Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
If the time spent on the Internet for personal computers was distilled into an hour then 27 percent of it would be spent on social networking and forums across the United States, United Kingdom and Australia. In the U.S., 16 minutes out of every hour online is spent on social networking and forums, nine minutes on entertainment sites and five minutes shopping. Global comparison In the UK, 13 minutes out of every hour online is spent on social networking and forums, nine minutes on entertainment sites and six minutes shopping. Australian Internet users spend 14 minutes on social sites, nine on entertainment and four minutes shopping online. Across all three markets, time spent shopping online grew year-over-year, but the UK market emerged as having the most prolific online shoppers, spending proportionally more time on retail Websites than online users in the U.S. or Australia. British Internet users spent 10 percent of all time online shopping in 2012, compared to nine percent in the U.S. and six percent in Australia. This was in part due to a bumper winter holiday season in the UK where 370 million hours were spent shopping online, 24 percent higher than the monthly average. Consumption of news content also increased across all three markets with Australian users emerging as the most voracious consumers of news online. Six percent of all time spent online in Australia in 2012 was on a news Website, compared to five percent in the UK and four percent in the U.S. Meanwhile, the time spent on social media proportionate to other online activities declined across all three regions. The U.S., which has been the most dominant market for social media consumption in the last three years dropped from 30 percent of all time spent online to 27 percent. In Australia time spent on social dropped from 27 percent to 24 percent while in the UK it dipped from 25 percent to 22 percent year-over-year. This highlights the rise in access via 3G and 4G networks as consumers spend increasingly more time online while on the move. "Understanding consumer behavior across channels is more important than ever as more visits are being made on the move, particularly among social networking and email,” says Bill Tancer, general manager of global research for Experian Marketing Services. "With smartphones and tablets becoming more powerful, our data clearly indicates the difference between mobile and traditional desktop usage further enabling the ‘always on’ consumer mentality. Marketers need to understand these differences, as well as regionally, to ensure campaigns can be tailored for better and more effective engagement.” Mobile browsing When looking at the U.S. browsing data for mobile devices, email accounted for the largest time spent on average, for the same categories for Q1 2013. Email made up 23 percent of time spent on mobile devices for Q1-13, while social networking accounted for 15 percent. Entertainment had the third highest time spent with 13 percent, followed by shopping with 11 percent and travel with 9 percent. The mobile data does not include app usage, but does include mobile browsing within an app. Read more of the latest consumer trends in The 2013 Digital Marketer Report Learn more about consumer online behavior by visiting our Online Trends page Learn more about the author, Matt Tatham
The 2013 Digital Marketer Report is almost here. One section of the report includes key segments of the consumer landscape. In a previous post we looked at budget and luxury travelers and in this excerpt we focus on millennials – specifically tactics to target early adopter millennials: The generation of 18- to 34-year-olds known as millennials is an increasingly influential group that impacts many aspects of the American lifestyle, including fashion, technology, entertainment and beyond. Almost one-quarter (24 percent) of millennials have a college degree, 34 percent are married and many (60 percent) own a home. They have an average discretionary spend of $11,317 annually. Brands and marketers are taking notice of millennials and the fact that they communicate and behave differently than other generations. Marketers increasingly understand that they need innovative marketing programs in order to engage this important segment of the population Early adopter millennials Fifty-two percent of millennials rank far above or above average when it comes to being early adopters of technology. That means more than half of adults ages 18 to 34 want to be the first to have the latest electronic equipment, are willing to pay almost anything for an electronic product and actively want to be a source of information on electronic equipment to others Marketers trying to reach this group can look at the types of Websites driving millennials to online retailers in order to understand other sites that would be effective partners, advertising outlets and content providers: Millennials are more likely than the online population to visit search and social Websites before visiting a retail Website They are less likely to look at email or visit reward and directory sites before visiting a retail Website They are more likely to visit fashion content and portal sites before visiting a retail Website There is a major opportunity to reach early adopter millennials via mobile, as they spend 14 percent more time engaged with their mobile devices in an average week than their generational peers. Early adopter millennials are 20 percent more likely to use a tablet and 32 percent more likely to IM/chat than the average millennial. Other top activities include reading media, listening to music and email. Source: Experian Marketing Services’ Simmons® Source: Experian Marketing Services’ Simmons Source: Experian Marketing Services’ Simmons For more insights on millennials and other key consumer segments, pre-order The 2013 Digital Marketer Report.
The 2013 Digital Marketer Report is almost here. In anticipation of its release, here’s an excerpt from the online display advertising section: Here’s what marketers and advertisers need in order to lay the groundwork for success in their online advertising campaigns: Solid audience-based data is the foundation for display advertising success. Start with your CRM file and work with the right partners who can best leverage it and enhance your audience definition with robust data assets to create a highly targeted display audience. Actionable, value-based segmentation is a key campaign driver. Value-based segmentation assigns predicted economic values to customer or prospect audience targets – based upon the campaign objective – for the more cost-efficient real time display ad buying. Applying value-based segmentation to an audience according to sound consumer insights and analytics allows for more dynamic and cost-effective display media bidding. Scalability to drive campaign efficiency. You’ve defined your target audience with value-based segments. Now you need to reach that specific audience at scale to maximize campaign efficiency and get the most from your media budget. High-quality creative to drive engagement and conversion. Developing the right audience, targeting parameters and media strategy is only as good as the creative message displayed so the importance of highly relevant, targeted creative cannot be underestimated. Work with a partner who understands your target audience and campaign objectives to develop and deliver the most compelling message. Approaching your online display campaign set up this way will ensure it is built on a solid foundation, greatly increasing the likelihood of your program’s success. Keep in mind that data-driven, audience-based campaigns typically take a little more ramp-up time than more traditional advertising. Sometimes, if companies don’t see results right away, they might change or abandon their strategy too quickly. This new, digital path truly requires a shift in advertiser behavior and thinking. All is not lost if you don’t see results right out of the gate. The systems need time to use the data to target the best audience, hone in on the right media for that audience and bid on it accurately. All of these steps take time but are needed to drive performance. Marketers in the trenches may get comfortable as they start to see results, but they sometimes struggle with getting their senior leadership to accept the longer time frame and keep spending on display programs. Brand advertisers tend to buy into display better than performance-based advertisers because they are used to the time required to create repeated exposure that builds awareness, consideration, favorability and intent. The key takeaway is that you need to go into these campaigns feeling comfortable about the longer timeline required to allow traction and drive the results you seek. Pre-order The 2013 Digital Marketer Report today and be one of the first to get more great data, trends and insights.