// Trust & Security Report
Cision Ltd. / Cision Inc.
CisionOne platform for media monitoring, analytics, journalist outreach, and social listening; includes PR Newswire (press release distribution), Brandwatch (social intelligence), and Streem. Suite of integrated PR and communications tools serving 100,000+ professionals across 24 countries.
Certifications held
2
Maturity
Enterprise
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on prnewswire.com“These data centers have completed a Service Organization Controls (SOC) 2 Type II audit.”
Verify on privacy.cision.com“Cision Ltd. is the data controller responsible for your personal data. The company has a data protection officer (DPO) responsible for data privacy compliance. Cision will notify customers within 36 hours after becoming aware of a Personal Data Breach and assist customers in complying with obligations to notify a supervisory authority.”
> Show 4 unconfirmed / not-held certifications
source: cision.comNo public evidence of ISO 27001 certification found on Cision's domain. Search results show other vendors announcing ISO 27001 through Cision's news distribution service, not Cision itself.
source: cision.comNo public evidence of HIPAA certification or compliance program found on Cision's domain or security documentation.
source: cision.comNo public evidence of FedRAMP certification found on Cision's domain.
source: cision.comNo public evidence of ISO/IEC 42001 certification found. Cision does employ AI features in their products but does not claim AI governance certification.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
EU and UK (hosted on Google Cloud Platform)
Cision explicitly states: 'We do not use any Personal Data that we have collected to train either our own AI models or any 3rd party AI models that power our AI features.' Personal data is not used for AI training; AI features are used to summarize, tag, classify, and search public data sets. AI features are labeled when users engage with them.
// Security controls
Encryption in Transit
Cision continually works to develop products that support the latest recommended secure cipher suites and protocols to encrypt traffic while in transit.
prnewswire.comEncryption at Rest
Cision encrypts any non-public information they process, handle, or store at rest.
prnewswire.comSecurity Framework
Cision follows the NIST Cybersecurity Framework with layered security controls to help identify, prevent, detect, and respond to security incidents.
prnewswire.comBusiness Continuity
Cision implements a disaster recovery program at all data center locations with multiple components to minimize risk of single points of failure. Application data is replicated to multiple systems within the data center and in some cases to secondary backup data centers that are geographically dispersed.
prnewswire.comPhysical Security
Access to areas where systems or system components are installed or stored are segregated from general office and public areas. Cameras and alarms are centrally monitored 24/7 for suspicious activity, with facilities routinely patrolled by security guards.
prnewswire.comNetwork Security
Next generation firewalls deployed within data center and remote office sites monitor outbound communications for unusual or unauthorized activities.
prnewswire.comBreach Notification
Cision will notify customers within 36 hours after becoming aware of a Personal Data Breach and assist customers in complying with obligations to notify a supervisory authority of any Personal Data Breach.
privacy.cision.com// Products & data scope
data: Public media coverage, social media, print, online, TV, radio, podcasts, magazines. Customer usage data for analytics and reporting.
All-in-one platform for PR and communications teams. Core features: media monitoring, analytics, instant insights & reporting, journalist outreach, social listening, engagement. Data hosted on Google Cloud Platform (EU/UK regions).
data: Press release content, distribution recipient data, campaign analytics
Press release distribution and monitoring platform. SOC 2 Type II compliant per vendor statement.
data: Public social media and web data, customer query and analysis data
Social listening and intelligence platform. Part of Cision suite.
data: Media coverage data, customer usage patterns
Media monitoring and tracking product.
data: Country-specific media coverage and journalist databases
LuQi (France), Datapresse (France), Europresse (Europe), and other regional offerings for local media monitoring and coverage.
// What to watch
- SOC 2 Type II certification is at the data center/infrastructure level (Google Cloud Platform) rather than a direct Cision product certification - this is typical for SaaS vendors but should be noted for compliance tracking.
- Security Statement page (https://www.cision.com/legal/security-statement/) returns HTTP 403 Forbidden, limiting public access to detailed security documentation. This is a transparency gap despite the company's actual security practices being solid.
- No ISO 27001 certification despite enterprise maturity and significant EU/GDPR presence. ISO 27001 is the dominant certification for enterprise vendors in EMEA regions. Not a red flag per se, but worth noting for procurement evaluations that require ISO 27001.
- No HIPAA certification - relevant for healthcare/pharma customers. Cision is not positioned as a HIPAA-eligible vendor.
- AI features are implemented but customer personal data is explicitly not used for AI model training. This is a positive privacy stance, clearly documented.
// At a glance
Pricing model
Subscription-based SaaS (tiered packages, custom enterprise pricing available)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Cision Ltd. / Cision Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
privacy.cision.com