// Trust & Security Report
Cognism Ltd.
B2B sales intelligence and contact data platform (prospecting, CRM enrichment, Data-as-a-Service)
Certifications held
5
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on cognism.com“Completing our SOC 2 Type II audit is an important milestone for Cognism and for the customers who trust us with critical go-to-market data. [Audit period: 1 November 2024 to 31 October 2025; independent auditor: Insight Assurance; criteria: Security and Availability]”
Verify on trust.cognism.com“ISO 27001:2022 [listed under Compliance on the Cognism Trust Center, in the row 'SOC 2 Type II ISO 27001:2022 ISO 27701 GDPR CCPA COMPLIANT CCPA'; ISO 27001 certificate downloadable under Certifications]”
Verify on trust.cognism.com“ISO 27701 [listed under Compliance on the Cognism Trust Center, in the row 'SOC 2 Type II ISO 27001:2022 ISO 27701 GDPR CCPA COMPLIANT CCPA'; also shown under Certifications alongside 'SOC 2 Type II - 2025' and ISO 27001]”
Verify on cognism.com“Our data collection and processing practices adhere to GDPR and CCPA guidelines, assisting in safeguarding your business from non-compliance risks.”
Verify on cognism.com“Our data collection and processing practices adhere to GDPR and CCPA guidelines, assisting in safeguarding your business from non-compliance risks.”
> Show 7 unconfirmed / not-held certifications
No public evidence of HIPAA compliance on vendor domain. Cognism is a B2B contact data provider; healthcare data handling is outside its stated scope.
No public evidence of PCI DSS certification found on cognism.com or trust.cognism.com.
No public evidence of FedRAMP authorization found on vendor domain. Cognism targets commercial B2B sales teams, not US federal agencies.
No public evidence of CSA STAR certification or self-assessment found on cognism.com or trust.cognism.com.
No public evidence of ISO 27017 (cloud security controls) certification found on vendor domain.
No public evidence of ISO 27018 (PII in cloud) certification found on vendor domain.
No public evidence of ISO 42001 AI management certification found on vendor domain.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
EEA (UK, Switzerland, Ireland) by default. AWS infrastructure hosted in Ireland. International transfers outside EEA protected by standard contractual clauses.
Privacy policy contains no explicit statement about using customer or business contact data for AI model training. Cognism uses ML models internally for data quality verification and lead scoring. No public opt-out mechanism for AI training found; AI training posture is not addressed in published terms or trust center as of 2026-06-29.
// Security controls
Penetration testing
Independent third-party penetration testing conducted at least annually across products and infrastructure
cognism.comBackups and recovery
Automated backups with quarterly recovery testing; 24-hour recovery point and time objectives
cognism.comAccess control
Least privilege principles; access revoked upon termination; production network access restricted
trust.cognism.comSSDLC
Secure development includes code coverage, SAST, automated build processes with dependency tracking, controlled change management
cognism.comPersonnel security
Pre-employment background checks per local regulations; mandatory security training at onboarding; annual refresher training
cognism.comBreach notification
72-hour breach notification commitment to clients (in line with GDPR Article 33)
cognism.com// Products & data scope
data: Business contact data: names, job titles, professional emails, mobile numbers, employer, LinkedIn URLs. No sensitive personal data collected.
Primary SaaS product. Cognism acts as independent data controller for the contact database and as processor for customer-uploaded CRM data. Data sourced from public web and licensed third parties; screened against 15+ global Do-Not-Call lists.
data: Bulk B2B contact records delivered via API or flat file for CRM enrichment.
Separate attestation letters available (Prospector and Sales Companion per trust center). Cognism acts as processor under customer DPA for enrichment workflows.
data: Real-time contact data lookup via Chrome extension; integrates with Salesforce, HubSpot, Pipedrive.
Covered by separate attestation letter on trust center. No additional data categories beyond platform scope.
data: LinkedIn-sourced contact data (acquired by Cognism; operated via Kaspr SAS, France).
Separate legal entity (Kaspr SAS, France) listed as Cognism affiliate in privacy policy. Distinct terms apply.
// What to watch
- Cognism operates as data controller for its B2B contact database and as processor for customer CRM data. Customers bear responsibility for ensuring downstream lawful basis when using Cognism-sourced contacts for outreach.
- GDPR legitimate interest (Article 6(1)(f)) is the stated lawful basis for collecting and providing B2B contact data. Data subjects can opt-out via Cognism Privacy Centre at cognism.com/data-opt-out.
- AI training posture is not explicitly addressed in the published privacy policy, terms, or trust center. ML models are used internally for data quality but no customer-data AI training statement exists (positive or negative).
- No HIPAA, PCI DSS, FedRAMP, CSA STAR, ISO 27017, ISO 27018, or ISO 42001 certifications found. These are not relevant to Cognisms core B2B data use case but should be noted for regulated-industry buyers.
- DPA is available (PDF at cognism.com/hubfs/customer-terms-DPA.pdf) but must be requested and executed separately; it is not automatically bundled into standard subscriptions.
- Kaspr SAS (France) is a separate Cognism affiliate with potentially distinct data practices; buyers using Kaspr should review its own terms independently.
- Trust center (trust.cognism.com) requires an access request for full document downloads (SOC 2 report, ISO certificates); publicly accessible summary is available without login.
// At a glance
Pricing model
Subscription; custom enterprise pricing; demo required before purchase; no self-serve sign-up
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Cognism Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.cognism.com