Security Compliance

International Standards Organization Standards and Certification

There are many ISO standards used and followed across Clarivate, but whereas our Information Security Management System (ISMS) design and practices etc. are based on these standards, not every product/product team within our catalog have been independently audited and certified to be fully in alignment with them all:

Clarivate PLC

has been independently certified with the following scope for ISO 27001.
The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the systems, products and services provided by the Clarivate Intellectual Property Group (IPG), Life Sciences & Healthcare (LS&H) Group, and Academic and Government (A&G) Group, in accordance with the statement of applicability, version 1.60, dated November 27, 2023. The scope of the ISMS includes the Information Security (InfoSec), Technology (Corporate IT, Systems Engineering, Product Technology), and Product Management functions responsible for supporting the in-scope systems, products, and services and other functions necessary to support business unit operations including Human Resources, Facilities, Compliance, Privacy, and the TechOps Project Management Office. The services and products within scope of the ISMS are included on page 2 of the certificate.


ExLibris

Limited has been independently certified with the following scope for ISO22301, ISO27001, ISO27017, ISO27018, ISO27013, ISO27701
The Information Security Management System is Applicable to IT Operations Department Related to: Development processes, cloud services, global support services, operation services, professional services, library management services, learning & research solutions, all cloud based services. According to Statement of Applicability: Date 1 May 2015.


Innovative Interfaces, Inc.

has been independently certified with the following scope for ISO 27001, ISO 27017 and ISO 27701.
The scope of the certification is limited to the information security management system (ISMS) supporting the corporate and customer infrastructure managed by Innovative Interfaces’ Information Technology Department in accordance with the statement of applicability, 1.4 dated October 4, 2022, aligned with the control set and implementation guidance from ISO/IEC 27017:2015 (ISO 27017), and includes the requirements of ISO/IEC 27701:2019 (ISO 27701) and Innovative Interfaces’ Privacy Information Management System (PIMS), in the role of a Processor.


AICPA SOC 2

AICPA Service Organization Control (SOC) Reports are independently created reports by certified organizations that cover the Trust Service Criteria used to evaluate “the suitability of the design and operating effectiveness of controls relevant to the security, availability, processing integrity, confidentiality or privacy of information systems used to provide product or services”. Note that these reports are designed to be shared with a limited audience with adequate understanding of the system in question, and not for public consumption. For that reason, we can only provide them to clients on request under NDA.


SOC2 Type I

reports describes a service organization's systems and whether the design of specified controls meet the relevant trust principles. The latest independent audit reports have been attested to for the following products:
  • Vega SaaS
  • First To File

SOC 2 Type II

reports cover the issues in a Type I as well as assessing the operational effectiveness of the specified controls over a specified time-period. The latest independent audit reports have been attested to for the following products/periods:

  • Cortellis
  • Derwent Innovation
  • Foundation IP
  • Innography
  • Integration Hub
  • IPFolio
  • Memotech(AWS)