Keeping your data safe
is our top priority.

nCino is committed to gaining and maintaining the trust of our customers. We provide a robust security and privacy program that carefully considers data protection across all lines of business. Our mission is to inspire trust.

Your Trusted Partner in Banking Services

We understand that security is a critical part of our services to our customers, and we are committed to keeping your data safe and secure. Our guiding security and privacy principles are based on industry standards and best practices, exceeding regulatory requirements for data security, integrity, and availability with third-party validations. As a company, we’re committed to being your most Trusted Partner in banking services. These are our guiding principles:

  • Strict adherence to our commitment to privacy and transparency

  • Responsible and sustainable innovation

  • Partnerships that drive collective success

  • Best practices for financial institution security

  • Industry-leading third-party valuations and certifications

  • Confidence in globally recognized certifications

Certifying Our Commitment to Trust

Benefit

CSA STAR

We align our cloud services to Cloud Security Alliance’s Security, Trust, Assurance and Risk (STAR) certification process, the industry's most powerful program for security assurance in the cloud.

STAR-Level-1-badge
Benefit

ISO 27001

We systematically examine security threats, design and implement comprehensive security controls, and adopt an overarching management process to meet our organization's security needs on an ongoing basis.

iso27001 seal blue webversion 150x50px png
Benefit

SOC Type I

We verify that our platform has the proper internal controls and processes in place to deliver high quality services to clients, assuring financial institutions that their sensitive data is protected.

Benefit

SOC Type II

We comply with security policies and procedures around availability, processing, integrity and confidentiality of customer data, to enforce the protection of sensitive client data.

Benefit

PCI DSS

We implemented security controls and procedures to ensure that funding applications meet all applicable PCI DSS requirements.

Certifiably secure lending takes a whole team.

We’ve partnered with the most advanced companies in the world to offer SOC 1 Type II and SOC 2 Type II compliance reporting, along with the globally-recognized ISO 27001 certification. Check out our security certifications that help ensure your experience on our platform is secure.

Privacy You Can Count On

Benefit

Data Privacy Frameworks

nCino’s participation in the EU-U.S. Data Privacy Framework and the Swiss-U.S. Privacy Framework confirm that the processing and transfer of customer data meets or exceeds the GDPR and requirements.

Benefit

GDPR

We support compliance with GDPR requirements to establish Data Subject access, ownership and control over personal data.

Benefit

nCino's Privacy Policy

nCino is committed to user privacy. Review our policy to understand our approach to respecting and protecting user privacy.

Operational Excellence

nCino has certified to ISO/IEC 27001:2013 as a best practice standard for information security, recognized worldwide. With this certification, we're committed to:

  • Architecture and Service Isolation to ensure each service is isolated and secure through Tenant IDs, unique encryption keys, and identity roles

  • Data segregation provided with individual environments for different functions

  • Procedures that are in place to process your data only as instructed you

  • Sub-processors of nCino required to adhere to written agreements with privacy, data protection, and data security obligations that are regularly audited

Security & Reliability

nCino has applied overarching security best practices in alignment with Operational Excellence and threat intelligence, automating security processes to scale security operations. These practices include, but are not limited to:

  • Accessing control used to regulate access to resources, leveraging the principles of least privilege and separation of duties with single-sign-on authentication, secure device authentication and user access control

  • Using Intrusion Detection for detailed threat detection services and continuous monitoring

  • Instituting formal incident management and investigation policies that will provide you with timely notifications

  • Enabling infrastructure protection via Defense in Depth (DiD) with a multi-layered approach to address many different attack vectors

  • Using Data Protection Controls, including data encryption, deletion, retention, and access measures ensure confidentiality, integrity, and availability of sensitive data based on risk

Performance Efficiency

nCino services may integrate with other services provided by nCino or third parties, and documentation is available on the Community. We ensure these integrations are secure, fast, and reliable by:

  • Offering various features for users, with the ability to opt-out of communication from an Early Adopter Program

  • Tracking and analyzing usage of Covered Services for security, improvement and functionality purposes

  • Sharing, on occasion, anonymous usage data internally with service providers, as well as externally on an aggregate basis in the normal course of business