We take security seriously at Cision. Cision has been handling our customers’ non-public information for over 60 years, and maintaining its confidentiality is an integral element of our culture.
We have undertaken a variety of measures to protect our customers’ information, to assure the confidentiality, integrity and availability of Cision information resources, and to secure our facilities, networks and systems. These measures are defined in Cision's Information Security Policy. Led by our Chief Information Security Officer, Cision’s Information Security Office is charged with developing, maintaining and monitoring compliance with the Information Security Policy. The Information Security Management program is based on an ISO 27002 framework.
The Information Security Policy applies to individuals and entities that are provided access to Cision's information resources, including third party consultants, contractors and vendors.
We apply the principle of role-based access control at Cision. Access to customer information is restricted to only those whose roles require such access. The editorial processes and procedures that are in place have been designed to protect our customers’ information. Our standard operating procedures include requiring that employees who will have access to sensitive information undergo background checks, sign confidentiality agreements and receive training in information security, as well as in ethics and compliance.
Over the last years, with cyber security becoming particularly important, we have made significant investments in Information Technology architecture, policies, systems and practices in keeping with our Information Security Policy. Our Information Security Policy provides for a multi-dimensional approach to information security:
Notwithstanding these protections, Cision recognizes that all IT systems remain vulnerable to attack; therefore, monitoring is essential. Our data centers employ intrusion detection systems that are regularly monitored. A Security Operations Command Center (SOCC) monitors the perimeter 24/7 and anomalous behavior is alerted to the Computer Security Incident Response Team (CSIRT). A formalized Incident Response Plan is followed by the SOCC and CSIRT.