Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
As part of our ongoing series which focuses on consumer and marketing trends around major holidays throughout the year, we’ve just released the Father’s Day Hot Sheet. Father’s Day gift-related searches Now that Mother’s Day has come and gone, consumers will be shifting their focus to dad. According to Experian Marketing Services’ Hitwise® online intelligence tool, searches for “Father’s Day” typically start to pop up on Mother’s Day. And searches for “Father’s Day gifts” tend to focus on affordable gift ideas that are personalized, unique and often handmade. In fact, two of the top variations of Father’s Day gift-related searches from 2014 were for “DIY” and “homemade” gifts. While many shoppers wanted the “best” gift for dad, others simply wanted something “cheap” or “last minute.” Finding a gift that dad will appreciate means looking for something that is personalized to him. As such, searches for Father’s Day gifts often contain additional information about the dad or, in many cases, grandpa. Examples commonly used in 2014 were “Christian dad,” “new dads,” “outdoorsy dads” as well dads who are wine or BBQ lovers. While many gift searches include information about the intended recipient, others mention details about the gift-giver or their relationship to the father. Among last year’s variations that included such details, nearly a third focused on gifts that were intended to be given by a “daughter.” Genderless references, such as “kids” or “children” were almost as common. Interestingly, fewer than ten percent were for gifts to be given by a “son.” About a fifth of searches included details about the age of the gift-giver (e.g.: “baby,” “toddler” or “first grader”), while others specified that the gift was to be given by the dad’s wife or girlfriend. Go, go, gadget dad! Gadgets and gizmos are always popular gifts for the techie dad. In fact, during the week immediately preceding Father’s Day last year, visits to Electronics and Appliance websites were up a relative eight percent from two weeks prior. Visits subsequently tapered off the following week. An analysis of search terms driving traffic to the Hitwise Electronics and Appliance industry the week ending June 14 versus May 13, 2014 also sheds some light on the specific items that Father’s Day gift-givers were likely to have been seeking out. Two GPS systems (“Magellan GPS” and “Tom Tom”) were among the top terms that grew search share in the weeks leading into Father’s Day last year. Likewise, “GoPro” appeared in two separate fast growing search terms. Gadgets like these and others listed in the adjacent table may be big gifts for the gadget-loving dad again this year. Gone fishin’ Fishing is a timeless family pastime enjoyed by millions of Americans. According to Experian Marketing Services’ Simmons® National Consumer Study, 28 percent of dads and 26 percent of kids ages six to 17 went fishing last year. As such, it’s no surprise that online searches related to fishing spike over Father’s Day weekend. On the Saturday before Father’s Day in 2014, searches including “fishing” were a relative 28 percent higher than they were the Saturday prior and 64 percent higher than they were the following Saturday. To better understand what kids and dads were seeking out for their fishing plans, Experian Marketing Services conducted an analysis comparing variations of “fishing” searches immediately before Father’s Day last year to those performed two weeks prior. It turns out the word “techniques” was almost 8.6 times more likely to appear in fishing-related searches just before Father’s Day than it was two weeks earlier and “tips” was four times more likely to be used. Likewise, “licenses” was used 2.3 times more frequently, which along with the higher use of “techniques” and “tips” is evidence that many would-be fishermen and women are occasional participants at best. The fact that “charter” and “cabins” were used at higher rates however suggests that other children and/or dads had something in mind beyond a lazy (and likely more affordable) afternoon at the local fishing hole. Gift items, too, like “reels,” “gear” and “tackle” were among those most disproportionately used in searches heading into Father’s Day.
Welcome! Who doesn’t like a warm welcome? Whether your customer is walking into your store or just signed up on your website to receive communications from you, she expects a warm reception. It’s important to make that first impression count. A welcome series helps the conversation open up between the customer and your brand. It sets expectations on the types and cadence of content the customer will receive. Welcome emails also garner 86 percent higher open rates than regular promotional mailings – not too shabby! In a recent webinar, Saks Fifth Avenue shared that they are constantly testing new and current programs to optimize the customer experience. As a result, they discovered that switching from batch-sending welcome emails to sending welcome messages in real time increased open, click and redemption rates significantly. Here’s an example of their welcome series: Saks’ results are consistent with Experian Marketing Services’ welcome email findings which indicate that emails triggered in real time receive up to 10 times the transaction rates and revenue per email vs. those that are batched. A welcome series has also been shown to increase retention by educating customers on new ways to use products and services they’ve purchased from your brand. These emails also can remind customers of the benefits they’ll reap from enrolling in your loyalty programs or credit card. … and welcome back Even if a customer has been welcomed and has interacted with your programs, a day may come when the customer goes silent. Reactivation campaigns are an effective way to get them to re-engage. Naturally, it’s important to target your dormant customers in a variety of channels so you can reach them more effectively. Maybe you’re wondering why I jumped from the warmth of a welcome series right into reality of needing a reactivation campaign. The reason? Marketers need to understand where a customer is in their lifecycle and come full circle with customers if they have parted ways. Marketers can pique the interest of a returning customer by telling them what’s new and reintroducing them to their brand. Carnival® Cruise Lines, for example, sends a welcome-back email that features the newest social networks, offers and deals its customers can take advantage of immediately. At the end of the day, customers expect to receive relevant and engaging messages throughout their entire relationship with a brand. Customer life cycle programs deliver just that. If you’re interested in learning more about welcome campaigns, waitlist/back-in-stock programs and other remarketing strategies, check out our webcast,
In a previous blog entry, Ordering sushi and a lesson in embracing the contextual marketing mindset, I showcased a fictitious scenario that required complex data point integration to pull off. These kinds of programs can seem overwhelming given the three barriers that many organizations face when embarking on their contextual marketing journey: Marketing sophistication A brand’s own conventional mindset and the programs that support it Actionable data Lack of clean and accurate data that prohibits real-time “on the fly” interactions Technology Disparate systems that are unable to link information across repositories, channels and interactions; inability to automate interactions in real-time Regardless of the barriers, there are ways you can show customers you’re listening and provide contextual messages without “boiling the ocean.” Take, for example, the recent viral blue/black vs white/gold dress debate. As the conversation spread throughout Facebook and Twitter, brands like Dunkin’ Donuts and Tide tweeted these contextual messages: The tweets did not go unnoticed as thousands of followers retweeted, commented and favorited these messages. The contextual elements used in these messages — channel preference and breaking/relevant news — are easily accessible to any brand. While the brands had to act swiftly, executing these messages circumvented the three barriers listed above. On the flip side, addressing the barriers can allow a brand to build more sophisticated, targeted contextual messages, as shown in the below example. Here, Experian Marketing Services and technology partner Movable Ink helped Finish Line deliver this sale announcement that adjusts based on the date and time the customer opens the email. The message remains relevant via a countdown clock during the run of the sale, a “warning” when it’s about to end and an alternative message after the sale ends — all of which ensures that the message is relevant regardless of when it’s opened by its intended recipient. And combining more contextual data points, such as location and stock, Finish Line includes the countdown, a local map to the customer’s nearest location and up-to-the-minute inventory of available sizes. Contextual marketing enables modern enterprises to engage in customer-centric conversations that — like any meaningful relationship — deepen across time and future points of engagement. This is particularly true in an era when consumers are overwhelmed by untargeted and disruptive marketing messages. By contrast, contextual marketing is designed to seamlessly and usefully merge into the customer’s daily activity. Want to know more and how to get started? Download the eBook From campaigns to context: Making the move to contextual marketing.