Skip to content
Committed to security and compliance

Information Security Program

Security is a top priority for Cognism because it’s fundamental to everything we do, our customers and our product.

For this reason, Cognism aims to achieve the highest standards of security. Our security and compliance teams are dedicated to maintaining parity with ISO 27001 and SOC2 frameworks. 

security-icon

Certifications, Regulations and Standards

Cognism is certified for ISO 27001 and ISO 27701, we’re also attested for SOC2 Type II in both security and availability. 

SOC2 for service organizations logo
iso-2019-1-2
ISO_27001_Final-Logo-2
Trust_Badge-logo-2

Cognism proves its ongoing commitment to data privacy and compliance with new ISO 27701 certification.

Our data security and protection procedures go
above and beyond industry requirements.

Data Protection

Cognism has dedicated security and compliance teams. Incident management is handled by the security team.

  • Encryption: Cognism has a number of security controls in place to ensure the data is protected in transit and at rest. Our encryption policy mandates the use of HTTPS for data in transit, with TLS1.3 and TLS1.2 cypher suites. The data at rest is protected by AES-256. The AWS Security Manager is used to automate the security key management process.
  • Segmentation: Cognism products logically segregate customer data.
  • Backup and Recovery: Cognism has an automated backup process, and recovery procedures are tested quarterly. Our RPO and RTO goals are set to 24 hours.
  • Retention and Deletion: Customer data is not kept longer than is necessary. The data is deleted upon contract termination.

Product Security

Cognism is keen on maintaining a mature Software Development Life Cycle (SDLC). Security is involved in each part of the SDLC:

  • Secure Development - Tracking code coverage, code security, code quality, software dependencies, SAST usage.
  • Secure Build - Automated build procedures, tracking software dependencies.
  • Secure Deploy - Change management procedures, multiple approvers.
  • Secure Runtime - Usage of IDS and IPS tools, infrastructure monitoring, alerting, and reporting.
Cognism maintains a separate environment for testing, staging and production environments. Access to any resources follows need-to-know and least-privileges principles.

People Security

Background Checks
Cognism performs background checks prior to employment. The process differs based on laws, regulations, and local practices in different jurisdictions.

Workforce Training
All employees are required to attend the security training during onboarding, and a refresher training occurs yearly after. Additionally, employees are undergoing specific technical training based on their roles and project involvement.

Vulnerabilities

Bug Bounty Program
Cognism runs an open bug bounty program. Please check the scope, rules, and rewards on our Bug Bounty page

Penetrations testing
Cognism leverages a 3rd party penetration testing to complement security practices. Penetration testing is performed at least annually for the products and infrastructure. 

Service Availability and Resilience

Cognism understands the criticality of service availability. To provide the best possible service to our clients we:

  • Maintain our public status page

  • Utilizing AWS cloud security for our critical physical infrastructure

  • Utilizing Cloudflare’s DDOS and WAF protection

  • Follow the best practices of Amazon Web Service to host our critical infrastructure

  • Follow the industry's best practices for disaster recovery and business continuity

Cyber Security Insurance & Privacy Policy

Cognism is covered by insurance for cyber security incidents. The policy covers data, crisis containment, property, and liability. 

Privacy Policy
Your data is important to us and belongs to you. More information on what data we collect, what we do with it and how you can opt-out is in the links below.

Learn more about Cognism in a personalised demo