Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Email hashing was originally intended to be used as an email security feature that has ended up being a very powerful marketing tool. A hashed email is a cryptographic function that changes an email address to a random code which can be used as an anonymous customer identifier. This code is privacy-safe and cannot be traced back to the customer’s email address. However, this hashed email can function like a digital passport that traces every behavior and action a customer takes when logged into an account that is authenticated with an email, making hashed emails a goldmine for customer data. Today emails are used across traditional publishers and within the CTV ecosystem; tying them to more consumer touch points than ever before. Why the emphasis now? Cookies are on their way out the door and have been the primary way that many marketers have tracked their existing and potential customers. In order to replace this granular level of data, marketers are likely going to need multiple solutions. With so many cookieless solutions and IDs appearing in the marketplace, the mapping of the customer journey is bound to be fragmented. Relying on first-party data, such as hashed email, is just one way to reduce that fragmentation; as it can serve as an authenticated starting point for cross-device identity resolution that can be leveraged for targeting, personalization and measurement. How can Tapad + Experian help? Tapad + Experian's Hashed Email Onboarding is a privacy-safe way to connect consumer email addresses to their related digital devices and other digital identifiers through high precision probabilistic identity. By onboarding hashed emails and incorporating them within your Tapad Graph file you can: Build a more holistic view of individuals and households and their relationship to email addresses in your first-party data set Leverage these relationships for increased cross-device scale for targeting Employ personalization tactics at the household or individual level across devices Create new audience segments and look-alike models for cross-channel activation Design more inclusive measurement and attribution for customer journey mapping Tapad, a part of Experian has built a hashed email onboarding product feature that works with the existing flexibility of The Tapad Graph to deliver the most holistic consumer view, combined with the attributes you need, in the structure that works best for your business objectives. Get in touch
The result of epic shifts from traditional cable to streaming television, the CTV ecosystem is experiencing compounded fragmentation, making it challenging for marketers to leverage in the most effective way for both activation and measurement. Heralded as the hot new household level device for highly engaged viewers, CTV brings massive opportunities for brands to move users down the funnel and incorporate CTV into their attribution modeling post-campaign. Leveraging CTV IDs within a cross-device identity resolution strategy can yield big benefits if you know how to do it right. Check out our breakdown of today’s CTV landscape to help you better understand how and what you can leverage for activation and measurement in the streaming-verse today. CTV Ecosystems as identifiers (for illustrative purposes only) This is just a small peak at the players and complexities of CTV IDs available for marketers today, but it illustrates the need to understand what IDs can benefit your strategies and where you can use them. Addressability and attribution Not all CTV devices and IDs are addressable; or have ad slots for biddable inventory for advertisers. For example, Apple TV devices and Apple TV + are not ad supported, but could still appear within an identity graph for measurement purposes; helping understand customer behavior and habits, which can inform marketing strategies. Having a household to individual view that's as inclusive as possible can provide valuable insights. CTV identity strategy Whether or not CTV devices or apps are addressable for advertisers, they can bring immense value when leveraged as part of a holistic identity resolution strategy. As a household level device with user authentication it can provide marketers a top-down view; unlocking household:individual targeting opportunities and unification of IDs at both levels for frequency management and customer journey mapping Get started with us Tapad, part of Experian, offers CTV ID onboarding and extension to our CTV ID Universe as a part of The Tapad Graph suite of products.
CPG companies often base marketing decisions on custom market positioning studies, surveys and generic consumer personas. There’s a better way…