At Cision, we take security very seriously. Maintaining the integrity, confidentiality, and availability of our customers’ information is an important part of our culture.
We have developed a variety of measures to protect our customers’ information and secure our facilities, networks, and systems. Led by our Chief Information Security Officer, Cision’s Information Security Office is charged with developing, maintaining and monitoring compliance with these measures, based on the NIST framework.
All Cision policies are reviewed annually to ensure they are accurate and up-to-date with the current threat landscape.
All Cision employees undergo rigorous screening during the hiring process and our contractors are expected to meet the same requirements. All employees must understand and agree to the Information Security Policy. Upon termination or change of employment, access rights are removed or updated to ensure employees only have access to information that is required for their job. Cision relies on well-defined processes, disciplined execution and continual training of staff, including security and technology use training for employees.
All Cision information systems and infrastructure are hosted in a combination of world-class data centers and Infrastructure-as-a-Service (IaaS) providers. All Cision offices have physical entry controls to ensure only authorized personnel gain access to facilities. Access to facilities is controlled by electronic key systems. Further, Cision’s collocated hosting facilities utilize biometric security, video surveillance, and a 24/7 staffed guard.
Critical Cision applications undergo regular vulnerability assessments on the running applications (dynamic), the application code (static), and the underlying infrastructure using industry standard tools. These applications also undergo manual penetration testing on an annual basis. The results of these assessments are categorized and prioritized for remediation as swiftly as possible during regular development cycles.
Applications follow a multi-tiered model, which provides the opportunity to apply controls at each layer, practicing “defense in depth.” The data centers that house our applications follow industry standard practices and provide an attestation of their annual audits such as SOC Type II.
All communication with Cision applications utilizes cryptographic protocols such as TLS to protect information in transit over public networks. At the network edge, stateful firewalls, web application firewalls, and DDoS protection are used to filter attacks. Within the internal network, applications follow a multi-tiered model which provides the ability to apply security controls between each layer.
Cision’s email systems utilize state-of-the-art spam and malware filters to prevent outbreaks and phishing campaigns. Internet browsing is controlled and filtered for known malicious sites to prevent infection of internal systems and data leakage.
All servers and computers have industry standard anti-virus software installed which is updated and continuously monitored. Servers send logs to a central repository for forensic storage and correlation to detect anomalous activity and facilitate investigations. Backups are taken regularly and stored off-site in a secure location in case of a catastrophic incident at the hosting facility.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any sensitive data safe.
Note: Use of Cision services is subject to the terms of the agreement between the customer and Cision. Cision may change its security infrastructure and/or this statement from time to time.