“For us, security is paramount. Even before all these privacy issues came along, we were always operating with the premise that every piece of data actually has to be treated like first-party identity data.”

– Shankar Venkataraman, SVP Product & Engineering at Jivox

Every organization is now having to deal with user consent and user data, which is a critical core component of digital marketing. As an industry, marketers need to be a lot more security-conscious from both a regulatory and corporate responsibility perspective.

Data processing changes are in line with privacy-first initiatives like the EU’s GDPR and the California Consumer Privacy Act (CCPA).  There is more attention on this topic than ever before, with governing bodies and the end-users expecting a level of transparency and control into how their data is used.

Brands seeking to build trust with the consumers need to ensure they are entrusting their data, especially Personal Identifiable Information (PII), with partners that comply with the strictest security and privacy standards. While this previously may have been discussed exclusively with regards to the IT infrastructure, increasingly the full marketing operations stack becomes the focus of full compliance with continued monitoring.

One way to build trust with consumers is to protect their data. To protect data, large global brands especially are now turning to SOC 2 Type 2 certification in any partner.  With the completion of this audit, Jivox is one of only two DCO platforms that are SOC 2 Type 2 certified.

SOC 2 Type 2 Is Critical – Here’s Why

The System and Organization Controls (SOC) 2 Type 2 audit is to evaluate organizations’ commitment to ensuring data privacy and security are being managed to the highest standards to represent its brands and its customers.

SOC 2 Type 2 is an independent audit that is done by a third-party agency over a period of approximately 6 months where all elements of security posture, including data centers, handling of data, encryption-decryption management processes, and certifications of those resources pertaining to personal or sensitive information.

This includes five Trust Service Criteria:

  • Confidentiality
  • Processing Integrity
  • Availability
  • Security
  • Privacy

It’s important to distinguish between the different levels of SOC 2 compliance – only SOC 2 Type 2 provides assurances that the organization has been externally audited for the measures stated above.

SOC 2 Type 1 is more common amongst DCO providers, however, this is purely self-attested, therefore it does not prove that the measures have been enforced correctly. With Type 1, how can you be sure password policies are adhered to? How can you verify that devices are kept secure?

With an externally audited SOC 2 Type 2 certification, Jivox is proud to be one of the only two providers that can offer these assurances.

Scaling Personalization With Trust

Personalizing digital advertising experiences requires evaluating the data points of thousands of users in real-time and generating relevant creatives. And for large global brands, here are three keys to choosing a SOC 2 Type 2 compliant partner that can scale personalization for a 1:1 experience—securely—with each consumer.

#1: Capacity to process user data at scale in a way that guarantees the security of that data.

#2: Enterprise security expertise in a post-third-party cookie era offering:

    • A future-proof solution to personalize based on first-party data, such as Jivox’s IQiD Identity Graph
    • GDPR-compliance, participating in the IAB Europe Transparency & Control Framework, and updated to the TCF 2.0 framework
    • Organization access rights and permissions structure, with single-sign-on for all platform users

#3: Being respectful of individual consumers’ preferences for privacy, and building trust based on each consumer’s consent to use their data.


Implementing 1P Identity: What You Need To Know About SOC 2 Compliance

How will brand marketers run personalized digital marketing campaigns, with third-party cookies phasing out and the industry transitioning to first-party identity? How can brands leverage SOC 2 Type 2 certified partners for securing the consumer’s most precious asset: their data?

Register for the on-demand webinar >>


It’s the industry-leading security & privacy compliance that makes Jivox the partner of choice for enterprise-ready personalization.

From unmatched cloud-powered scale for creative rendering and decision-making to an open API-based platform to integrate your data providers, to complex access rights & approval workflows to suit your organizational structure; Jivox is here to support you on your personalization journey. Learn more on how Jivox empowers enterprise-grade personalization.

Speak to our personalization experts. Let us help your business drive personalization at scale, securely.

Check out our webinars on identity-first personalization.

More reading from the blog.