As the oft-quoted expression goes, “With great power comes great responsibility.” Data holds the greatest of power in today’s business landscape. For the marketing partners you’ve entrusted your customer’s data to, safeguarding this information requires the utmost responsibility. 2017 saw a record 1,579 data breaches that exposed the personally identifiable information of hundreds of millions of consumers to scammers. From Equifax to Yahoo to fast food chain Sonic and even Gmail, no vertical is immune. Customer data is what powers the personalized marketing consumers have come to expect across all channels. To plan and execute these personalized efforts, companies employ a host of third-party partners, who by nature of their support, gain access to the company’s customer data.This access makes it vital not only for your organization to have customer data security measures but for your marketing partners to maintain equal or greater measures themselves. As the cost of a data breach grows well into the millions, even for “small” breaches, it is imperative for companies to verify the presence and utilization of well-defined procedures and practices that monitor for unusual, unauthorized or suspicious activity related to the access and use of customer data. One such validation is achievement of the AICPA’s Service Organization Controls (SOC) 2, designed to measure how well a service organization controls its information.
What is SOC 2® and why does it matter?
Considered a technical audit, SOC 2 requires that companies who receive, process, and store customer information establish and follow strict information security policies and procedures that encompass the security, availability, processing, integrity and confidentiality of customer data. The result of the audit, performed by an independent certified public accountant, is a report verifying the existence of an organization’s data security measures. Within SOC 2 there are two levels of reports:
SOC 2 Type I
Type I reports simply confirm that a company has been audited and found to have data security policies stated and in operation at a particular point in time.
SOC 2 Type II
Type II reports result from an audit lasting six-months or longer, validating that the stated polices are both in place and consistently followed. These reports are deemed more comprehensive and indicative of a higher level of security proficiency than Type I reports when considering a service provider’s credentials.
Validating your marketing partners’ data security measures
To validate that your marketing partners are responsibly protecting your customer data by achieving SOC 2, ask these important questions: 1. Has your organization completed a SOC 2 audit? Ask to see a copy of the independent auditor’s report. The final report identifies not only the processes and procedures in place but identifies two outcomes: Qualified – Meaning SOC standards are met with some exceptions Non-Qualified – Meaning all security controls meet the SOC standards without exception. 2. When was your report issued? SOC 2 reports do have an expiration date. If an organization’s report is more than a year old, it is no longer accepted as being valid. 3. Is your organization Type II? To reiterate, Type I reports mean an independent auditor has confirmed that a company has stated regulations in place and functional at a given point in time. Type II reports mean an independent auditor has assessed the company and validated that they have both stated regulations in place and that these regulations are consistently followed. As a leading provider of highly personalized 1:1 direct mail, we consider securing our client’s customer data the highest priority. That’s why we’ve gone above and beyond industry standards to achieve the highest SOC data security classification – SOC 2 Type II Non-Qualified. “Meeting this elevated standard underscores SG360°’s commitment to protecting our customer’s data,” says Dan Taylor, SG360°’s Chief Technology Officer. “By continuously establishing that our systems meet the SOC 2 Type II classification, we can confirm without a doubt that our customer’s information is secure.” Delivering relevant 1:1 messages at all points along the customer journey means ensuring the trust and confidence of our customers and our customer’s customers. Make sure your marketing partners are treating your customer data with the same regard and priority. Want to learn more about our stringent data security and operations standards?
Written by Jeana Garms
Director of Marketing at SG360°. A seasoned marketer experienced in designing and executing omnichannel marketing campaigns that combine the spectrum of marketing channels to drive desired actions and achieve results.