Data Security, Privacy, and Compliance
Thomson Reuters Trust Center
Security commitment
At Thomson Reuters, security isn't just a feature; it's the foundation of our promise to our customers
Thomson Reuters (TSX/NYSE: TRI) informs the way forward by bringing together the trusted content and technology that professionals and organizations need to make the right decisions. Our company serves customers across legal professionals, tax and accounting, risk, fraud and compliance, government, and media, and we continue to work toward improving our cybersecurity posture.
We're excited to declare our investment to secure FedRAMP Authorization for CLEAR, Westlaw, and Practical Law products. By harmonizing our operations with FedRAMP's detailed protocol for security evaluation, approval, and ongoing oversight, we're taking a proactive approach to address the complexities of the current digital environment.
Information security
Thomson Reuters maintains its reputation for providing reliable and trustworthy information through a variety of means, including a comprehensive information security management framework supported by a wide range of security policies, standards, and practices.
Product security
Product security and compliance are paramount to Thomson Reuters offerings. Leverage our Whistic platform to obtain access to, but not limited to:
- SOC reports and bridge letters
- Certificates or attestations
- Security questionnaires — for example, SIG and CAIQ
- White papers
For product specific security requirements, get in touch with your Thomson Reuters account representative or contact us for further assistance.
Click the links below to preview the product security profiles
Please note: accessing and downloading profile artifacts requires an account.
Thomson Reuters SECURE Framework
Expanding upon the NIST Cybersecurity Framework (CSF), Thomson Reuters centers its efforts on six fundamental pillars to effectively mitigate cyber risks for both the company and its customers.
Safeguard devices, identities, and business applications.
Establish baseline practices and standards to maintain secure networks, systems, and hosting environments.
Deliver secure-by-design products that protect processes and customer data.
Meet customer regulator and stakeholder online security expectations.
Rapidly detect and mitigate risks to Thomson Reuters estate.
Protect and mitigate cyber-risks.
Data Privacy
Thomson Reuters places a high priority on meeting our customers’ privacy expectations. We are constantly monitoring legislative developments and incorporating changes into our privacy framework to meet these expectations.
To learn more about our collection and use of personal information, please visit our Privacy Statement.
Compliance
Thomson Reuters compliance practices are aligned with regulatory requirements and industry standards to help protect our data's confidentiality, integrity, and availability and promote the reduction of business and technology risk.
Our products maintain individual compliance attestations and self-assessments, some of which are listed below. For product specific compliance requirements, consult the product security section, get in touch with your Thomson Reuters representative or contact us for further assistance.
Contact and support information
Our Vulnerability and Disclosure Program is powered by the HackerOne platform.
Our procurement guide answers several frequently asked questions from customer.
For any questions regarding our solutions and services, our customer service representatives are here to help.
Already a customer? Log in to access your account and recent work.
Thomson Reuters and Generative AI — defining a new era for how legal and tax professionals work