Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
The Tapad Device Graph™ Will Expand Sizmek’s Cross-Device Reach and Improve the Efficiency and Precision of Digital Advertising NEW YORK, November 16, 2017 – Tapad, part of Experian and a leader in cross-device marketing technology, today announced a new global partnership with Sizmek, the largest independent buy-side advertising platform delivering impressions that inspire. By integrating the Tapad Device Graph™, Sizmek will enhance its AI-powered predictive capabilities to deliver accurate, cross-device messaging at global scale in a privacy-safe environment. Combined with Sizmek’s existing data enablement, creative optimization and media execution capabilities, the proprietary Tapad Device Graph improves the efficiency and precision of digital advertising by accurately matching people and devices. This enables advertisers to get a clear view of individual customer journeys, achieve scale without compromising on efficiency, and uncover new opportunities for conversion. Sizmek’s customers will have access to Tapad’s globally compliant and privacy-safe datasets across the Americas, EMEA, and APAC. With deeper knowledge of consumer preferences, purchase intent and conversion behaviors, Sizmek and its customers are able to enhance advertising strategies including cross-device audience identification and more. “Tapad is known for their strong cross-device capabilities, and their offering is an excellent addition to our growing program for best-of-breed data and measurement partners" says Mike Caprio, Sizmek’s Chief Growth Officer. “For our customers, this partnership will add further people-based marketing precision and reach to our comprehensive offerings around creative optimization, data enablement and media execution." “Sizmek’s adoption of industry-leading AI and machine learning campaigns will be a great complement for the Device Graph,” said Chris Feo, SVP, strategy & global partnerships at Tapad. “Our ability to create smaller, more customized segments in conjunction with Sizmek’s AI modeling will deliver efficiency, effectiveness and increased ROI for marketers worldwide.” This partnership comes at a time of a massive shift in the marketing technology industry. Companies like Tapad and Telenor, as well as Rocket Fuel and Sizmek, are joining forces to adopt those technologies that are most efficient and accurate at reaching consumers at scale in a personalized and non-intrusive way. The combination of Tapad and Sizmek’s offerings will provide international marketers with exceptional resources to lead a more cost effective and results driven campaign. Contact us today
The Tapad Device Graph™ increases Throtle’s amplification by 475 percent. NEW YORK, Nov. 1, 2017 /PRNewswire/ – Tapad, now a part of Experian, the leader in cross-device marketing technology, today announced a partnership with Throtle, a leading data onboarding company. The Tapad Device Graph™ will enhance Throtle's best-in-class onboarding capabilities by providing accurate and privacy-safe cross-device reach as well as precise audiences at scale. In partnership with Tapad, Throtle will deterministically link its services to a corroborated individual with hundreds of targeting attributes. This linkage allows Throtle to offer true cross-device identity management and identity resolution services to accompany its robust onboarding capabilities. Throtle will also work with Tapad to validate its device graph, building larger, more comprehensive audience segments. To date, the Tapad Device Graph™ has connected 61 percent of Throtle IDs to related ones in the graph, with an average amplification rate of 475 percent for Throtle's IDs, or 4.8 new IDs per each of Throtle's. Throtle has also seen its overall match rates involving Tapad's identity insights rise an average of 15 percent since the inception of the partnership. More specifically, Tapad's mobile advertising IDs (MAIDs) have increased Throtle's in-app identity inventory by 35 percent. "Tapad has proven to be a trusted source for cross-device matching and has a tremendous reputation in the advertising and marketing technology industries for delivering superior precision and scale with the utmost dedication to privacy," says Paul Chachko, CEO, Throtle. "Since we first began our test phase, and continuing through to this day, Tapad has met and exceeded our expectations for what a partner should be." With Tapad's strong commitment to precision and accuracy, Throtle was confident that this partnership would prove to be the right choice for the strategic expansion of its platform. Not only does Tapad deliver in-depth insights, parsing deterministic from probabilistic linkages, but its pool of device-level touchpoints enables Throtle to increase scale without seeing a decline in precision. "Accuracy and precision are core characteristics of our proprietary Device Graph," explains Chris Feo, SVP, Strategy & Global Partnerships, Tapad. "When Throtle approached our team, we knew we would be the right partner to assist their leading onboarding technology. We're excited to work with Throtle to achieve cross-device reach, audience scale and precise deterministic and probabilistic linkages for its clients." For more information about the Tapad Device Graph™, or to request a demo, visit https://www.experian.com/marketing/consumer-sync About TapadTapad Inc. is a marketing technology company renowned for its breakthrough, unified, cross-device solutions. The company's signature Tapad Device Graph™ connects millions of consumers across billions of devices. The world's largest brands and most effective marketers entrust Tapad to provide an accurate, privacy-conscious, and unified approach to connecting with consumers across screens. In 2015, Tapad began licensing the Tapad Device Graph™ and swiftly became the established gold-standard throughout the ad tech ecosystem. Tapad is based in New York and has offices in Boston, Chicago, Dallas, Detroit, London, Los Angeles, Miami, Oslo, San Francisco, Singapore, and Tokyo. Tapad's numerous awards include: Forbes' Most Promising Companies, Deloitte's Technology Fast 500, Crain's Fast 50, TMCnet Tech Culture Award, and Global Startup Award's "Startup Founder of the Year". In 2016, Tapad was acquired by the Telenor Group, one of the world's largest mobile operators. About ThrotleThrotle is a data onboarding company focused on deterministic matching and identity resolution, empowering brands with true individual-based marketing. Our data centric onboarding approach guarantees the highest level of accuracy, scale, and responsiveness for our clients. For more information on Throtle, please visit, throtle.io. Contact us today
Autotrader leverages The Tapad Device GraphTM to achieve higher performance and reach new audiences across all devices New York, NY – September 6, 2017 – Tapad, the leader in cross-device marketing technology and now a part of Experian, today revealed findings from a campaign conducted with Autotrader which connects with more actual car buyers than any other third-party listing site.* Autotrader’s premium audience, combined with the Tapad Device GraphTM, delivered significant audience extension across desktop, mobile, and tablet to drive awareness and maximize both reach and delivery across screens. To help analyze shopping behaviors across multiple devices, the global automotive brand for this campaign turned to Autotrader and Tapad, who created a cross-device pre-roll video strategy with a focus on viewability, concentrating on potential customers already searching for vehicles. By using a one-to-one connection, instead of look-alike modeling, Tapad also ensured that the automotive brand discovered only new consumers across all of their devices. This approach discovered a new potential audience of more than 14 million consumers, eliminated communication waste and the risk of duplicates, increased overall performance, and ensured more of their campaign dollars reached meaningful audiences. Overall, this case study represents a leap forward in terms of audience-based targeting and the highly-sought after multi-touch attribution modeling. “We really enjoy working with the team at Tapad to help execute our Audience Extension campaigns”, said Lynne Green, product manager at Autotrader. “Their ability to meet the demands of an ever-changing industry, as well as their dependable customer service has allowed us to confidently deliver against our unique in-market automotive audience and provide our clients ongoing messaging opportunities to our audience beyond Autotrader.com.” “How identity relates to conversion behavior is a complex part of any advertising campaign,” said Jeff Kelosky, RVP and head of global automotive at Tapad. “After identifying auto consumer’s behavioral patterns and device usage while shopping for vehicles, we knew we could successfully help Autotrader and its automotive brand clients maximize campaign viewability and drive results.” To learn more about using Audience Extension with Autotrader, click here. For more about the Tapad Device GraphTM, or to request a demo, visit https://www.experian.com/marketing/consumer-sync Contact us today