Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
With the increase in alternate channels such as social media, many may think that email is no longer a valuable way to create engagement with consumers. On the contrary, email marketing is still one of the most effective tools for marketers — especially when it is paired with mobile. Experian Marketing Services sends more than 10 billion emails each month on behalf of major brands around the world, which gives us the unique ability to monitor trends in email performance and engagement over time. We report email marketing trends as well as the key performance indicators that shaped the success of the Experian Marketing Services clients’ email programs each quarter in our email benchmark reports. Mobile holds potential for email engagement One of the most noticeable trends that we’ve found in our research is that both mobile device usage and email engagement have increased. According to our Q3 2014 Email Benchmark report, the research also states that 53 percent of emails were opened on a mobile or tablet device in Q3. Although we can see an increase in both engagement and mobile usage, it is too early to tell if they are directly correlated. However, marketers should be paying attention — make mobile your priority, and you may have the ability to stay ahead of upcoming trends. “Because people are so connected with their devices today, it only makes sense that they would want to use their mobiles and tablets to check their emails in real time,” says Shelley Kessler, Manager, Reporting and Analytics, Experian Marketing Services. “This is why it is so important for marketers to adopt mobile optimization into their marketing plans. Without it, their overall engagement and click rates will significantly drop and they may ultimately lose their audience.” Catalog brands see email success with tablets To put the importance of mobile into perspective, let’s dig deeper: During Q3 2014, the majority of email opens occurred on mobile phones or tablets for catalogers, consumer products and multichannel retailers. Specifically, for multichannel retailers, 60 percent of all of their emails occurred on a mobile phone or tablet and 50 percent of their total clicks. Meanwhile, catalogers had the highest percentage of tablet use with 18 percent of email opens and 13 percent of clicks occurring on tablets. Mobile can help create a relationship On a daily basis, a digitally connected customer’s inbox will be overwhelmed with hundreds or even thousands of different messages from marketers. To stick out from the crowd, marketers should be thinking of other ways to engage consumers. Shelley Kessler suggests creating a direct mobile messaging program: “Start a mobile messaging program if you have not already done so. If you have not developed a mobile database, start asking for customers’ mobile numbers in addition to email addresses and other basic information.” By utilizing mobile in ways that have not been done before, marketers have endless opportunities to get ahead of the curve. To learn more about these trends as well as others, download a free copy of our Q3 2014 Email Benchmark Report. Keep an eye out for the upcoming Q4 2014 Email Benchmark Report from Experian Marketing Services which will publish at the end of February.
Marketers: personalization is our duty Customers willingly give brands a lot of information. Some brands collect names, birthdays, message preferences and location in addition to contact information like email address, phone number and physical address. Brands that connect through Facebook and other social media accounts gain access to even more information – a person’s likes, friends/followers, age, demographics and more. Why are so many consumers willing to share this information? In a recent webinar, Ed Kowalski, Senior Director of Strategic Services at Experian Marketing Services refers to this phenomenon as the equitable exchange – customers provide companies with personal information because they believe it will enhance their brand experience. In return, marketers have a duty to responsibly use that data to benefit the customer. Personalization is an oft-discussed strategy in marketing, but many marketers struggle to make it a reality. In fact, a recent study found that 94 percent of companies have challenges relating to personalization. Yet marketers continue to collect more customer data – without a clear plan to utilize any of the data in a personalized context. Consider a brand that collects birthdate as part of its subscription process. As a consumer, I will only provide my birthdate if I can imagine a benefit to doing so. And I can – the brand may send me personalized well-wishes or even a special offer on my birthday each year. Because I’m willing to share my birthdate, I expect that the brand will use that data to engage me on a personal level. If they don’t, I’m likely to feel that the data I shared was not used productively, which will damage my perception of the brand and make me more reluctant to share information with them in the future. This concept extends to behavioral data too. Consumers often realize that companies may have data on their past purchases, browsing behavior and more. With this assumption in mind, they expect this data to be used to create more relevant brand experiences as well. Remarketing campaigns like abandoned cart emails and display ads targeted by browse behavior are increasing in popularity, as 69 percent of marketers in our most recent survey run these types of campaigns. This means customers are coming to expect them. So what does this mean for marketers? Not only is it a best-practice to personalize messaging based on customer data, but it’s often a requirement. Consumers are saying, “Show me that you know me.” As marketers, we need to make good on the unspoken promise of this equitable exchange. It doesn’t need to be hard. Check out the slides below or watch the webcast to learn how brands can begin to implement more personalized, relevant messages today.
John Fetto, our Senior Research and Marketing Analyst, explored the top five lessons from the 2014 holiday season and provided tips to help marketers revamp their 2015 holiday campaigns. 1. Move over desktops, consumers are using mobile to search for deals Deal seeking is moving to mobile where consumers have access to pricing and coupons while they are on-the-go and closer to making a purchase decision. In fact, searches for “mobile coupons” are up 14 percent since July when mobile search data was incorporated. As for timing, peak deal-seeking searches typically occur during the holiday shopping season, but the past two years, holiday and back-to-school were nearly equal. For marketers to not leave money on the table, it is critical to target deals and discounts strategically to consumers who need and want them most. 2. The must-have gifts of 2014 2014 was the year of the "Internet of Things," the rapidly growing trend in devices — beyond smartphones, tablets and computers — that connect to the Internet. In particular there was a big leap this season in searches for portable fitness devices and smart watches were up 235 percent year-over-year. Additionally, searches for smart televisions were up 30 percent and searches for smart home automation devices were up 67 percent year-over-year. Savvy marketers will use these insights to reach customers in a myriad of new channels in 2015. 3. Reach consumers later in the week It’s no surprise that the three busiest shopping days this past holiday season were Cyber Monday, Thanksgiving and Black Friday, each capturing more than 225 million online visits to the Hitwise Retail 500. Diving deeper into significant peak days in December, we found that Tuesday and Wednesday earned top spots as key online shopping days. This gives marketers the ability to reach consumers with more relevant messages later in the week and drive in-store sales for the weekend ahead. 4. Email is the second biggest driver of traffic Email continues to be a strong driver of online traffic. In 2014, search engines drove 41 percent of the traffic to the Hitwise Retail 500, followed by email with 8.15 percent. Looking at the performances by key peak days, email was a strong driver of traffic on Thanksgiving and Black Friday, and social media drove the most traffic on Cyber Tuesday, the Tuesday after Thanksgiving. 5. Mobile is a strong driver of traffic to retail sites Much of the mobile activity on retail sites comes from browsing while shopping, whether it’s for price comparison, inventory analysis or to find store hours or locations. In fact, a new study from Experian Marketing Services found that 83 percent of cell phone owners now engage in shopping activities on their phone immediately before, during or after visiting a store. In addition, 53 percent of smartphone owners visit shopping websites from their phone during a given month versus 41 percent who use shopping apps during the same time frame. While mobile apps are great ways for marketers to interact with existing customers, mobile web is critical for reaching potential new customers. Marketers who focus their mobile efforts on developing mobile apps at the expense of mobile optimized sites are likely missing the opportunity to attract new shoppers. Learn more about the 2014 holiday season to prepare for next year Watch the Five things we learned this holiday season webcast for deeper insights into these trends: What branded products and product categories were hot this season Mobile shopping trends, including how much consumers are shopping and buying online Consumers’ deal-seeking tendencies and the trend of omnipresent sales, discounts and coupons Analysis of the peak online shopping days and seasonal traffic trends Which retailers were successful this season and the digital channels that were effective in driving traffic