Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Experian’s 2024 Holiday spending trends and insights report covers consumer spending trends for the holiday season.
In our Ask the Expert Series, we interview leaders from our partner organizations who are helping lead their brands to new heights in adtech. Today’s interview is with Georgia Campbell, Head of Strategic Partnerships at Kontext. What types of audiences does Kontext provide, and what are some top use cases for these insights in marketing strategies? Kontext leverages its 1st-party, deterministic shopping data to generate real-time online audiences. What sets Kontext apart is our ability to see the entire consumer journey, from shopping interest to intent and purchases, at a SKU-level. This comprehensive visibility allows us to create purchase-based audiences across various consumer verticals, such as frequent online shoppers, consumers shopping for beauty, segments using Mastercard, or Black Friday enthusiasts. Our data engine, built on a foundation of approximately 100 million consumer profiles and over 10 billion full-funnel, real-time shopping events, enables the creation of precise audience segments. This real-time 1st-party shopper data is invaluable for partners aiming to understand and engage with consumers more effectively. Whether a brand wants to activate past shoppers in a specific category or reach new audiences with a propensity to buy, Kontext provides the insights needed to make informed decisions. Some examples of audience types include these (and hundreds more): In-Market Shoppers: Consumers showing high intent to purchase specific categories, like skincare or electronics, based on recent online behavior. Past Purchasers: Shoppers who have made verified purchases within specific time frames, such as beauty products in the last 18 months. Frequent Shoppers: High-frequency buyers identified through repeated purchasing behaviors. Seasonal Shoppers: Consumers active during key shopping seasons, like Black Friday, Mother’s Day, Valentine's Day, etc Premium Buyers: Shoppers who used a premium CC (eg. Amex) and a higher AOV (average order value) Beauty Buyers: an audience that has indicated intent to purchase beauty products (deterministic past purchasers also avail) By using Kontext data, brands can identify the right audiences across multiple verticals, such as retail, CPG, health & wellness, auto, business, energy & utility, financial, and travel. Additionally, our collaboration with Experian allows further refinement of these audiences through layered data from specialty categories like demographics, lifestyle & interests, mobile location, and TV viewing habits. How is Kontext’s data sourced, and what differentiates it from other data providers? Kontext’s data is unique because it is deterministic, 1st-party, and collected as transactions occur. We capture the entire path-to-purchase, down to the SKU-level product detail, across 100 million consumer profiles and more than 10 billion real-time shopping events. Our proprietary technology, embedded in widgets across our 5 million premium online destinations, tracks the full consumer journey—from reading an article of interest to clicking on our dynamic commerce modules, adding items to cart, and completing purchases. This real-time data collection ensures there is no lag between digital events and their connection to consumer profiles. Unlike other providers, we do not aggregate data from multiple platforms; instead, we focus on building our models and insights based on authentic online consumer behavior. Our data stands out due to its: Deterministic Nature: We capture 1st-party data as transactions occur (all in real time) Full-Funnel Coverage: We capture consumer journeys from awareness to purchase, providing a complete view of consumer behavior. Real-Time Insights: Our data engine processes events in real-time, enabling timely and relevant marketing actions. How does Kontext ensure the accuracy and reliability of its audience data? Kontext ensures accuracy and reliability through our unique technology and direct data sourcing. By not aggregating data from other platforms, we maintain control over the quality and integrity of our insights. Our continuous investment in refining our models around online consumer behavior further enhances the precision of our audience data. What types of brands or verticals might resonate the most with Kontext audiences for activation? Any brand looking to understand and activate online shopping behavior – informed by 1st-party transaction data – will resonate with Kontext audiences. Essentially, any vertical that benefits from understanding real-time shopping behaviors, such as retail, health & wellness, auto, and financial services, will find our data invaluable. We have particularly strong insights in beauty, hair care, health & wellness, and values-based online shopping habits, as well as the food & beverage space. Retail & Consumer Goods: Leveraging shopping behavior data for targeted campaigns. Health & Wellness: Identifying consumers with specific health and wellness interests. Automotive: Targeting potential buyers of electric vehicles or eco-friendly products. Financial Services: Engaging high-value shoppers with premium credit card usage. And many more How does Kontext’s data help advertisers navigate the challenges posed by the deprecation of third-party cookies? As third-party cookies become less reliable, Kontext’s 1st-party data becomes invaluable. Our deterministic data engine, which does not rely on cookies, offers: Direct Consumer Insights: Accurate and consented data directly from consumer interactions. Privacy Compliance: Our data collection methods are fully compliant with privacy regulations, ensuring secure usage. Cross-Device Coverage: We use verified digital identifiers, allowing seamless unification and targeting across multiple devices. What measures does Kontext take to maintain data privacy and compliance, and how does this benefit advertisers? Data privacy and compliance are fundamental to Kontext. We meet or exceed all privacy compliance and security standards, ensuring that our data sourcing and usage are transparent and comply with regulations (CCPA, CPRA, VCDPA, etc). Kontext prioritizes data privacy and compliance through: Consented Data Collection: All data is collected with explicit consumer consent. Robust Security Protocols: Data is encrypted and secured with industry-leading practices. Compliance with Regulations: We adhere to global privacy laws, including GDPR and CCPA. User Control: Consumers have the ability to opt-out and manage their data preferences. Can you share success stories / use-cases where advertisers significantly improved their campaigns using Kontext’s data? To give you a sense of how Kontext data can be applied, here are two use-cases: Beauty Brand Campaign: An agency hoping to activate an audience of beauty purchasers for a Major Beauty Brand could utilize Kontext's custom audience of high-value beauty product purchasers. By targeting those consumers who had bought similar products in the last 12 months and had an average cart size of over $50, the campaign would significantly increase performance and ROAS. Electric Vehicle Launch: For a major auto manufacturer’s EV launch, Kontext could be used to identify eco-friendly consumers who had not yet purchased an EV but had shown interest in sustainable products. This precise targeting could lead to higher engagement and conversion rates for the campaign. Thanks for the interview. Any recommendations for our readers if they want to learn more? For those interested in learning more about Kontext, reach out for a personalized consultation. Contact us About our expert Georgia Campbell, Head of Strategic Partnerships, Kontext In her current role as Head of Strategic Partnerships at Kontext, Georgia plays a pivotal role in shaping the company's strategic direction within the data space. With a deep-seated expertise in leveraging data to drive impact for companies, Georgia has been forging key partnerships that enhance the effectiveness and reach of Kontext's offerings. Georgia comes from a background in emerging technology, where she has been focused on cultivating partnerships and employing data-driven approaches to spearhead market expansion efforts. She started her career in finance, managing investments across equity, debt, and alternative assets at Brown Advisory. In this Q&A, Georgia shares her insights on Kontext's Onboarding partnership with Experian, offering perspective on how Kontext's unique insights can unlock new opportunities for advertisers and brands alike. Latest posts
Discover Experian’s new solution tailored for retail media networks (RMNs) designed to enhance RMNs’ strength in first-party shopper data.