unified customer view that helps us piece together the purchase journey while preserving proven accuracy." "Conversion Logic's Ensemble Method delivers singularly customized and precise results that are not just accurate, but actionable," said Dave Fall, COO of Tapad. "The combination of powerful technology and a user-friendly interface, plus Tapad's ability to only consider relevant and scalable components in the marketplace, creates a more concentrated and beneficial environment for both its partners and clients." Contact us today!