Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Brands can leverage non-clinical factors, like the social determinants of health, to gain a holistic view of their patients and increase access to care.
Next up in our Ask the Expert series, we hear from Sarah Ilie and Lauren Portell. Sarah and Lauren talk about the internet’s value exchange – what we gain and lose when it’s so easy to share our information. Is convenience hurting or helping us? The age of connectivity Today, it’s almost unimaginable to think about how your day-to-day life would look without the convenience of the internet, smartphones, apps, and fitness trackers; the list goes on and on. We live in the age of connectivity. We have the convenience to buy products delivered to our homes on the same day. We can consume content across thousands of platforms. We also have watches or apps that track our health with more granularity than ever before. The internet's value exchange In exchange for this convenience and information, we must share various kinds of data for these transactions and activities to take place. Websites and apps give you the option to “opt in” and share your data. They also often let you know that they are collecting your data. This can feel like an uncomfortable proposition and an invasion of privacy to many people. What does it mean to opt-in to a website or app’s tracking cookies? What value do we exchange? What opting in means for you Opting in to cookies means that you are allowing the app or website to track your online activity and collect anonymous data that is aggregated for marketing analytics. The data provides valuable information to understand users better to create better online experiences or offer more useful products and content. Granting access to “tracking” offers several benefits to users such as a customized, more personal user experience or advertising that is more likely to be relevant. For example, let’s imagine you have recently been using an app or website to plan a camping trip. By sharing your data, the website or app has visibility into what is interesting or useful to you which can lead to related content suggestions (best campsites) or relevant advertising and product recommendations (tents and camping equipment). It’s important to know that the marketing data collected when you opt in is extremely valuable. The revenue that advertising generates is often very important to websites and apps because this is how they make money to continue providing content and services to consumers. Data privacy practices Privacy concerns regarding how companies and developers use tracking information have risen over the last couple of years and have resulted in additional protection for consumers’ privacy while still allowing companies to improve their products and advertising. One big step in this direction has been simply making people aware that their data is being collected, why it’s being collected, and providing users with the option to share this data for marketing analytics through opting-in or not. Other important steps to maintain online privacy include formal legal legislation and self-regulation. The right to privacy is protected by more than 600 laws between individual states and federal legislation and the U.S. House Committee on Energy and Commerce recently voted to pass the American Data Privacy and Protection Act. Additionally, marketing organizations such as the Interactive Advertising Bureau and Association of National Advertisers regulate themselves with codes of conduct and standards given there is so much attention on privacy issues. Is the internet's value exchange worth it? The data that we choose to share by opting in has a lot of benefits for us as consumers. There are laws in place to protect our data and privacy. Of course, it’s important to be aware that data is collected and used for marketing purposes, but it’s also reasonable to share a certain amount of data that translates into benefits for you as well. The best data unlocks the best marketing. Contact us to tap into the power of the world’s largest consumer database. Learn how you can use Experian Marketing Services' powerful consumer data to learn more about your customers, drive new business, and deliver intelligent interactions across all channels. Meet the Experts: Lauren Portell, Account Executive, Advanced TV, Experian Marketing Services Sarah Ilie, Strategic Partner Manager, Experian Marketing Services Get in touch
We asked the experts about hashed email. What is email hashing? Do we need to hash email addresses in databases? What can we expect for hashed identifiers?