Security compliance
Learn how we aligns with international standards and frameworks to protect data and maintain trusted, secure operations.
Meeting global standards for security and compliance
Clarivate is vigilant about meeting the latest international standards for data protection and information security. Our compliance programs are designed to align with recognized global frameworks and regulatory requirements, providing customers with confidence in our data safeguarding. Through independent audits, ongoing assessments and continuous improvement, we demonstrate accountability and transparency across our operations. These standards help ensure consistent controls, strong governance and resilient practices that support secure, reliable services worldwide.
ISO certification
We are committed to maintaining the highest standards of information security and data protection. Our ISO certifications demonstrate that we follow internationally recognized best practices to keep customer data safe, secure, and well-managed.
Documentation
Here you can find key security and compliance documents that provide transparency into how we protect your data and operate our services.
These documents are designed to help customers, partners, and stakeholders quickly understand our security practices, certifications, and controls.
ISO certifications
Our ISO certifications confirm that our security and operational processes meet globally recognized standards. These certifications are independently audited and regularly reviewed to ensure continuous compliance.
ISO 27018
ISO 27032
ISO 22301
ISO 27701
ISO 27017
ISO 27001
Statements and certifications
Explore our official documents related to certifications, security practices, and compliance. These resources are provided to help you better understand how we Protect your information.
Clarivate aligns its Information Security Management System with ISO standards, though not all products are individually certified. Clarivate PLC holds ISO 27001 certification covering ISMS supporting IPG, LS&H, and A&G systems, products, and services across InfoSec, IT, Product, and key business functions.
Innovative Interfaces is certified to ISO 27001, 27017, and 27701 for its corporate and customer infrastructure, including its Privacy Information Management System.
Security and compliance
We are committed to protecting your data and ensuring our services meet globally recognized security and compliance standards.
Our certifications and audit reports offer clear visibility into how we manage risk and align with global security standards so you can trust in our secure, reliable Clarivate solutions and the integrity of our systems
SOC 2 Certification
SOC 2 (System and Organization Controls 2) is a compliance framework developed by the American Institute of Certified Public Accountants (AICPA). It defines criteria for managing and protecting customer data based on the Trust Services Criteria and is widely recognized as an industry best-practice standard for demonstrating effective controls over information systems and data protection.
- SOC 2 Type I report evaluates the design of an organization’s controls at a specific point in time, assessing whether the controls are suitably designed to meet the applicable Trust Services Criteria.
- SOC 2 Type II report goes further by evaluating both the design and operating effectiveness of those controls over a defined period, typically six to twelve months.
PCI DSS Certification
The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard established by the Payment Card Industry Security Standards Council (PCI SSC). It defines a set of technical and operational requirements designed to protect cardholder data and secure payment card transactions.
- SAQ Type A
- SAQ Type A-EP
- SAQ Type C-VT
- SAQ Type D
Government Compliance Frameworks
We support compliance with government security frameworks such as FedRAMP and TX-RAMP, which define strict requirements for cloud security and risk management.
These frameworks ensure that services meet high standards required by public sector organizations.
- TX-RAMP is a Texas program that evaluates and authorizes the security of cloud services used by state agencies, requiring ongoing compliance.
- FedRAMP is a U.S. federal program that standardizes security assessment and authorization for cloud services, and certification is required to work with federal agencies.
Both programs are built on the NIST 800-53 framework, which defines a comprehensive set of security controls for protecting information systems.
Product compliance list
| Product/Data Center | ISO | Compliance |
|---|---|---|
| 360 Suite | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | |
| Aleph | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | |
| Alexander Street | PCI-DSS SAQ-A-EP, TX-RAMP Level 1 | |
| Alma | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | PCI-DSS SAQ-A, SAQ-D excluding ISO-ILL and SIP2 protocol support, SOC 2 Type I |
| BioWorld | ISO 27001 | PCI-DSS SAQ-A-EP |
| Bx | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | |
| CMR Factbook | ISO 27001 | PCI-DSS SAQ-A-EP |
| Compumark Search & Watch (BLA, TWA, SERION) | ISO 27001 | PCI-DSS SAQ-A-EP (Compumark Serion) |
| Cortellis | ISO 27001 | PCI DSS SAQ-A-EP (Cortellis IPD Summaries, Cortellis Supply Chain Network), SOC 2 Type II |
| CPA Global limited – Jersey | PCI-DSS SAQ-CV-T | |
| CPA Global limited – UK | PCI-DSS SAQ-CV-T | |
| Derwent Patent Analytics (formerly Innography) | ISO 27001 | SOC 2 Type II |
| Derwent Patent Monitor | ISO 27001 | SOC 2 Type II (2026) |
| Derwent Patent Search (formerly Derwent Innovation) | ISO 27001 | SOC 2 Type II |
| Dialog | ISO 27001 | |
| Dissertation payments | ISO 27001 | PCI-DSS SAQ-A-EP |
| Docket | ISO 27001 | SOC 2 Type II |
| DRG | ISO 27001 | PCI-DSS SAQ-A-EP |
| DRG Patents Store | ISO 27001 | PCI-DSS SAQ-A-EP |
| DRG Webinars | ISO 27001 | PCI-DSS SAQ-A-EP |
| DST | ISO 27001 | |
| Encore | ISO 27001, ISO 27017, ISO 27701 | |
| EndNote | ISO 27001 | PCI-DSS SAQ-A (Online), TX-RAMP Level 1 |
| Esploro | ISO 27001, ISO 27017, ISO 27701 | FedRAMP as part of HEP, SOC 2 Type I |
| Foundation IP | ISO 27001 | SOC 2 Type II |
| InnReach | ISO 27001, ISO 27017, ISO 27701 | |
| Inprotech | ISO 27001 | |
| Integration Hub | ISO 27001 | SOC 2 Type II |
| IPFolio | ISO 27001 | FedRAMP, SOC 2 Type II |
| Leganto | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | FedRAMP as part of HEP, PCI-DSS SAQ-A |
| Memotech | ISO 27001 | SOC 2 Type II |
| MetaLib | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | |
| Mobile Engagement Platform (campusM) | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | TX-RAMP Level 1 |
| Pivot-RP | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | TX-RAMP Level 1 |
| Polaris | ISO 27001, ISO 27017, ISO 27701 | AZ-RAMP, PCI-DSS SAQ-D (Polaris ILS), SOC 2 Type II (2026) |
| Primo (Classic / VE) | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | FedRAMP as part of HEP |
| ProQuest CapitalOne LLC | ISO 27001 | PCI-DSS SAQ-CV-T |
| ProQuest ETD Admin | ISO 27001 | PCI-DSS SAQ-A |
| ProQuest Oracle EBS (iStore & Customer service) | ISO 27001 | PCI-DSS SAQ-A |
| ProQuest Platform | ISO 27001 | TX-RAMP Level 1 |
| RapidILL | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | FedRAMP |
| Rapido | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | FedRAMP as part of HEP |
| RefWorks | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | TX-RAMP Level 1 |
| Rialto | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | FedRAMP as part of HEP |
| Sierra | ISO 27001, ISO 27017, ISO 27701 | TX-RAMP Level 1 |
| Specto (also Rosetta) | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | FedRAMP as part of HEP |
| Summon CDI | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | |
| TIPMS | ISO 27001 | SOC 2 Type II |
| TrademarkVision AI & Image Search Solutions (former Design Vision) | ISO 27001 | SOC 2 Type II, StateRAMP (Moderate) |
| Unycom | ISO 27001 | SOC 2 Type II (2026) |
| Vega Discover | ISO 27001, ISO 27017, ISO 27701 | AZ-RAMP, PCI-DSS SAQ-D, SOC 2 Type I, SOC 2 Type II (2026) |
| Virtua | ISO 27001, ISO 27017, ISO 27701 | |
| Voyager | ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701 | |
| Web of Science | ISO 27001 | PCI-DSS, TX-RAMP Level 1 |
