Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
With campaigns applied to seven major holding companies, Tapad continues to see healthy adoption with The Trade Desk clients NEW YORK, NY – August 23, 2017 - Tapad, now a part of Experian, the leader in cross-device marketing technology, today announced its ongoing momentum with The Trade Desk, Inc. (Nasdaq: TTD), a global technology platform for buyers of advertising. Tapad is providing cross-device segments from the groundbreaking Tapad Device GraphTM through The Trade Desk’s platform. Since 2015, Tapad has seen steady growth in the use of its cross-device data across The Trade Desk platform. This forward progress continues, as 1H2017 saw important milestones for Tapad. Seven major private and independent holding companies now apply Tapad’s data to their campaigns, in addition to more than 1,500 unique brands. Tapad’s proprietary Device GraphTM connects billions of devices, providing unified and insightful data for brands, agencies, and marketers across the globe. Several of these clients, representing varying industries from financial, to auto, CPG and retail, apply Tapad’s data across a number of key tactics and strategies, including: first party CRM extension, third party audience extension, cross-device retargeting, cross-device frequency management, and more. Clients in these verticals continue to rely on Tapad’s cross-device data, as Tapad saw the amount of usage by financial and retail clients grow by four times over the past year, and double for automotive and CPG clients. “We are pleased to offer our clients access to Tapad’s device graph”, said David Danziger, VP of Data Partnerships, The Trade Desk. “Their cross-device identification capabilities have been a powerful addition to our omnichannel platform.” “This integration is a shining example of the amplifying effect of two of the best platforms working together,” said Chris Feo, SVP of Global Partnerships at Tapad. "Clients leveraging Tapad's Device Graph in The Trade Desk platform have the potential to see higher returns and reach with access to substantial cross-device data, as well as a very effective media platform." Contact us today
Tapad Device Graph™ and Sojern’s mobile offering unify travel intent signals; achieve amplification rate of more than 600 percent NEW YORK, June 15, 2017 – Tapad, a part of Experian, the leader in cross-device marketing technology, is partnering with Sojern, travel’s direct demand engine, to provide marketers with an even stronger understanding of travelers as they research and shop across multiple devices. Combined with its 350 million global traveler profiles and billions of predictive purchase intent signals, Sojern utilizes the Tapad Device Graph™ to resolve the complex travel consumer journey, target travelers more precisely, and derive more actionable insights for its travel clientele. According to Sojern’s research, travelers visit hundreds of websites preceding their trip purchase, with some consumers reaching upwards of 450 touchpoints prior to booking. Sojern’s partnership with Tapad will help unify these touchpoints across devices, enabling travel brands to more effectively nurture and engage potential buyers during the purchase process, regardless of which device they use. “Sojern’s been focused on travel for over a decade, helping brands activate predictive purchase signals and leverage our traveler profiles into effective performance marketing campaigns,” said Mat Harris, Sojern’s VP of Product, Enterprise Solutions. “The cross-device insights we gain from the Tapad Device Graph provide a valuable tool for our customers to reach travelers across devices in real-time and at scale, on the right device.” Prior to selecting Tapad as its cross-device partner, Sojern surveyed several probabilistic and deterministic cross-device vendors and performed an extensive global test. The test was an examination of scale, match rate and several other factors, which enabled Sojern to learn as much as possible about each vendor. After examining the final test results, Sojern selected Tapad based on its excellent test performance, tried-and-true experience in the market and complimentary business model. To date, Sojern has already seen an amplification rate of more than 600 percent as a result of the integration, meaning that the Tapad Device Graph is connecting an average of six or more device and browser IDs for every one existing Sojern ID. “Not only is Sojern a compatible partner for our singular Device Graph capabilities, but they are also an incredible data partner to help expand our work in the travel industry,” said Pierre Martensson, SVP and GM of Tapad’s global data division. “Working with the team at Sojern allows us to solve a true challenge within the travel industry today: creating a unified view of customers so travel brands can better understand and access their key audiences at every point along their path to purchase.” Contact us today
Leading data insights and cross-device-powered services bridge mobile insights with connectivity to drive real-time consumer intelligence NEW YORK, May 17, 2017 /PRNewswire/ – Tapad, now a part of Experian, the leader in cross-device marketing technology, has partnered with Resonate, a leading provider of real-time consumer intelligence and activation SaaS solutions. Through this partnership, Resonate will leverage the Tapad Device Graph™ to capture a deeper understanding of its mobile app audiences and provide brands with a more direct connection to their intended consumers. The integration of Resonate and Tapad's technologies equips mobile app brands with insights into their consumers' values, beliefs, motivations and purchase drivers. As a result, mobile app brands will better understand how to tailor messaging, drive advertising engagement, increase lift in performance across mobile consumers and ultimately boost revenue and returns. Utilizing the advanced data that the Tapad Device Graph™ provides, Resonate will create an Identity Service that connects mobile IDs to Resonate IDs for reporting insights both in-platform and out. To date, Tapad and Resonate have already driven incremental device connections for nearly 60 percent of customer profiles with an amplification rate of more than 120 percent, resulting in more than 400 million net new IDs within Resonate's user base. "After testing multiple partners over the course of 12 months, it was clear that Tapad was the partner for us, given their ability to provide cross-device connectivity for more than one billion unique IDs against our consumer base," said Joel Pulliam, SVP and chief product officer at Resonate. "In addition, Resonate customers have an inherent trust in Tapad's mix of probabilistic and deterministic mobile connectivity data to provide a unified understanding of their mobile audiences." "Partnering with Resonate will not only provide its brands with a more in-depth and actionable understanding of its consumers, but it will also allow our clients to connect with mobile consumers on a deeper level," said Pierre Martensson, SVP and GM of Tapad's global data division. "Resonate is not just answering the question of 'how' consumers are making purchases, but also tackling the more difficult question of 'why' they make certain buying decisions to best inform mobile brands about their audiences." Contact us today