Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant.
Two information security certifications you can trust
Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust?
- The International Organization for Standardization (ISO) 27001
- The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC)
International Organization for Standardization (ISO)
27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information
System and Organization Controls (SOC)
The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle.
SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems.
Why ISO 27001 and SOC 2 are important
The value of these third-party attestations is two-fold:
- Organizations can show they have passed an independent external audit
- Third-party attestations save organizations the time of having to do their own audits
In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do.
Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk.
So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance.
We’re powered by decades of setting standards in marketing services
At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year.
The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers.
Contact us today
About our expert
Ben Rothke, Senior Information Security Manager
Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine.
Latest posts
Commerce media networks have had a strong start. Growth has been fast, demand has been strong, and brands have made it clear they want closer access to commerce-driven audiences. But as more networks mature and enter the space, many are starting to feel the same pressure point: scale. Most commerce media networks were built as managed service businesses. That model works well early on. High-touch, white-glove partnerships make sense when you’re working with a handful of strategic brands. But there’s a ceiling. There are only so many teams, only so much inventory, and only so many advertisers that model can realistically support. It’s one thing for a large retailer to build custom programs for a P&G. It’s another to do that at scale for hundreds or thousands of brands. At some point, growth slows, not because demand disappears, but because the model can’t stretch any further. The scale problem no one likes to talk about That’s where many commerce media leaders find themselves today. Pausing to assess what comes next. For a long time, growth has been measured almost entirely through media dollars. That mindset is understandable. Media is familiar, it's easy to quantify. It shows up clearly in negotiations and revenue reports. But viewing commerce media networks purely as media sales engines creates long-term risk. It can strain brand relationships, limit innovation, and distract from what commerce media networks actually do better than almost anyone else: understand consumers deeply. Signals are the real asset Commerce platforms sit close to decision-making. They see what people search for, what they consider, what they buy, and when those behaviors change. Those signals are incredibly powerful. And yet, most networks only activate them inside their own walled environments. That’s a missed opportunity. Curation represents the next area of growth for commerce media networks, and it doesn’t require replacing or diminishing existing media revenue. In fact, it complements it. No single commerce media network has all the data needed to give advertisers the scale and reach they're looking for. And no advertiser wants to recreate the same audience in dozens of disconnected platforms. That friction creates inefficiency and slows decision-making. Why collaboration supports sustainable growth The opportunity is to look beyond first-party data alone and start thinking about collaboration. Second-party data. Data partnerships. Signal sharing done responsibly and transparently. Imagine an advertiser defining an audience once and being able to understand and reach that audience across multiple commerce environments. Not through a series of disconnected buys, but through a more consistent approach built on shared understanding leading to increased reach and more impactful campaigns. That’s easier for advertisers to manage, and it creates an additional revenue stream for commerce media networks that complements media sales rather than competing with them. Curation strengthens media, it doesn't replace it Media will always play an important role. There is clear value in custom experiences tied directly to a commerce environment. Think buyouts, sponsored experiences, custom creative integrations. Those are situations where brands want to work closely with the network itself. But the signals commerce media networks hold don’t need to be limited to those moments. Those signals can be monetized independently through data products, co-ops, and partnerships that extend their value into other channels. That’s how curation adds value without undercutting existing revenue. A practical path forward for commerce media leaders For commerce media leaders thinking about their next phase of growth, the focus should be on sustainability. Building a massive media operation takes time and investment. Data-driven revenue streams can be introduced more quickly, require fewer internal resources, and provide steadier margins. It’s a practical approach. Use signal-based revenue to fund growth. Let that revenue support investment in tooling, talent, and media innovation over time. Bootstrapping, in the truest sense. Why transparency matters early There’s also a broader responsibility here. In many advertising channels, transparency followed growth, often after pressure from the market. Commerce media networks have an opportunity to do this differently. To lead with transparency from the start. To be clear with brands and consumers about how data is used, how signals are created, and how value flows through the ecosystem. Because the reality is this: commerce media networks are holding some of the most valuable intent signals in the market today. But those signals don’t retain their value in isolation. If they aren’t enhanced, combined, and made accessible in the right ways, someone else will step in to do it. And when that happens, control shifts away from the source. The bottom line The next chapter of commerce media isn’t just about selling more media alone. It’s about recognizing the value of the signals already in hand, working together to make them more useful, and building additional revenue streams that support long-term growth. That’s how commerce media networks grow without eating their own lunch. About the author Kevin Dunn Chief Revenue Officer, Experian Kevin Dunn joins Experian Marketing Services with more than 20 years of leadership experience across marketing and advertising technology, most recently serving as Senior Vice President of Brands and Agencies at LiveRamp. In that role, he led growth across retail, CPG, travel, hospitality, financial services, and healthcare, overseeing new business, account expansion, and channel partnerships. Kevin is known for building cohesive, accountable teams and leading with optimism, clarity, and a strong sense of shared purpose. His leadership philosophy centers on empowering people, driving positive outcomes for clients and fostering a culture where teams can grow, take smart risks, and succeed together. Latest posts
Learn why programmatic curation is becoming the standard for privacy-first, performance-driven media buying in 2026.
Learn how energy and utility marketers use Experian Audiences to reach households based on energy usage, sustainability interest, and tech adoption.