Committed to security and compliance
Information Security Program
Security is a top priority for Cognism because it’s fundamental to everything we do, our customers and our product.
For this reason, Cognism aims to achieve the highest standards of security. Our security and compliance teams are dedicated to maintaining parity with ISO 27001 and SOC2 frameworks.
Certifications, Regulations and Standards
Cognism is certified for ISO 27001 and ISO 27701, we’re also attested for SOC2 Type II in both security and availability.
Cognism proves its ongoing commitment to data privacy and compliance with new ISO 27701 certification.
Our data security and protection procedures go
above and beyond industry requirements.
Cognism has dedicated security and compliance teams. Incident management is handled by the security team.
- Encryption: Cognism has a number of security controls in place to ensure the data is protected in transit and at rest. Our encryption policy mandates the use of HTTPS for data in transit, with TLS1.3 and TLS1.2 cypher suites. The data at rest is protected by AES-256. The AWS Security Manager is used to automate the security key management process.
- Segmentation: Cognism products logically segregate customer data.
- Backup and Recovery: Cognism has an automated backup process, and recovery procedures are tested quarterly. Our RPO and RTO goals are set to 24 hours.
- Retention and Deletion: Customer data is not kept longer than is necessary. The data is deleted upon contract termination.
Cognism is keen on maintaining a mature Software Development Life Cycle (SDLC). Security is involved in each part of the SDLC:
- Secure Development - Tracking code coverage, code security, code quality, software dependencies, SAST usage.
- Secure Build - Automated build procedures, tracking software dependencies.
- Secure Deploy - Change management procedures, multiple approvers.
- Secure Runtime - Usage of IDS and IPS tools, infrastructure monitoring, alerting, and reporting.
Cognism performs background checks prior to employment. The process differs based on laws, regulations, and local practices in different jurisdictions.
All employees are required to attend the security training during onboarding, and a refresher training occurs yearly after. Additionally, employees are undergoing specific technical training based on their roles and project involvement.
Bug Bounty Program
Cognism runs an open bug bounty program. Please check the scope, rules, and rewards on our Bug Bounty page
Cognism leverages a 3rd party penetration testing to complement security practices. Penetration testing is performed at least annually for the products and infrastructure.
Service Availability and Resilience
Cognism understands the criticality of service availability. To provide the best possible service to our clients we:
Maintain our public status page
Utilizing AWS cloud security for our critical physical infrastructure
Utilizing Cloudflare’s DDOS and WAF protection
Follow the best practices of Amazon Web Service to host our critical infrastructure
Follow the industry's best practices for disaster recovery and business continuity
Cognism is covered by insurance for cyber security incidents. The policy covers data, crisis containment, property, and liability.
Your data is important to us and belongs to you. More information on what data we collect, what we do with it and how you can opt-out is in the links below.