Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Before we get to the gift guides, here’s a brief update on the hottest products from the week including Cyber Monday. This week’s biggest movers and new additions to the list are a clear sign that Christmas is upon us. “Star Shower,” a laser light that bathes your house in festive lights without having to untangle cords, jumped to second place, up 49 rank points from the week prior. Likewise, the return of “Elf on the Shelf” to the hot products list coincides with his return to the homes of children nationwide. Otherwise, things seems to have stabilized with Fitbit showing no signs of falling from first place and Pie Face game being this year’s sensation. Toys Shopkins remains the toy to beat this season followed by Pie Face game, which remained in second place after skyrocketing interest during the week of Thanksgiving. Toys new to the top 10 this week include some old favorites like the Easy Bake Oven and Paw Patrol toys as well as the new entrant Glammin Salon Vanity. Keep checking back each week for the latest hot toys. This chart shows the 10 most searched for toys and games based on search clicks to Toys “R” Us – USA. Gift guide insight When it comes to buying presents for the holidays, some individuals are easy to shop for while others require a bit of inspiration. And when consumers need inspiration, consumers turn to the Web. Searches for “gifts for,” “gift guide” and “gift ideas” grow increasingly common as we get closer and closer to Christmas with peak search activity around this topic typically observed during the last full week before Christmas, which this year would be the week ending Saturday December 19th. Some of the most common gift recipients mentioned in gift guide-related searches are: “men,” “guys,” “her,” “mom,” “dad” and “girlfriend.” But shoppers are also frequently looking for suggestions on the perfect gift for someone very specific interests, such as “hunters,” “gamers” and “beer lovers” as well as specific types of gifts, like “tech” or “personalized.” The following gift guide insights, derived using our new AudienceView platform, were designed to highlight for you, as a marketer, the interests and preferences of key consumer segments so that you can more effectively tailor your campaigns to be more relevant and engaging. But if it also helps you, as a consumer, come up with the perfect gift for that hard-to-shop-for person in your life, then even better! Each gift guide contains a representative mix of search terms that were performed at above average rates by each audience segment during the four weeks ending November 28, 2015. They include a mix of product and retail brands and provide a good idea of the interests, style preferences and lifestyles of each audience. Learn more about how AudienceView can deliver unparalleled insights into your consumer audience so that you can deliver a better brand experience.
It’s October, and you know what that means; leaves are changing, sweaters are being pulled out of the closet, pumpkin-flavored items are taking over coffee shops. For many marketers, this is the most exciting (and stressful) part of the year. Holiday marketing is ramping up, and it will only increase in intensity as the weeks go on. Luckily, we’re hard at work here at Experian, analyzing data from past holiday seasons to bring you the insights you need to make your holiday marketing programs successful. We’ve examined search and email behavior to compile a list of the most important days to email and trends that will help you delight your customers from now until the New Year. You can access all of these insights in our Holiday 2015 Marketing Insights Calendar, which covers marketing trends from October through December. Holiday marketing tips for October With Halloween fast approaching at the end of the month (and Thanksgiving/Black Friday/Cyber Monday not far behind), marketers should use October to solidify their plan for the holiday season. Here are three things you can do to optimize your impact this month: 3 ways to optimize your holiday marketing programs in October Target reactivation campaigns to last year’s holiday-only shoppers to maximize active subscribers this season Perform a data cleanse and email verification to ensure message delivery. List health is key to a successful holiday season, and now is the time to double check. Consider offering Halloween-specific products for the little ones. Costumes for newborns and toddlers are on the rise, so don’t forget about the youngsters! Want more holiday marketing insights? Don’t miss our upcoming webinar, Check your list twice: Last-minute marketing strategies for the holiday season.
Remember when email took the world by storm, replacing a significant portion of “snail mail”? The shift didn’t happen overnight; it took time for the public to understand, trust and embrace the new technology. Advances in digital marketing may move quickly, but we in the industry cannot expect to change user behavior overnight. Consider that email has traditionally been a “one click” or “single action” environment. When a new idea such as kinetic email challenges this convention, there are ways to effectively strategize its use in your campaigns and properly introduce its features to your audience. Kinetic email – the evolution of responsive design You may have heard the energetic term “kinetic” being bounced around – appropriate since movement is the main idea behind this advancement in email communication. But to fully understand its appeal, we need to look back at another technological breakthrough. Once the mobile boom occurred a few years ago, email designers saw the writing on the wall – or perhaps we should say “on the screen” – and responsive design was born. It was finally possible for content and layout to resize to the screen of the device on which it was viewed. In designing those layouts for mobile screen sizes by manipulating the CSS, developers eventually discovered that content in the email could be interactive and dynamic. This capability was coined “kinetic.” Kinetic email design acts as the next stage of responsive, giving the user multiple ways to interact with the content and layout before he or she takes a committed action. Why is it desirable? Studies in user behavior tell us that the average viewer spends 3-15 seconds looking at an email communication, with the average Apple user spending even less – only 0-3 seconds. Obviously, there’s a huge advantage in holding someone’s attention, and if used cleverly, kinetic design can help in that regard. It can also remove steps to purchase because they’re being completed within the email rather than on the website. Within the email, subscribers may be able to view color and size choices, or choose between perks such as free shipping or a percentage off their order (we’ll dig deeper into those possibilities in a follow up blog post). This creates a more interactive atmosphere, and that’s a good thing. Still, you must bear in mind that too many steps provided by kinetic design can be overkill. You don’t want to add more work for the viewer; complicating what was once a simple action can turn off your audience, so be smart about its application. Does it make sense for your brand? The key is to determine whether or not kinetic capabilities complement your brand. What do you offer? Who is your customer base? Remember, an email marketer needs the user to interact with the email; they won’t just hover or toggle instinctively. Will your customers stick around to watch, explore or play? Carefully consider products/images/topics that will offer an engaging experience. It has to result in more than just a “wow” response; in needs to encourage transactions. It can also be difficult to predict response since this sort of breakthrough is likely more exciting to those of us on the development side than it is to the end consumer. To prepare your customers for the novelty of kinetic email, you could notify them in advance. However, a smarter way to approach the introduction might be through the use of simplified tabs and navigation. Too many options would start to look like a full blown site – unnecessary. Is kinetic email the future? It’s a bold innovation for sure, but it’s still too early to determine its value to email marketers. To be truly valuable, it must consistently get people interested in making a selection – and a carousel of pretty pictures only goes so far. A savvy email marketer knows that flashy functionality can be an attention-getter, but it must be used when and where it makes sense. Aim for a smarter execution to make the most of a kinetic set up. Want to learn more about the latest trends in email design? Watch the video recording from our recent webinar, Digital Eye Candy: Email Creative Strategies that Wow!