The SOC report is a System and Organization Controls (SOC) service audit report formulated by the American Institute of Certified Public Accountants (AICPA), which includes three forms: SOC1, SOC2, and SOC3. Among them, SOC2 is a standard dedicated to data security and privacy protection. The SOC2 report is recognized as the world’s most authoritative and professional report on data security, which can accurately reflect the data security realities of the audited company.
The SOC2 audit was performed by one of the Big Four accounting firms, who assessed the design suitability and implementation effectiveness of control measures concerning security, availability, process integrity, confidentiality, and privacy of services such as Mobvista’s top media advertising solutions, programmatic advertising solutions, network-wide traffic aggregation marketing solutions, SpotMax central technology platform, and mobile analytics solutions. Obtaining the SOC2 Type1 audit report indicates that Mobvista fully complies with the SOC2 standard and is at the forefront of the mobile internet marketing field in terms of data security.
With the development of the internet industry and technological innovation, the amount of internet-based content has grown exponentially, and with it, the amount of personal information, resulting in increasingly prominent data security concerns. According to security intelligence provider RBS (Risk Based Security), there were 7,098 data breaches worldwide in 2019, involving 15.195 billion data records. At the same time, the costs associated with managing and fixing data breaches have also risen. According to the annual Cost of a Data Breach Report published by IBM Security, the average cost for a data breach is now $3.86 million, down 1.5% compared to 2019. However, in cases where more than 50 million consumer records are involved, the costs associated with “mega” data breaches will likely be as high as US$392 million, up from US$388 million in 2019.
There are many reasons for corporate data leakage. According to statistics from the Secsmart Research Center for Information Security and Strategy, 71% of the data leaks are caused by the lack of data access control, and 36% is caused by improper data handling. Other reasons include unapproved data operations, and unauthorized data access, among others.
Fortunately, as users’ awareness of data security continues to improve, companies are taking data security more seriously.
According to Mobvista CFO Sean Song, the mobile marketing industry is inextricably linked to data. As a global mobile advertiser, data security is a top priority for the Mobvista Group’s business growth and development. The SOC2 audit enables the company to build a bridge of information security that will meet regulatory compliance requirements while also increasing customer trust.
How can a company secure its data? First of all, the company must have full-fledged management policies, which cover all management details of the company, including background information of key personnel, the scope of data access within the company, and so on. In addition, the company must establish effective management mechanisms, such as committees comprised of board members. SOC2 is currently one of the most authoritative auditing standards for identifying whether a company’s relevant mechanisms are sound. Only companies that meet the SOC2 audit standard can obtain relevant reports.
It should be noted that in addition to corporate governance, external policies and regulations are also constantly urging companies to increase their data security efforts. According to incomplete statistics from the iYiou think tank, there are currently 126 countries and regions in the world that have formulated laws dedicated to personal data protection. Outside China, the European Union’s General Data Protection Regulation (GDPR) and the U.S. California Consumer Privacy Act (CCPA) of 2018, both require companies to adopt protection measures to ensure data security. In China, there are laws and regulations like the Cyber Security Law and the Measures for Security Assessment of Outbound Provision of Personal Information and Important Data, among other laws and regulations which govern the data security standards at the company-level. The upcoming Personal Information Protection Law and Data Security Law will undoubtedly impose higher requirements on corporate data security.
“Mobvista has always placed great emphasis on data compliance in all the markets we operate around the world. Since 2018, we have successfully implemented the GDPR compliance upgrade and applied COPPA certification for the Group’s programmatic interactive advertising platform Mintegral, our performance-oriented marketing platform Nativex, and our mobile game data analysis platform GameAnalytics,” Song explained. “The rationale behind the SOC2 audit is that we actually believe that it is not enough to just comply with the general regulatory requirements in terms of data security and privacy protection. Mobvista needs to set the pace by being a responsible company, from a corporate, as well as a social point of view and we will continue to invest more in this area.”
The SOC2 audit covered all Mobvista businesses, including Mintegral, Nativex, and GameAnalytics. Song emphasizes that the COVID-19 pandemic at the beginning of the year has profoundly changed the landscape of the marketing industry, as companies are paying more attention to the results of their marketing campaigns. In this context, a digitally-driven, transparent, and compliant Mobvista is positioned to become the ideal partner for advertisers around the world.
Mobvista has established a presence in 18 cities around the world, with more than 700 employees serving customers in 85 countries and regions around the world.