We align our cloud services to Cloud Security Alliance’s Security, Trust, Assurance and Risk (STAR) certification process, the industry's most powerful program for security assurance in the cloud.
nCino’s Trust Commitment
With breaches in data security and platform integrity increasing, keeping customer data safe has never been more important. With nCino, you can rest easy knowing that your data is safe.
nCino is committed to gaining and maintaining the trust of our customers. We provide a robust security and privacy program that carefully considers data protection across all lines of business. Our mission is to inspire trust.
Your Trusted Partner in Banking Services
We understand that security is a critical part of our services to our customers, and we are committed to keeping your data safe and secure. Our guiding security and privacy principles are based on industry standards and best practices, exceeding regulatory requirements for data security, integrity, and availability with third-party validations. As a company, we’re committed to being your most Trusted Partner in banking services. These are our guiding principles:
Strict adherence to our commitment to privacy and transparency
Responsible and sustainable innovation
Partnerships that drive collective success
Best practices for financial institution security
Industry-leading third-party valuations and certifications
Confidence in globally recognized certifications
Certifying Our Commitment to Trust
We’ve partnered with the most advanced companies in the world to offer SOC 1 Type II and SOC 2 Type II compliance reporting, along with the globally-recognized ISO 27001 certification. Check out our security certifications that help ensure your experience on our platform is secure.
Privacy You Can Count On
nCino has certified to ISO/IEC 27001:2013 as a best practice standard for information security, recognized worldwide. With this certification, we're committed to:
Architecture and Service Isolation to ensure each service is isolated and secure through Tenant IDs, unique encryption keys, and identity roles
Data segregation provided with individual environments for different functions
Procedures that are in place to process your data only as instructed you
Sub-processors of nCino required to adhere to written agreements with privacy, data protection, and data security obligations that are regularly audited
Security & Reliability
nCino has applied overarching security best practices in alignment with Operational Excellence and threat intelligence, automating security processes to scale security operations. These practices include, but are not limited to:
Accessing control used to regulate access to resources, leveraging the principles of least privilege and separation of duties with single-sign-on authentication, secure device authentication and user access control
Using Intrusion Detection for detailed threat detection services and continuous monitoring
Instituting formal incident management and investigation policies that will provide you with timely notifications
Enabling infrastructure protection via Defense in Depth (DiD) with a multi-layered approach to address many different attack vectors
Using Data Protection Controls, including data encryption, deletion, retention, and access measures ensure confidentiality, integrity, and availability of sensitive data based on risk
nCino services may integrate with other services provided by nCino or third parties, and documentation is available on the Community. We ensure these integrations are secure, fast, and reliable by:
Offering various features for users, with the ability to opt-out of communication from an Early Adopter Program
Tracking and analyzing usage of Covered Services for security, improvement and functionality purposes
Sharing, on occasion, anonymous usage data internally with service providers, as well as externally on an aggregate basis in the normal course of business