Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
It seems that every time I go into a store today, I am offered a loyalty card. From one of my favorite local restaurants to my shoe store VIP program, I feel like I am getting a host of emails and points at every turn. Statistics support my theory: according to a recent Experian Data Quality study, 91 percent of organizations use loyalty programs. Why did they become so prevalent? Today’s consumer is more empowered than ever before and driving major change within business. In the era of Yelp, digital channels and a 24/7 shopping cycle, organizations have less control. Just look at the shoe market, which you can tell I pay attention to. It used to be that you would purchase whatever your local department store or brick-and-mortar retail had to offer, which might be 50 different options. Now, you can go online, read reviews and browse hundreds of different choices based on style and color. In fact, last night I went online and searched for black boots and scrolled through six pages of different options! Loyalty programs are a counter balance to that choice and empowered customer behavior. They make sure that while I am shopping for shoes, I am probably doing it through my preferred store and earning reward points for free merchandise. And through the loyalty process, companies are collecting a lot of data. Customers usually need to provide more than three types of information to sign up, the most popular being email, followed by name and phone number. However, collecting this information accurately isn’t always easy, which is why poor data collection is one of the leading problems for loyalty programs. Eighty-one percent of companies face challenges related to these programs, the two biggest being not enough customers signing up and poor contact data. Inaccurate data means that a customer has signed up, but the marketer is unable to communicate with them in the desired channels. This clear drop in communication and a potentially bad customer experience could be by improved data collection. Sixty-four percent of respondents say this is a needed improvement. Let’s go back to my shoe retailer example. If they had collected my email wrong, I wouldn’t get my email confirmations or offers around upcoming sales. If they got my address wrong, I wouldn’t be receiving my shoes. Considering how much money I spend on shoes annually, which I am ashamed to admit, if any of those items went wrong, I might switch to a competitor. That can equate to a lot of money annually, especially when you look at it across a large number of clients. When a customer chooses to sign up for a loyalty program, they are making a commitment to the company and expecting something in return, be it points, free shipping, coupons or just company updates. However, if bad contact information is collected, then the consumer often never receives the benefits, resulting in a bad customer experience. In the next year, marketers need to data validation in place to ensure information is accurate upon collection. This type of software can be implemented across all channels where information is collected and ensure data is accurate while the consumer is still engaged. If information is accurate when it is collected, then loyalty programs have a better chance at engaging consumers and actually seeing the benefit that a loyalty program can provide. To learn more about loyalty programs and the research mentioned above, please read our new white paper, Driving customer loyalty.
When building marketing plans these are the top trends marketers need to know and consider Crowdsourcing, Programmatic Buying, The Internet of Things … these are all concepts that today’s savvy marketer needs to be thinking about. We can’t emphasize it enough: the marketing landscape changes almost daily, sometimes without us even realizing it. The three concepts I just mentioned weren’t even part of our lexicon a few short years (or even months) ago, but are now important trends marketers need to know and consider when building out marketing plans. Take crowdsourcing, for example. Experian Marketing Services research showed that the number of ratings or reviews posted online has increased by 30 percent in the past two years and the number of adults who say they pay attention to such reviews has increased by 33 percent. Brands are capitalizing on the trend by engaging their consumers in communities that share their content and even help them design new products. Programmatic Buying, which refers to the automation of online ad buying, has exploded over the last few years as publishers like AOL have started focusing less on selling remnant inventory and started offering their premium inventory to advertisers up front. This has led to the packaging of “audiences” that marketers can use to target customers across channels and devices. And one of this year’s biggest trends is the rise of the “Internet of Things,” which is, essentially, everyday objects that connect to the Internet to improve efficiency, connectivity and user experience. Think smart light bulbs that you can control from your smartphone, or smart thermostats that also connect to your phone and allow you to adjust the temperature in your house before you get home from work. If you find these concepts interesting, please read “Trending Now” to get more insights into these trends marketers need to know and several other fresh marketing ideas that are changing the way marketers are thinking about planning today.
Q&A with John Fetto, Senior Analyst, Marketing & Research Earlier this year, Experian Marketing Services released our Cross-Device Video Analysis. The analysis has generated such strong and sustained interest from marketers and the media, we wanted to explore the subject further. The following is an exchange with the report’s lead author John Fetto who answers some common questions that we’ve received since the analysis was published. Q: In the Cross-Device Video Analysis, you report that consumers are “cutting the cord” on pay cable and satellite television services. Can you elaborate on this trend? What’s driving it? According to our research at Experian Marketing Services, U.S. consumers are increasingly likely to have high speed Internet at home but no cable or satellite TV subscription. There are two primary consumer trends driving this: 1) Households that never subscribed to a pay TV service are now upgrading to broadband Internet; 2) Households that previously subscribed to both pay TV service and broadband Internet that have since cancelled the cable or satellite TV subscription. While the vast majority of U.S. households pay for either cable or satellite TV, an estimated 15.1 million (or 12.9 percent of households) do not. That’s up from 13.5 million households (11.9 percent) who didn’t pay for TV in 2009. At the same time, the share of broadband households is also rising. Today, 72.7 million homes (61.4 percent) have broadband Internet, up from 65.0 million homes (56.9 percent) in 2009. As Americans’ Internet connection at home is increasingly fast enough to deliver high quality video content through sites like YouTube, Netflix, Hulu and the like, as well as the ability to consume that online video content across an array of devices ranging from Internet-connected televisions to smartphones and tablets to computers, they are increasingly questioning whether they need to continue paying for TV. And more and more consumers are deciding to cut the cord. Q: With more consumers cutting the cord, how are they consuming video content? While the most commonly used device to consume online video is the smartphone — used by 24 percent of adults during a typical week to watch online video, according to our research — “cord cutters” are primarily using Internet-connected TV to consume online video. In fact, an adult who watches online video on their TV is 3.2 times more likely than the average adult to be a cord-cutter. This means that the Internet-connected TV market is critical in predicting the future of the cord-cutting consumer. As existing devices like Apple TV, Chromecast and Roku are upgraded and new devices like Amazon Fire TV are introduced to the market, consumers will have more and more options to consume online video without sacrificing quality or screen size. As a result, more consumers will be reconsidering whether they need to continue paying for TV. Q: What percent of consumers get their television programming from various sources including cable, satellite, online streaming and free over the air TV? Combined, 87.1 percent of U.S. households subscribe to either cable or satellite TV. While Experian Marketing Services doesn’t specifically measure the percent of Americans who watch TV through an over the air feed (OTA) we know that among those who do not subscribe to cable or satellite, the vast majority (77 percent) still watch TV. And while it’s possible that some are viewing TV from a cable or satellite feed away from home, the most likely source of their TV content would be from OTA sources. That means that at least 10 percent of American adults are watching some TV through an OTA feed. In addition, 48 percent of all adults watch online video each week through a variety of devices. Those who don’t pay for TV are 12 percent more likely than those who have cable or satellite TV to watch online video (54 percent vs 48 percent). Q: The cord-cutting trend has many implications for the cable and satellite companies, but what do consumer-facing marketers and advertisers need to know about this trend? The growth in online video viewing creates many opportunities for marketers. Online audiences can be more easily targeted and served up advertising that is more relevant, responsive and measureable. Marketers can also be more confident that their online ad was actually seen, given that viewers are typically unable to skip ads. And while CPMs for online video ads may generally be lower than those of TV, marketers can use that savings to negotiate costs based on clicks or transactions rather than impressions, giving them a better picture into audience interest and insights to inform their budget allocation. Millennials are the most device “agnostic,” with more than one-third saying they don’t mind watching video on a portable device even if it means a smaller screen. That’s more than double the rate of those ages 35 and older. This decentralized viewing can create headaches for marketers who need to start a relationship with Millennials during this stage of their lives when they’re most open to trying out new brands and have yet to settle down. On the plus side, marketers who do manage to reach this audience will find them much more open to advertising than average. In fact, Millennials are more than four times more likely to say that video ads that they view on their cell phone are useful. So while the challenge is big, so is the potential reward. Download the full analysis to learn more about: Cross-device video behaviors to optimize media mix approach The impact of the growing trend in cord-cutters The rising influence of Internet-connected TV How to get more impact from video content