Martech Starter Kit
Media Trust

The Media Trust Digital Vendor Risk Management Service

By Jason Compton | 10.17.17

What was The Media Trust’s motivation for launching its Digital Vendor Risk Management Service?

A single web page view can comprise data and code delivered from dozens of partners and media companies. So, ensuring consistent compliance with data and privacy protection can be difficult—especially since there’s no singular webmaster handcrafting each page. The Media Trust, which provides a range of data protection and malware prevention solutions to enterprises, wanted to devise an automated way to audit the code being served to end viewers.

Digital Vendor Risk Management (DVRM), available to clients of The Media Trust’s broader-based data protection services, inspects the way simulated users in multiple locations and platforms experience the site. It then looks for policy violations created by the many cookies, scripts, and other payloads found in today’s highly complex pages.

What marketing problem does it help tackle?

As a compliance solution, DVRM is focused more on staying out of trouble than directly attracting new customers or boosting conversions—though the latter may be an added benefit, especially in the case of the mobile customer experience. With the EU’s General Data Protection Regulation (GDPR) set to take effect in May 2018, companies are warily eyeing the penalties for compromising personally identifiable information. These range from warnings and audits to tens of millions of euros, and marketers can be held liable for privacy breaches far less severe than an outright database hack.


The service is meant to shine a brighter light on potential gaps in both security and anonymization. “You want to find [those gaps] before you get penalized with a four-percent-of-revenue hit,” says Alex Calic, the Media Trust chief revenue officer.


What opportunities does it help marketers grasp?

A side benefit of deep page content audits such as those provided by DVRM is the ability to weed out misbehaving partner code that may be unnecessarily slowing page render times and provoking abandonment.


What does it take to add this product to a marketing organization’s existing tech stack?


  • Estimated implementation timeframe – This varies by company, but two weeks of implementation and refinement is typical.

  • Integrations – As an inspection and auditing service, the DVRM component does not directly place new code on an enterprise site. The Media Trust handles integrations with ad servers.

  • Dedicated administrator? – No, the Media Trust provides support and administration.

  • Typically, who are the users – Core leadership of the digital customer experience.

  • Typical number of users – Three or four users with direct access to ongoing scan data, but dozens in the organization may receive email alerts of potential vendor misbehavior.

  • Amount of initial training for users – Provided as needed to users who require guidance with the analysis and reporting tools.

  • Data sources – DVRM does not itself inspect data sources, it analyzes the behavior of website content and code.

  • Notable process changes – None


Can you test the product before purchase?

Yes, the vendor will provide try-before-you-buy DVRM monitoring for evaluation purposes.

Who “owns” it over time and where does it sit?

The initial commitment may come from a security and compliance function, digital content delivery, or marketing, which typically goes on to own the relationship over the long term—but all three groups have a stake in the results. “We’re trying to pull disparate teams together to, at a minimum, co-own the solution,” Calic says.


What’s the enterprise pricing model?

Pricing is based on the number of third parties delivering content and code to an enterprise site. The solution is appropriate for sites at a scale delivering 1 million or more unique views per month.


What’s the projected time to ROI?

No specific ROI calculation is available. ROI can be calculated in the form of avoided legal penalties, or, in the event of badly behaved partner code discovered and removed from the site, in the form of reduced site outages or improved page load times.


What’s the solution’s competitive advantage?

Combining the goals of increased compliance with enhanced user experience. “Mobile web brought us back to the bad days of dialup, because we could see that big files and code are being loaded for no reason at all. Finding it and getting rid of it improves usability and is a direct reflection on a [brand],” Calic says.


What’s the word from a beta customer?

“At Auto Trader, we believe that the new data protection legislation is a strong move towards creating greater transparency and trust, concepts we champion. In addition to an in-house risk and compliance team, we also work with partners to ensure that we are fully prepared for GDPR. The Media Trust’s DVRM solution will provide greater visibility across our digital data assets, and tools we can use to better manage digital vendor activity,” Lara Izlan, director of Commercial Platforms & Operations at Auto Trader UK, states in The Media Trust press release.


Where can I find more information?

Check out The Media Trust GDPR compliance splash page.

Download a PDF version of this article.

About the Author

Ginger Conlon found freelance writer Jason Compton shoved in a desk drawer by her predecessor at CRM magazine. He has covered CRM and marketing topics extensively since 1999, largely in her service.

Find him at @jpcwrites and on LinkedIn