// Trust & Security Report

    Cognism Ltd. logo

    Cognism Ltd.

    B2B sales intelligence and contact data platform (prospecting, CRM enrichment, Data-as-a-Service)

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Completing our SOC 2 Type II audit is an important milestone for Cognism and for the customers who trust us with critical go-to-market data. [Audit period: 1 November 2024 to 31 October 2025; independent auditor: Insight Assurance; criteria: Security and Availability]

    Verify on cognism.com
    ISO 27001:2022
    HELD

    ISO 27001:2022 [listed under Compliance on the Cognism Trust Center, in the row 'SOC 2 Type II ISO 27001:2022 ISO 27701 GDPR CCPA COMPLIANT CCPA'; ISO 27001 certificate downloadable under Certifications]

    Verify on trust.cognism.com
    ISO 27701
    HELD

    ISO 27701 [listed under Compliance on the Cognism Trust Center, in the row 'SOC 2 Type II ISO 27001:2022 ISO 27701 GDPR CCPA COMPLIANT CCPA'; also shown under Certifications alongside 'SOC 2 Type II - 2025' and ISO 27001]

    Verify on trust.cognism.com
    GDPR
    HELD

    Our data collection and processing practices adhere to GDPR and CCPA guidelines, assisting in safeguarding your business from non-compliance risks.

    Verify on cognism.com
    CCPA
    HELD

    Our data collection and processing practices adhere to GDPR and CCPA guidelines, assisting in safeguarding your business from non-compliance risks.

    Verify on cognism.com
    > Show 7 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance on vendor domain. Cognism is a B2B contact data provider; healthcare data handling is outside its stated scope.

    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found on cognism.com or trust.cognism.com.

    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization found on vendor domain. Cognism targets commercial B2B sales teams, not US federal agencies.

    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR certification or self-assessment found on cognism.com or trust.cognism.com.

    ISO 27017
    NOT CONFIRMED

    No public evidence of ISO 27017 (cloud security controls) certification found on vendor domain.

    ISO 27018
    NOT CONFIRMED

    No public evidence of ISO 27018 (PII in cloud) certification found on vendor domain.

    ISO/IEC 42001 (AI management)
    NOT CONFIRMED

    No public evidence of ISO 42001 AI management certification found on vendor domain.

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    EEA (UK, Switzerland, Ireland) by default. AWS infrastructure hosted in Ireland. International transfers outside EEA protected by standard contractual clauses.

    Privacy policy contains no explicit statement about using customer or business contact data for AI model training. Cognism uses ML models internally for data quality verification and lead scoring. No public opt-out mechanism for AI training found; AI training posture is not addressed in published terms or trust center as of 2026-06-29.

    // Security controls

    Encryption in transit

    HTTPS enforced using TLS 1.2 and TLS 1.3

    cognism.com

    Encryption at rest

    AES-256

    cognism.com

    Key management

    AWS Key Management Service (KMS)

    cognism.com

    Penetration testing

    Independent third-party penetration testing conducted at least annually across products and infrastructure

    cognism.com

    DDoS and WAF

    Cloudflare DDoS protection and WAF

    cognism.com

    Infrastructure

    AWS-hosted; Ireland region; public status page available

    trust.cognism.com

    Backups and recovery

    Automated backups with quarterly recovery testing; 24-hour recovery point and time objectives

    cognism.com

    Access control

    Least privilege principles; access revoked upon termination; production network access restricted

    trust.cognism.com

    SSDLC

    Secure development includes code coverage, SAST, automated build processes with dependency tracking, controlled change management

    cognism.com

    Personnel security

    Pre-employment background checks per local regulations; mandatory security training at onboarding; annual refresher training

    cognism.com

    Breach notification

    72-hour breach notification commitment to clients (in line with GDPR Article 33)

    cognism.com

    Cyber insurance

    Cyber security insurance coverage held

    cognism.com

    // Products & data scope

    Sales Intelligence PlatformB2B Prospecting and Lead Generation

    data: Business contact data: names, job titles, professional emails, mobile numbers, employer, LinkedIn URLs. No sensitive personal data collected.

    Primary SaaS product. Cognism acts as independent data controller for the contact database and as processor for customer-uploaded CRM data. Data sourced from public web and licensed third parties; screened against 15+ global Do-Not-Call lists.

    Data-as-a-Service (DaaS)B2B Data Enrichment

    data: Bulk B2B contact records delivered via API or flat file for CRM enrichment.

    Separate attestation letters available (Prospector and Sales Companion per trust center). Cognism acts as processor under customer DPA for enrichment workflows.

    Sales CompanionBrowser Extension / Workflow Integration

    data: Real-time contact data lookup via Chrome extension; integrates with Salesforce, HubSpot, Pipedrive.

    Covered by separate attestation letter on trust center. No additional data categories beyond platform scope.

    Kaspr (affiliate product)LinkedIn Data Enrichment

    data: LinkedIn-sourced contact data (acquired by Cognism; operated via Kaspr SAS, France).

    Separate legal entity (Kaspr SAS, France) listed as Cognism affiliate in privacy policy. Distinct terms apply.

    // What to watch

    • Cognism operates as data controller for its B2B contact database and as processor for customer CRM data. Customers bear responsibility for ensuring downstream lawful basis when using Cognism-sourced contacts for outreach.
    • GDPR legitimate interest (Article 6(1)(f)) is the stated lawful basis for collecting and providing B2B contact data. Data subjects can opt-out via Cognism Privacy Centre at cognism.com/data-opt-out.
    • AI training posture is not explicitly addressed in the published privacy policy, terms, or trust center. ML models are used internally for data quality but no customer-data AI training statement exists (positive or negative).
    • No HIPAA, PCI DSS, FedRAMP, CSA STAR, ISO 27017, ISO 27018, or ISO 42001 certifications found. These are not relevant to Cognisms core B2B data use case but should be noted for regulated-industry buyers.
    • DPA is available (PDF at cognism.com/hubfs/customer-terms-DPA.pdf) but must be requested and executed separately; it is not automatically bundled into standard subscriptions.
    • Kaspr SAS (France) is a separate Cognism affiliate with potentially distinct data practices; buyers using Kaspr should review its own terms independently.
    • Trust center (trust.cognism.com) requires an access request for full document downloads (SOC 2 report, ISO certificates); publicly accessible summary is available without login.

    // At a glance

    Pricing model

    Subscription; custom enterprise pricing; demo required before purchase; no self-serve sign-up

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Cognism Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.cognism.com

    > Browse all vendor trust reports