|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jan. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
nCino has implemented a variety of cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess and manage material risks. Our approach includes (i) nCino’s Enterprise Risk Management Program, as managed by the Internal Audit & Enterprise Risk Management Department and overseen by the Audit Committee of the Board; (ii) cybersecurity risk and threat assessments; (iii) vulnerability management programs designed to identify hardware and software vulnerabilities; (iv) variety of tools designed to monitor our networks and systems for suspicious activity; and (v) incident response plans and trainings. The Enterprise Risk Management Program includes a cybersecurity risk management process and a formal Information Security Management System ("ISMS") as foundational components of the program covering cybersecurity. Within this process, we routinely assess risks that could affect the organization's ability to meet its business objectives and provide reliable services to our customers. nCino’s Chief Information Security Officer ("CISO") is responsible for identifying, assessing, and managing material cybersecurity risks. nCino’s CISO brings over 25 years of experience in security and risk management to the Company, reporting to executive leadership, cybersecurity-focused committees, and nCino’s Board of Directors.
nCino conducts annual cybersecurity risk and threat assessments which include detailed control analyses for measuring both inherent and residual risk factors. These assessments are performed by nCino Information Security as part of ISO 27001 ISMS requirements, framework and certification. Our annual risk assessment, aligned to ISO 27001 and National Institute of Standards and Technology ("NIST"), is the basis for security risk identification, with additional assessments to address risks that threaten the achievement of established control objectives. Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments. Additional information on the cybersecurity risks we face is discussed in Part I, Item 1A of this Annual Report on Form 10-K, “Risk Factors.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The Enterprise Risk Management Program includes a cybersecurity risk management process and a formal Information Security Management System ("ISMS") as foundational components of the program covering cybersecurity. Within this process, we routinely assess risks that could affect the organization's ability to meet its business objectives and provide reliable services to our customers.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
nCino conducts annual cybersecurity risk and threat assessments which include detailed control analyses for measuring both inherent and residual risk factors. These assessments are performed by nCino Information Security as part of ISO 27001 ISMS requirements, framework and certification. Our annual risk assessment, aligned to ISO 27001 and National Institute of Standards and Technology ("NIST"), is the basis for security risk identification, with additional assessments to address risks that threaten the achievement of established control objectives. Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments. Additional information on the cybersecurity risks we face is discussed in Part I, Item 1A of this Annual Report on Form 10-K, “Risk Factors.”
nCino’s CISO reports cyber security risk assessment results at the Enterprise Risk Management Committee, Information Security, and Board and Audit Committee Meetings. nCino uses formal and informal education and training efforts to identify and mitigate cybersecurity risk, which includes external collaboration with peers and industry groups. nCino maintains a documented process for when and by whom senior management is informed of a cybersecurity incident and when such information will be reported to affected parties. These processes are detailed within our Incident Response Plan which is regularly reviewed and updated by the information security team.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|nCino conducts annual cybersecurity risk and threat assessments which include detailed control analyses for measuring both inherent and residual risk factors. These assessments are performed by nCino Information Security as part of ISO 27001 ISMS requirements, framework and certification.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|nCino’s CISO reports cyber security risk assessment results at the Enterprise Risk Management Committee, Information Security, and Board and Audit Committee Meetings. nCino uses formal and informal education and training efforts to identify and mitigate cybersecurity risk, which includes external collaboration with peers and industry groups.
|Cybersecurity Risk Role of Management [Text Block]
|. Our annual risk assessment, aligned to ISO 27001 and National Institute of Standards and Technology ("NIST"), is the basis for security risk identification, with additional assessments to address risks that threaten the achievement of established control objectives. Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments. Additional information on the cybersecurity risks we face is discussed in Part I, Item 1A of this Annual Report on Form 10-K, “Risk Factors.”
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
nCino conducts annual cybersecurity risk and threat assessments which include detailed control analyses for measuring both inherent and residual risk factors. These assessments are performed by nCino Information Security as part of ISO 27001 ISMS requirements, framework and certification. Our annual risk assessment, aligned to ISO 27001 and National Institute of Standards and Technology ("NIST"), is the basis for security risk identification, with additional assessments to address risks that threaten the achievement of established control objectives. Threats to security, confidentiality, and availability are identified and assessed as part of our annual and routine risk assessments. Additional information on the cybersecurity risks we face is discussed in Part I, Item 1A of this Annual Report on Form 10-K, “Risk Factors.”
nCino’s CISO reports cyber security risk assessment results at the Enterprise Risk Management Committee, Information Security, and Board and Audit Committee Meetings. nCino uses formal and informal education and training efforts to identify and mitigate cybersecurity risk, which includes external collaboration with peers and industry groups. nCino maintains a documented process for when and by whom senior management is informed of a cybersecurity incident and when such information will be reported to affected parties. These processes are detailed within our Incident Response Plan which is regularly reviewed and updated by the information security team.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|nCino’s CISO reports cyber security risk assessment results at the Enterprise Risk Management Committee,
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
nCino’s CISO reports cyber security risk assessment results at the Enterprise Risk Management Committee, Information Security, and Board and Audit Committee Meetings. nCino uses formal and informal education and training efforts to identify and mitigate cybersecurity risk, which includes external collaboration with peers and industry groups. nCino maintains a documented process for when and by whom senior management is informed of a cybersecurity incident and when such information will be reported to affected parties. These processes are detailed within our Incident Response Plan which is regularly reviewed and updated by the information security team.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef