Page last updated on July 16, 2024
nCino, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 16:18:40 EDT.
Filings
10-K filed on 2024-03-26
nCino, Inc. filed a 10-K at 2024-03-26 16:18:40 EDT
Accession Number: 0001902733-24-000053
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity nCino’s Enterprise Risk Management Program includes a cybersecurity risk management process and a formal Information Security Management System (“ISMS”) as foundational components of the program. We routinely assess risks that could affect the organization’s ability to meet its business objectives and provide reliable services to our customers. nCino’s Chief Information Security Officer (“CISO”) is responsible for identifying, assessing, and managing material cybersecurity risks. nCino’s CISO brings over 25 years of experience in security and risk management to the company and takes the lead on reporting risk to senior management and nCino’s Board of Directors. nCino conducts annual cybersecurity risk and threat assessments which include detailed control analyses for measuring both inherent and residual risk factors. These assessments are performed by nCino Information Security as part of the ISO27001 ISMS requirements. Our annual risk assessment is performed by using the nCino ISO27001 risk assessment as a basis for risk identification, with additional assessments to address risks that threaten the achievement of the control objectives as appropriate. Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments. nCino’s CISO reports cyber security risk assessment results at Disclosure Committee Meetings, Board and Audit Committee Meetings, and executive subcommittees specializing in cyber security risk management (Risk Information Security Committee). nCino maintains a documented process for when and by whom senior management is informed of a cybersecurity incident and when such information will be reported to affected parties. These processes are detailed within our Incident Response Plan which is regularly reviewed and updated by the information security team.
Company Information
Name | nCino, Inc. |
CIK | 0001902733 |
SIC Description | Services-Prepackaged Software |
Ticker | NCNO - Nasdaq |
Website | |
Category | Large accelerated filer |
Fiscal Year End | January 30 |