// Trust & Security Report

    Cision Ltd. / Cision Inc. logo

    Cision Ltd. / Cision Inc.

    CisionOne platform for media monitoring, analytics, journalist outreach, and social listening; includes PR Newswire (press release distribution), Brandwatch (social intelligence), and Streem. Suite of integrated PR and communications tools serving 100,000+ professionals across 24 countries.

    Certifications held

    2

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    These data centers have completed a Service Organization Controls (SOC) 2 Type II audit.

    Verify on prnewswire.com
    GDPR Compliance
    HELD

    Cision Ltd. is the data controller responsible for your personal data. The company has a data protection officer (DPO) responsible for data privacy compliance. Cision will notify customers within 36 hours after becoming aware of a Personal Data Breach and assist customers in complying with obligations to notify a supervisory authority.

    Verify on privacy.cision.com
    > Show 4 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found on Cision's domain. Search results show other vendors announcing ISO 27001 through Cision's news distribution service, not Cision itself.

    source: cision.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification or compliance program found on Cision's domain or security documentation.

    source: cision.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP certification found on Cision's domain.

    source: cision.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification found. Cision does employ AI features in their products but does not claim AI governance certification.

    source: cision.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    EU and UK (hosted on Google Cloud Platform)

    Cision explicitly states: 'We do not use any Personal Data that we have collected to train either our own AI models or any 3rd party AI models that power our AI features.' Personal data is not used for AI training; AI features are used to summarize, tag, classify, and search public data sets. AI features are labeled when users engage with them.

    // Security controls

    Encryption in Transit

    Cision continually works to develop products that support the latest recommended secure cipher suites and protocols to encrypt traffic while in transit.

    prnewswire.com

    Encryption at Rest

    Cision encrypts any non-public information they process, handle, or store at rest.

    prnewswire.com

    Security Framework

    Cision follows the NIST Cybersecurity Framework with layered security controls to help identify, prevent, detect, and respond to security incidents.

    prnewswire.com

    Business Continuity

    Cision implements a disaster recovery program at all data center locations with multiple components to minimize risk of single points of failure. Application data is replicated to multiple systems within the data center and in some cases to secondary backup data centers that are geographically dispersed.

    prnewswire.com

    Physical Security

    Access to areas where systems or system components are installed or stored are segregated from general office and public areas. Cameras and alarms are centrally monitored 24/7 for suspicious activity, with facilities routinely patrolled by security guards.

    prnewswire.com

    Network Security

    Next generation firewalls deployed within data center and remote office sites monitor outbound communications for unusual or unauthorized activities.

    prnewswire.com

    Breach Notification

    Cision will notify customers within 36 hours after becoming aware of a Personal Data Breach and assist customers in complying with obligations to notify a supervisory authority of any Personal Data Breach.

    privacy.cision.com

    // Products & data scope

    CisionOneMedia Intelligence & Monitoring

    data: Public media coverage, social media, print, online, TV, radio, podcasts, magazines. Customer usage data for analytics and reporting.

    All-in-one platform for PR and communications teams. Core features: media monitoring, analytics, instant insights & reporting, journalist outreach, social listening, engagement. Data hosted on Google Cloud Platform (EU/UK regions).

    PR NewswirePress Release Distribution

    data: Press release content, distribution recipient data, campaign analytics

    Press release distribution and monitoring platform. SOC 2 Type II compliant per vendor statement.

    BrandwatchSocial Intelligence

    data: Public social media and web data, customer query and analysis data

    Social listening and intelligence platform. Part of Cision suite.

    StreemMedia Monitoring

    data: Media coverage data, customer usage patterns

    Media monitoring and tracking product.

    Country-specific productsLocal Media Intelligence

    data: Country-specific media coverage and journalist databases

    LuQi (France), Datapresse (France), Europresse (Europe), and other regional offerings for local media monitoring and coverage.

    // What to watch

    • SOC 2 Type II certification is at the data center/infrastructure level (Google Cloud Platform) rather than a direct Cision product certification - this is typical for SaaS vendors but should be noted for compliance tracking.
    • Security Statement page (https://www.cision.com/legal/security-statement/) returns HTTP 403 Forbidden, limiting public access to detailed security documentation. This is a transparency gap despite the company's actual security practices being solid.
    • No ISO 27001 certification despite enterprise maturity and significant EU/GDPR presence. ISO 27001 is the dominant certification for enterprise vendors in EMEA regions. Not a red flag per se, but worth noting for procurement evaluations that require ISO 27001.
    • No HIPAA certification - relevant for healthcare/pharma customers. Cision is not positioned as a HIPAA-eligible vendor.
    • AI features are implemented but customer personal data is explicitly not used for AI model training. This is a positive privacy stance, clearly documented.

    // At a glance

    Pricing model

    Subscription-based SaaS (tiered packages, custom enterprise pricing available)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Cision Ltd. / Cision Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    privacy.cision.com

    > Browse all vendor trust reports