Page last updated on April 1, 2025
nCino, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-01 16:37:44 EDT.
Filings
10-K filed on 2025-04-01
nCino, Inc. filed a 10-K at 2025-04-01 16:37:44 EDT
Accession Number: 0001902733-25-000026
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity nCino has implemented a variety of cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess and manage material risks. Our approach includes (i) nCino’s Enterprise Risk Management Program, as managed by the Internal Audit & Enterprise Risk Management Department and overseen by the Audit Committee of the Board; (ii) cybersecurity risk and threat assessments; (iii) vulnerability management programs designed to identify hardware and software vulnerabilities; (iv) variety of tools designed to monitor our networks and systems for suspicious activity; and (v) incident response plans and trainings . The Enterprise Risk Management Program includes a cybersecurity risk management process and a formal Information Security Management System (“ISMS”) as foundational components of the program covering cybersecurity. Within this process, we routinely assess risks that could affect the organization’s ability to meet its business objectives and provide reliable services to our customers. nCino’s Chief Information Security Officer (“CISO”) is responsible for identifying, assessing, and managing material cybersecurity risks. nCino’s CISO brings over 25 years of experience in security and risk management to the Company, reporting to executive leadership, cybersecurity-focused committees, and nCino’s Board of Directors. nCino conducts annual cybersecurity risk and threat assessments which include detailed control analyses for measuring both inherent and residual risk factors. These assessments are performed by nCino Information Security as part of ISO 27001 ISMS requirements, framework and certification . Our annual risk assessment, aligned to ISO 27001 and National Institute of Standards and Technology (“NIST”), is the basis for security risk identification, with additional assessments to address risks that threaten the achievement of established control objectives. Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments . Additional information on the cybersecurity risks we face is discussed in Part I, Item 1A of this Annual Report on Form 10-K, “Risk Factors.” nCino’s CISO reports cyber security risk assessment results at the Enterprise Risk Management Committee, Information Security, and Board and Audit Committee Meetings. nCino uses formal and informal education and training efforts to identify and mitigate cybersecurity risk, which includes external collaboration with peers and industry groups. nCino maintains a documented process for when and by whom senior management is informed of a cybersecurity incident and when such information will be reported to affected parties. These processes are detailed within our Incident Response Plan which is regularly reviewed and updated by the information security team.
Company Information
| Name | nCino, Inc. |
| CIK | 0001902733 |
| SIC Description | Services-Prepackaged Software |
| Ticker | NCNO - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | January 30 |