Security is fundamental to how Cognism operates - across our product, our data, and our customers.
Cognism maintains a comprehensive information security program aligned with ISO 27001 and SOC 2 frameworks, supported by dedicated security and compliance teams.
Our security controls are designed to meet recognised industry standards and support enterprise requirements.
Cognism has dedicated security and compliance teams. Incident management is owned and operated by our security team.
Encryption:
Data is encrypted in transit and at rest. HTTPS is enforced using TLS 1.2 and TLS 1.3. Data at rest is protected using AES-256. AWS Key Management Service is used to manage encryption keys.
Segmentation:
Customer data is logically segregated across Cognism products.
Backup and Recovery:
Backups are automated, with recovery procedures tested quarterly. Recovery point and recovery time objectives are set to 24 hours.
Retention and Deletion:
Customer data is retained only as long as necessary and deleted following contract termination.
Cognism follows a structured Software Development Life Cycle (SDLC) with security integrated throughout.
Code coverage, security testing, code quality, dependency tracking, and SAST.
Automated build processes with dependency tracking.
Controlled change management with multiple approvers.
Infrastructure monitoring, alerting, reporting, and use of IDS and IPS tooling.
Cognism maintains separate environments for testing, staging, and production.
Access is granted based on least privilege and need-to-know principles.
Background Checks:
Background checks are conducted prior to employment, in line with local laws and regulations.
Workforce Training:
All employees complete security training during onboarding, with annual refresher training.
Role-specific technical training is provided where required.
Penetration testing:
Independent third-party penetration testing is conducted at least annually across products and infrastructure.
Cognism maintains infrastructure and processes to support service availability and resilience:
Cognism maintains cyber security insurance covering data, crisis containment, property, and liability.
Privacy Policy
Your data remains yours.
Details on data collection, usage, and opt-out are available below:
Cognism holds the following certifications and attestations:
%20(1).png?width=1000&height=1000&name=ISO-TMP-07-20250909-v2.0-27701-2019%20(1)%20(1).png "ISO-TMP-07-20250909-v2.0-27701-2019 (1) (1)")
Cognism proves its ongoing commitment to data privacy and compliance with new ISO 27701 certification.
Built for organisations operating in regulated markets, with compliance-first data practices and independently audited controls.
GDPR
Fully aligned with EU data protection regulations and privacy-first data handling.
CCPA
Compliant with US state-level privacy laws including California regulations.
DNC & TPS Screening
Automatic suppression against global Do-Not-Call and TPS lists.
ISO 27001 & 27701
Certified information security and privacy management frameworks.
SOC 2 Type II
Independently audited controls for data security and operational integrity.
