Data Security, Privacy, and Compliance

Thomson Reuters Trust Center

As the world’s leading source of news and information for professional markets, Thomson Reuters is committed to protecting the data privacy of our customers

Information security

Thomson Reuters maintains its reputation for providing reliable and trustworthy information through a variety of means, including a comprehensive information security management framework supported by a wide range of security policies, standards, and practices.

Product security

Product security and compliance are paramount to Thomson Reuters’ offerings. Leverage our Whistic platform to obtain access to, but not limited to:

  • SOC reports and bridge letters
  • Certificates/Attestations
  • Security questionnaires (e.g. SIG, CAIQ)
  • White papers

For product specific security requirements, get in touch with your Thomson Reuters account representative or contact us for further assistance.

Thomson Reuters SECURE Framework

Expanding upon the NIST Cyber Security Framework (CSF), Thomson Reuters centers its efforts on six fundamental pillars to effectively mitigate cyber risks for both the company and its customers.

Secure workplace

Committed to safeguard devices, identities, and business applications.

Secure platforms

Establish baseline practices and standards to maintain secure networks, systems and hosting environments.

Secure products

Deliver secure-by-design products that protect processes and customer data.

Secure brand

Meet customer regulator and stakeholder cyber expectations.

Secure response

Rapidly detect and mitigate risks to Thomson Reuters’ estate.

Governance, risk and compliance

Dedicated to protect and mitigate cyber risks.

Data Privacy

Thomson Reuters places a high priority on meeting our customers’ expectations of privacy. To meet these expectations, we are constantly monitoring legislative developments and incorporating changes into our privacy framework.

To learn more about our collection and use of personal information, please visit our Privacy Statement.

  • If you are a California resident, please find more information about the California Consumer Privacy Act of 2018 (CCPA) here.
  • If you are located in the EU/EEA, please find more information about the General Data Protection Regulation (GDPR) here.


Thomson Reuters compliance practices are aligned with both regulatory requirements and industry standards to help protect the confidentiality, integrity, and availability of our data as well as promote the reduction of business and technology risk.

Thomson Reuters products maintains individual compliance attestations and self-assessments, some of which are listed below. For product specific compliance requirements, consult the product security section, get in touch with your Thomson Reuters representative or contact us for further assistance.

Contact and support information

Vulnerability disclosure

Our Vulnerability and Disclosure Program is powered by the HackerOne platform.

Need procurement help?

Our procurement guide answers several frequently asked questions from customer.

Get in touch

For any questions regarding our solutions and services, our customer service representatives are here to help.

Access your product

Already a customer? Log in to access your account and recent work.

AI @ Thomson Reuters

Thomson Reuters and Generative AI: Defining a new era for how legal and tax professionals work