Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
As marketers, we all want to better leverage data to understand our customer and provide them with the best possible experience. It not only better serves our clients, but is ultimately more profitable for the company. But most of us struggle with large volumes of data, with no idea how to best use it. There are many factors that play into this problem. For most organizations, data is spread out across multiple systems with no consistent data management strategy. That means that as marketers, when we get the data, it comes in a wide variety of forms. The standardization could be different, customers could be missing certain record fields, purchase history could be divided into different accounts…you get the picture. This disparity makes it difficult for us to get any sort of insight from the information. How can we leverage data if it is inaccurate, incomplete and not accessible? Experian Data Quality recently completed a survey of over 250 chief information officers (CIOs) and found that they too are struggling to leverage data. Four out of five see data as a valuable asset that is not being fully utilized within the organization. In speaking with the CIOs, some of the biggest challenges aren’t just about technology, but rather organizational structure and company culture. Sixty-eight percent of CIOs struggle to find stakeholders who take anything other than a siloed view of data management. In addition, 70 percent of respondents say they struggle to implement data-driven decision making because no one seems to own the process. To improve data insight, organizations need to improve the structure around data management. This is where the chief data officer (CDO) comes into play. The chief data officer is a growing c-suite position that is getting more and more popular. Most of the CIOs we spoke with that had a CDO said the role had only been created in the last six months. The reasons companies are looking to put a CDO in place are all related to improving access and insight from data. CDOs are there to: Reduce risk around data-driven projects Curb costs from poor quality data Handle increasing data governance pressures As this role continues to grow, it is going to have a big impact not only on marketing, but also the organization as a whole. With that in mind, join us for a webinar on Tuesday, August 18th at 2 PM EST to talk about the emergence of the chief data officer. We’ll discuss data as an untapped resource, how the role is changing organizations and how to ensure your organization is ready for the shift that this new role brings. Register today!
There is much to be said about the differences between college-age consumers (19- to 21-year-olds) today and their counterparts five years ago. As many marketers recognize, young-adult consumers cannot be targeted based solely on generalizations and assumptions. To accurately and respectfully capitalize on this segment’s buying power, marketers need to understand how their spending patterns have changed in recent years and how to earn a slice of the group’s spend. Accounting for inflation, 19- to 21-year-olds are making more money than young adults did five years ago. Their pay has increased by 20 percent, and, interestingly, their spending has increased by 30 percent. So where are they spending this money? 1. Dressing for success According to Census Area Projected Estimates (CAPE) of expenditure data from Experian Marketing Services, both men and women in this age group are filling their closets with about 35 percent more professional attire — shoes included. This has brought 2015’s average spend up to $22,859 per year per household for college-age women and $11,196 per household for college-age men. This rise in spending on professional wardrobe could be attributed to more professional entry-level job expectations or a possible shift in technical trade positions to business professional positions. CAPE data also reveals a 70 percent increase in memberships to networking and recreational clubs. This increasingly professional outlook among college age consumers requires confidence and the right ensemble to proclaim success. Key takeaway: Position products and services to appeal to this career-minded consumer who is aiming to look the part. 2. “Go with the flow” What kinds of messages resonate with these individuals? According to TrueTouchSM data from Experian, college-age consumers can be best engaged when marketers appeal to them using a “Go with the flow” marketing message. “Go with the flow” has consistently ranked as the top motivating marketing message for college-age individuals in the study. The second and third most resonating marketing messages for this market are “Never show up empty handed” and “Work hard, play hard.” “Go with the flow” means this market has a live-and-let-live outlook on life. Brands who employ a similar outlook, don’t take themselves too seriously and extend no-risk offers may have a better chance to engage this cohort. Key takeaway: If marketers tailor messages around these motivating philosophies, they may have a better chance of earning this market’s business. 3. Offline entertainment For marketers in the retail industry, particularly those with clothing or supplies fit for the outdoors, be aware that this cohort of 19-21 year olds are visiting outdoor apparel and supplies sections more often than they did five years ago. In fact, they are spending 37 percent more on luggage and travel than the same age group 5 years ago. According to the same Experian CAPE study, renting RV’s and increasing spend on camping and winter sports equipment are expenditures getting more attention from college-age consumers this year. Key takeaway: Despite being pegged as a technology-first generation, this cohort also enjoys going “off the grid.” Even if you aren’t selling outdoorsy equipment, be aware that there is more to this age group than smartphones and Netflix. Combine the “go with the flow” attitude with their sense of adventure to better cater your messages to these consumers. A lot has changed in five years. Marketers trying to engage college-age consumers need to understand how spending habits (and motivations) are changing in order to provide the most relevant brand experiences and capture this hard-to-pin-down market. To see how Experian Marketing Services’ rich consumer data can help you profile your best customers, visit our website.
Data may not be the most glamorous aspect of marketing but it is at the heart creating meaningful consumer interactions in today’s data-driven world. In our award-winning, annual Digital Marketer Report we asked senior leaders about their top challenges and priorities. They said things like standing out against competitors, creating relevant interactions and customer acquisition. To my surprise, they didn’t say data. However, all the top challenges and priorities are predicated on having accurate, enriched data that is linked together in a central location for a complete customer view. The sobering fact is that most brands are not there yet. Most are not fully utilizing their data assets and maximizing their marketing intelligence. Take a look at these stats from the Digital Marketer Report to get an idea of where most brands are with data management practices. Overall, 45% of companies collect data via mobile – be it a mobile website, app or both TWEET THIS! 97% of companies suffer from common data errors. 61% of companies named human error as a top reason for data inaccuracies. TWEET THIS! On average globally, companies believe that 23% of their budget is wasted annually due to poor data quality. TWEET THIS! Today, only 35% of companies manage their data centrally through a single director. TWEET THIS! 99% of companies believe achieving a single customer view is important to their business. Only 24% of companies say they have a single customer view today. TWEET THIS! 29% of marketers who enrich their data with third-party data only add one type of data. TWEET THIS! One-quarter of marketers don’t enrich their data with any kind of third-party data. TWEET THIS! It’s important for marketing leaders to understand that they first need to focus on data and creating a customer-centric organization to support good data-management practices. Only then will they be able to reach their goals.