Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
The importance of affiliate marketing as a marketing channel is evident; it ranks as one of the most effective marketing channels for retailers, along with paid search and e-mail. While effective affiliate marketing relies on two groups, the publishers (affiliates) who display advertisements online and the advertisers (merchants) who aim to increase sales for their online shop, incorporating insights from Experian Marketing Services’ Hitwise can strengthen affiliate programs. I recently worked with Rakuten LinkShare on a webinar which highlights how their affiliate marketing services partnered with Hitwise create a proven package for success by providing valuable and actionable insights to affiliate marketers in understanding and targeting key consumer segments. Identify sites sending traffic to your category For our case study, we examined a custom category of Rakuten LinkShare department store clients and compared them with a category of department store non-clients. Using Hitwise, we examined which publisher sites sent traffic to each of the categories in order to identify the best affiliates to partner with. Among the top 20 publisher websites, a number of fashion and style content websites were sources of traffic to LinkShare Department store clients. Fashion and trend focused affiliate sites, namely ShopStyle and Polyvore, pointed to clear fashion editorial interest amongst those who visited LinkShare department store clients. Consider search terms used to capture consumer interest and intent Next, we looked at generic terms that sent traffic to affiliate site ShopStyle. Terms included searches for products sold in department stores such as variations of “heels” and “dresses”. The data indicates that ShopStyle is a good candidate to partner with because it attracted visits from those who are interested in fashion, looking for a deal, and who are likely in-market for specific products. Monitor effectiveness of affiliate programs and make timely decisions Hitwise can also be used by marketers to evaluate the effectiveness of their affiliate partnerships. For this example, we were able to show that Rakuten LinkShare affiliates sent a larger share of traffic to department store clients versus non-clients, pointing to a clear benefit from affiliate partnerships. As affiliate marketing is an increasingly critical channel for marketers, the importance of selecting the best and most relevant publishers is clear. When used in conjunction with affiliate marketing programs, Hitwise enables marketers to understand competitors’ online distribution and sources of traffic, select the best affiliates to partner with, and quantify the return on investment from partnerships.
New data from Experian Marketing Services’ Simmons® ConnectSM mobile and digital panel sheds light on the way smartphone users spend time using their phone, with the average adult clocking 58 minutes daily on their device. On average, smartphone owners devote 26% of the time they spend on their phone talking and another 20% texting. Social networking eats up 16% of smartphone time while browsing the mobile web accounts for 14% of time spent. Emailing and playing games account for roughly 9% and 8% of daily smartphone time, respectively, while use of the phone’s camera and GPS each take up another 2% of our smartphone day. *Activities include use of a smartphone’s native features dedicated to each activity as well as downloaded apps whose primary function falls under the given activity. For instance, “watch video” includes the act of watching video on the smartphone’s native video player as well as use of video apps such as YouTube, Netflix, etc. iPhone versus Android users Smartphone users may constantly debate which operating system is supreme, but we see clear differences between the ways consumers use their phone depending on the operating system that runs it. For starters, iPhone users spend an hour and fifteen minutes using their phones per day, a full 26 minutes more than the typical Android phone owner. Additionally, iPhone and Android smartphone owners use their phones in markedly different ways. For instance, 28% of the time that Android users spend using their phones is dedicated to talking, whereas iPhone users spend only 22% of their smartphone time talking on the device. Android owners also devote a greater share of time visiting websites on their phone than iPhone owners. On the other hand, iPhone owners spend a disproportionately greater share of smartphone time than Android owners texting, emailing, using the camera and social networking. Note on time spent It may surprise some to read that an activity like watching video accounts for such a small share (less than 1%) of the typical adult’s daily smartphone use. However, for the charts above to sum to a single daily total it was necessary to calculate individual activity contribution using a base of all smartphone owners, including those who don’t spend any time engaging in a given activity during a typical day. The chart below provides additional insights into the time spent engaging in the major smartphone activities examining only those individuals who engaged in each activity during a 24-hour period. I’ve also added into the chart a reach and frequency metric to indicate the popularity of each activity and the number of times per day that individuals engage in them. In the chart, the activities with the largest bubbles are those in which the greatest share of smartphone owners engage during a typical day and include the usual suspects: talking (79%), texting (76%), visiting websites (62%), emailing (61%) and social networking (52%). Activities with the fewest daily participants are: watching video, which 2.3% of smartphone owners do during a typical day, and reading, which just 0.5% of smartphone owners do daily. Given that nearly 98% of smartphone users don’t watch videos on their phone during a typical day, it’s easier to understand why video comprises such a low share of the average adult’s daily smartphone use. However, the chart above reveals that those who do watch video on their phone spend, on average, 5 minutes a day watching videos spread out over 4.2 different viewing sessions. For more information on consumers’ usage of smartphones, digital tablets, computers and other traditional and digital media platforms, check out Simmons Connect.
Under the Patient Protection and Affordable Care Act that President Barack Obama signed into law in early 2010, healthcare providers are expanding their outreach to as many Americans as possible. In an effort to improve overall care, state and local healthcare agencies are performing health information exchanges (HIEs), electronically exchanging patient data. HIEs provide a new level of access to health information, but data quality needs to be of paramount importance. Patients’ medical records include contact information, such as mailing addresses, phone numbers and email addresses. Entering this data into forms is a process rife with opportunities for human error. Data fields are often riddled with incorrect formatting, typographical errors and contacts that are correct but outdated. Patients’ medical records must be corrected in order to ensure quality care. Several precautions must be taken before an HIE migration. Before outstanding paper records are digitally imported, records should be wiped clean of any mistakes and software tools should be used to verify addresses and eliminate duplicate records. Review this new HIE infographic to better understand the role data quality plays in HIE migrations.