Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Global Engineering Team Staffing Up New Oslo Hub; Nordic Operational Team Also Slated for Q1'17 NEW YORK, Jan. 11, 2017 /PRNewswire/ – Tapad, now a part of Experian, the leader in cross-device marketing technology, is opening an office in downtown Oslo, Norway, effective January 16, 2017. This development reflects Tapad's continued growth following its acquisition by the Telenor Group in early 2016. Tapad Oslo will be comprised of a globally-focused engineering team as well as an upcoming operational headquarters for the region. Jeff Olchovy, a senior Tapad developer and one of its earliest employees, will forge the company's Nordic engineering presence by supporting the build-out of the team. The initial hiring plan of more than 20 open positions includes roles such as Head of Engineering, Senior Software Engineers and Solution Engineers. Plans for Tapad's Nordic Region business line, including its leadership, will be announced within the first quarter of 2017. "Given the caliber of technical talent and our extensive network in the region, Oslowas the logical choice at this stage of our growth," says Dag Liodden, Tapad CTO and co-founder. "This enables us to continue building out our innovative team on a global scale in a region that is close to our hearts and minds." In collaboration with its New York-based developers, Tapad's Oslo-based engineers will continue to advance the company's renowned product portfolio, such as the Tapad Device Graph™. An early adopter of Scala and big data processing technologies, Tapad has long been an influencer in U.S. tech. "As the head of our platform group, which daily processes several petabytes of data and is the foundation for all of our real-time systems, Jeff is a highly respected engineer," said Pål Høye, Tapad's senior vice president of engineering. "Given his experience and skillset, he is ideally suited to find and lead an innovative team focused on building the industry-leading products we are known for." About TapadTapad Inc. is a marketing technology firm renowned for its breakthrough, unified, cross-device solutions. With 91.2% data accuracy confirmed by Nielsen, the company offers the largest in-market opportunity for marketers and technologies to address the ever-evolving reality of media consumption on smartphones, tablets, home computers and smart TVs. Deployed by agency trading desks, publishers and numerous Fortune 500 brands, Tapad provides an accurate, unified approach to connecting with consumers across screens. In 2015, Tapad began aggressively licensing its identity management solution, the Tapad Device Graph™, and swiftly became the established gold-standard throughout the ad tech ecosystem. Tapad is based in New York and has offices in Atlanta, Boston, Chicago, Dallas, Detroit,Frankfurt, London, Los Angeles, Miami, Minneapolis, San Francisco and Toronto. Tapad's numerous awards include: EY Entrepreneur of The Year (East Coast) 2014, among Forbes' Most Promising Companies two year's running, Deloitte's Technology Fast 500, Crain's Fast 50, Entrepreneur 360, Digiday Signal Award, iMedia ASPY Award and a MarCom Gold Award. Contact us today
Are Traasdahl, CEO and founder of Tapad, the leader in cross-device marketing technology and now a part of Experian, has been named Founder of the Year by the Global Startup Awards. The Global Startup Awards' Founder of the Year Award recognizes an individual that has pushed the boundaries of technology to empower new innovations and ideas. The Global Startup Awards places each year's regional category winners against each other to determine whose achievements stand out from the rest of the startup ecosystem through nomination, voting and jury evaluation. In May 2016, the Nordic Startup Awards named Traasdahl Founder of the Year. "Are is a force of nature and his creativity and passion know no boundaries, it seems," said George Tilesch, Global Startup Awards juror and U.S. managing partner of Innomine Group. "Extra kudos for the mentoring work and the Norwegian superfund plans. Are knows giving back is of the utmost importance." "Are is a superstar within the Norwegian startup ecosystem," said Kim Balle, founding partner and CEO of the Global Startup Awards. "From the jury feedback I could see that not only are his impressive achievements the reason for their rating, but also his focus and ability to give back to the startup scene played an important factor in him winning the category." "It is an enormous honor to be named Founder of the Year by the Global Startup Awards," said Traasdahl. "I am so committed to fostering entrepreneurship both at Tapad and throughout the startup space. This win is a remarkable bookend for a stellar year that began with our acquisition by the Telenor Group and continued with best-in-class product innovation, superior solutions for our clients and our Propeller Program that is so dear to my heart." Tapad's Propeller Program hosts five early-stage companies at Tapad's New York headquarters for one year to mentor them through global expansion. The participants of this inaugural program come from Traasdahl's native Norway. For more information on the Global Startup Awards, please visit: http://www.globalstartupawards.com/#gsa. Contact us today
NEW YORK, Nov. 29, 2016 /PRNewswire/ — For the second consecutive year, Tapad, part of Experian, has been listed among Deloitte's Technology Fast 500™, a ranking of the 500 fastest-growing technology, media, telecommunications, life sciences and energy tech companies in North America. Tapad, number 147 on the 2016 Deloitte list, is the leading provider of unified, cross-device marketing technology solutions. "It is an honor to once again be recognized by Deloitte for our growth and momentum, particularly given the stature of the other technology companies on the list," said Are Traasdahl, founder and CEO of Tapad. "Our product innovation, particularly in TV analytics and measurement, is a major contributor to our progress. I'm extremely proud of our hard-working, talented team for continually executing at such a high level." "Today, when every organization can be a tech company, the most effective businesses not only foster the courage to explore change, but also encourage creativity in using and applying existing assets in new ways, as resourcefully as possible," said Sandra Shirai, principal, Deloitte Consulting LLP and U.S. technology, media and telecommunications industry leader. "This ingenious approach to innovation calls for the encouragement of curiosity and collaboration both within and outside the office walls." "This year's Fast 500 winners showcase that when organizations are open to diverse perspectives and insights, they are able to create an environment for their employees and customers to see the possibilities and ingenious solutions that might lie ahead," added Jim Atwell, national managing partner of the emerging growth company practice, Deloitte & Touche LLP. "Entrepreneurial environments foster change and innovation within businesses, and we look forward to watching these companies continue to drive change across all sectors." Contact us today