Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Tracey Scheppach's new marketing and media practice leverages Tapad's device-level data to help clients achieve "marketing nirvana" NEW YORK and CHICAGO, April 5, 2017 /PRNewswire/ — Today, Tapad, now part of Experian, is the leading provider of unified, cross-screen marketing technology solutions, and Matter More, a next generation marketing and media practice with deep experience in the advanced TV space, announced a strategic partnership to bring together world class digital data and audience development expertise to help marketers improve how they connect with consumers. As consumer behavior continues to expand across multiple devices, today's marketers need robust, comprehensive data solutions to accurately engage the people who matter most to their brands. At the same time, the TV industry has reached an advertising tipping point, capitalizing on the power of device-level data. "Achieving unduplicated reach and frequency across all channels with true addressability, and the ability to measure outcomes, is marketing nirvana," says Tracey Scheppach, CEO and co-founder of Matter More, a new agency built for the modern age. "The best opportunity to deliver 'marketing nirvana,' at scale, is by partnering with Tapad and using their world-class Device Graph to help our clients simply matter more to the people they care about most." "By leveraging our access to rich TV data, we can now measure the actual performance of media across channels," says Marshall Wong, SVP, TV for Tapad. Tapad's proprietary Device Graph™ unifies consumer behavior data across all devices, uncovering the interests, passions and behaviors of the audiences who matter most. As with any data solution, privacy, transparency and trust are crucial to bringing marketers a solid offering that delivers results. "Tapad is excited to partner with Matter More to tap into their knowledge base and experience working with some of the largest brands on TV today," says Kate O'Loughlin, SVP and GM of Tapad's media division. "The time has come to truly unleash the power of device-level data at scale." Contact us today
Ensure you understand privacy compliance pitfalls with special attention on shopping cart abandonment emails.
Partnership combines customer connections and cross-device scale to deliver more strategic customer insights NEW YORK AND CHICAGO — March 16, 2017 – Signal, the global leader in customer identity, today announced a partnership with Tapad, now part of Experian and the leading provider of unified, cross-screen marketing technology solutions. This global integration extends device connectivity for Signal’s clients across North America, APAC and EMEA by leveraging Tapad’s proprietary Device GraphTM. With Signal’s Customer Identity Solution, brands benefit from more visibility of known customers, lower costs to reach those customers and decreased expenses and data loss that often results from using multiple vendors. Integrating with Tapad’s Device Graph, which connects billions of devices, enables Signal clients to build an even broader view of their known customers across multiple devices. This integration combines Signal’s customer identity scale with Tapad’s device scale to expand the reach of addressable media channels and enhance customer journey insights across touchpoints. Tapad and Signal were able to drive incremental device connections for more than 65 percent of customer profiles, linking an average of 6.8 browsers and devices per customer. With this combined data set, Signal clients can expand their authenticated view of a customer to all associated devices and realize more strategic insights into their high-value users. The partnership also allows Signal’s clients to integrate in real-time with Tapad’s media platform, Unify. This proprietary technology enables advertisers to make real-time activation and buying decisions with maximum scale, as well as automated reporting and measurement. “Continuously recognizing customers across devices instantly and in a privacy-safe way is essential for marketers to stay competitive,” said Marc Kiven, founder and CRO of Signal. “We are thrilled to enter this unique, global partnership with Tapad, enabling our clients to access their technology and more effectively reach customers in real-time and at scale.” “Being able to leverage a persistent view of customer connections across devices is a huge challenge for brands,” said Pierre Martensson, SVP and GM of Tapad’s global data division. “With Tapad, Signal is now able to connect with the billions of existing data points in our device graph to help clients better understand customer behavior and realize even stronger customer engagement.” Contact us today