Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
This article is an excerpt from Experian Marketing Services’ 2016 Digital Marketer Report. Download the full report to discover more insights and trends for the upcoming year! Support your mobile app with other mobile marketing initiatives Marketers are fascinated by mobile, and for good reason. It’s increasingly the device of choice for consumers. SMS and MMS messages, push notifications and the app inbox all offer marketers the ability to communicate directly with customers in a way that is immediate and friendly. Yet there seems to be an interest gap between developing mobile apps and building other mobile initiatives. In this year’s Digital Marketer Survey, 53 percent of respondents indicated that they plan to integrate a mobile app into their mobile marketing program in 2016, compared with only 40 percent for other mobile programs like SMS or MMS. Without a doubt, well-designed apps can be incredibly useful for building the brand relationship. Good apps focus on improving the customers’ experience by making their lives easier – by tailoring the content to their personal experience or lessening the number of steps it takes for them to perform an action. In service-based industries, apps can alleviate the need for in-store or in-branch services, helping companies become more lean and efficient. For example, consumer bank apps have redesigned the experience of depositing a check or transferring money between accounts, allowing them to cater to their customers’ needs faster and more efficiently than ever possible through a physical teller. That said, mobile apps are also time- and resource-intensive to develop, especially if they are well designed. Other mobile initiatives, like SMS and MMS text messaging programs or mobile wallet, require less investment to create and maintain. Additionally, imagine if every marketer who shared a plan to build an app actually followed through. That would mean a lot of competition for customers’ limited phone space. This is why I find the interest gap fascinating. Mobile apps are useful, but they should be part of a cohesive mobile strategy, supported with other mobile programs like SMS and MMS messaging that are less costly and can serve as an effective alternative for communicating with customers who have push notifications disabled, are inactive users, don’t have compatible phones or simply haven’t downloaded your app. Business needs can dictate mobile marketing strategy This concept is especially important for brands that use the mobile space to communicate service-related or operational messages, such as shipping and delivery notifications, fraud alerts or travel delay notices that require immediacy. These kinds of messages are time-sensitive and valuable. Customers who don’t have your app will benefit from their receipt if you offer it to them via another channel. Of course, it’s important to remember that not every business fits usage of SMS and MMS or app programs. Consider the needs and preferences of your unique customers to determine the need to develop a mobile program. After all, mobile experiences that are not well thought through may be more damaging than beneficial. According to a Google study of smartphone users, 66 percent of consumers will take negative action if a mobile site or app doesn’t satisfy their needs, such as being less likely to return to the site or app (40 percent) or purchase products from the company in the future (28 percent). Ultimately, if you’re investing in a mobile app experience, don’t forget about the power of a complimentary text message strategy. Mobile app marketing and text messages can go hand in hand. Develop an SMS experience that proves the value of your brand in the mobile space. Once you do, your customers and prospects will be more likely to believe in the value of your full app experience.
Cross-screen marketing tech firm, Tapad, drove unified campaign; partnered with Statiq to measure cross-screen impact on in-store visits LONDON, March 8, 2016 /PRNewswire/ — Carat North completed the UK's most comprehensive digital campaign with Tapad, the leader in cross-device marketing technology and now a part of Experian. Coupled with location-based audience data from Statiq, this marks the first time a UK-company has measured the impact of unified, cross-screen campaign on in-store visits. Carat North served display and video ads to grocery shoppers for the leading retailer ASDA from August through October. During the campaign, Tapad utilized Statiq's audience data to measure which users visited a store after being exposed* to the campaign's ad on multiple devices. The digital campaign demonstrated a lift of 59% for in-store visits when users were exposed to ads on three devices over people who were shown an ad only on onescreen. Those who engaged with the ad were also 411% more likely to visit an ASDA store. Of those who were exposed to an ad, 248% were more likely to visit a store. Impressions served to mobile devices saw the highest success rate with an in-store visit lift of 67%. The campaign leveraged Tapad's proprietary technology, The Device Graph™, which Nielsen confirmed Tapad's cross device accuracy to be 91.2%, to serve ads sequentially on connected devices belonging to the same user. CARAT NORTH: "The ability to know which devices belong to our customer, coupled with the ability to deliver the right ad, and right message, wherever they are and on whatever device they're using, has been something this industry has long needed," said Steve Thornton, Digital Account Manager, Carat North. "We're impressed with the results that have come from the work with Tapad and Statiq for this media-first, and look forward to continuing to offer these solutions to clients like ASDA. Matching unified cross-device capabilities with real insights on campaign performance is an invaluable advantage in the marketing world." TAPAD: "This campaign is a perfect example of the capabilities of cross-device advertising," said Are Traasdahl, Founder and CEO, Tapad. "In addition to reaching users across devices, we're able to analyze campaign results and determine how different combinations of ad exposure, creative type or view frequency affected their decision to visit a location." STATIQ: "As a location data specialist, Tapad is our ideal partner – they are an industry leader and by working with them we are able to determine the impact unified messaging has on real world consumer behaviours," said Dean Cussell, Co-Founder of Statiq. "We believe this type of analysis will significantly aid brands in optimising future ad spend." About Carat North Carat North is a leading independent media planning & buying specialist in digital and non-traditional media solutions. Owned by global media group Dentsu Aegis Network, the Carat network is more than 6,700 people in 130 countries worldwide across 170 cities. Carat defined the sector when established as the world's first media independent in 1968 and is now Europe's largest media network, a position held for more than 15 years. For more information visit www.carat.co.uk About Tapad Tapad Inc. is a marketing technology firm renowned for its breakthrough, unified, cross-device solutions. With 91.2% data accuracy confirmed by Nielsen, the company offers the largest in-market opportunity for marketers and technologies to address the ever-evolving reality of media consumption on smartphones, tablets, home computers and smart TVs. Deployed by agency trading desks, publishers and numerous Fortune 500 brands, Tapad provides an accurate, unified approach to connecting with consumers across screens. In 2015, Tapad began aggressively licensing its identity management solution, the Tapad Device Graph™, and swiftly became the established gold-standard throughout the ad tech ecosystem. Tapad is based in New York and has offices in Atlanta, Boston, Chicago, Dallas, Detroit,Frankfurt, London, Los Angeles, Miami, Minneapolis, San Francisco and Toronto. TechCrunch called the powerhouse Tapad team "a hell of a list of entrepreneurs who created some of the most valuable online advertising companies of the last decade." Among Tapad's numerous awards: EY Entrepreneur of The Year (East Coast) 2014, among Forbes' Most Promising Companies two year's running, Deloitte's Technology Fast 500, Crain's Fast 50, Entrepreneur 360, Digiday Signal Award, iMedia ASPY Award, and a MarCom Gold Award. Read the full release here. *Tapad utilized Statiq's audience data to measure which users visited a store during, or within one month of, being exposed to the campaign's ad on multiple devices. Contact us today!
It’s the holiday season! For some, this is the time of year for family, friends and reflection. For the other 97 percent* of us, it’s time to shop! America’s obsession with Black Friday, Cyber Monday and the rest of the holiday shopping season has never been stronger. Or weaker? Or something? All I know is that you should be skeptical of anything you see regarding the Thanksgiving weekend performance. And now, I will tell you about the Thanksgiving weekend performance We’re not discussing revenue in this post. Instead, we’ll dive into the weekend’s email subject lines – more specifically, how “percent off” deals affected email open rates. As everyone knows, Black Friday and Cyber Monday are the days for deals. Juicy “percent off” offers motivate customers to buy, buy, buy. But is the conventional wisdom, that “a deep discount will get people to engage with my brand,” actually right? A few weeks ago, my counterpart in the UK published an analysis of how percentage off discounts influence open rates. Taking the cue from Karl, I wanted to expand this analysis into the U.S. market, paying special attention to Thanksgiving weekend. To begin, I gathered data on a few thousand mailings from our largest retail clients. To determine the baseline expected open rates, I averaged each brand’s performance in the 6 weeks prior to Black Friday. I then analyzed all the mailings sent on Black Friday and Cyber Monday, dividing the subject lines based on the appearance of a percentage off offer. Interestingly, percentage off offers were less prominent than I expected: And when percentages off were present… their values were all over the place: Higher volume doesn’t lead to improved performance Conventional wisdom would suggest that advertising a discount more frequently would lead to better performing discounts. The data, however, doesn’t support that idea. When I looked at volume distribution and relative performance for each advertised discount, I found a relatively strong negative correlation of -0.63. So the more frequently a discount was advertised, the worse it tended to perform. We can see this visually in the chart below: On average, advertising discounts did not significantly improve open rates. What happened? The first thing to note here is the wide spread in the data – some percentage off discounts worked very well! Overall, though, shouting about a discount wasn’t what convinced customers to open emails during the holidays. But maybe it wasn’t just the percentage off discounts that faltered this season – perhaps all opens were down? As you can see in the histogram above – this wasn’t the case. The average mailing not touting a percentage off discount did ever so slightly better than the baseline average. Still, the spread of data is very wide, with a lot of variation in results. It could be that the dispersion of results was a product of each brand’s initial baseline; brands that normally had great engagement would see positive gains for percentage off discounts while brands with poor engagement would see little to negative lifts, or vice versa. But this hypothesis was also proven incorrect, as the relative starting place for each brand versus the discount performances had a correlation approaching zero. No matter which way I sliced it, the performance of discounted subject lines were more or less random. Ultimately, this last point is the most important. The subject line, for all its ubiquity and focus, is probably a lot less influential than we tend to believe. Sure, a subject line can be optimized, carefully crafted to invoke the greatest lift in response possible, but the baseline expected performance is influenced by a much larger conversation – the one between the brand and its customers. If the brand relationship has been cultivated and refined through intelligent interactions and sophisticated targeting, the open rate is likely going to be higher. If every marketing message simply shouts, DISCOUNT, DISCOUNT, DISCOUNT, and there is no larger value-add, engagement probably won’t be great. Advertising a discount in a subject line might really help get people involved – or it might not. So what is the future of the subject line? Are they worth the disproportionate time and energy that marketing organizations tend to spend on them? Or should we recognize that their importance is probably minimal? The truth is, it’s a little bit of both. Subject lines are important – they are the first impression and often the first interaction of the day with a customer. But their importance is likely inversely related to the strength of the brand (the “from” line, if you will). The stronger the relationship is, the less important the subject line becomes. Maybe that’s the ideal – a perfect “from” name, one that tells you more about what’s inside the message than a subject line ever could. *Not a real stat Connect with Jacob Davis, Senior Analyst, on Twitter: @davisj2007.