Nialli legal

Nialli

Security at Nialli Inc. 

Last updated May 5, 2026

At Nialli, protecting customer data is a top priority. We design our systems, processes, and products with security in mind, using industryrecognized frameworks and best practices to safeguard information entrusted to us.

The information provided below relates to the security practices at Nialli. Our Privacy Policy is available here.

For information relating to Nialli™ Visual Planner, see the Nialli Visual Planner Security Practices and Nialli Visual Planner Privacy Policy.

ISO/IEC 27001 Aligned – Information Security Management System

Nialli has implemented, maintains and periodically reviews a comprehensive information security management system (ISMS) designed to align with the principles and controls of the ISO/IEC 27001 standard. Our ISMS has been designed to preserve the confidentiality, integrity and availability of our business information and that of our customers and other stakeholders that is in our system.

Scope

The scope of our ISMS includes the applications, systems, people and processes involved in the development, delivery and operation of Nialli’s software products and subscription services.

Independence

Our information security and privacy functions operate independently from information systems and product development, reporting directly to the Vice President, Legal and General Counsel. This structure ensures objective oversight and accountability for security and privacy risks.

Hiring and training

People are central to our ISMS.

All Nialli employees undergo identity and background screening and receive mandatory security awareness training upon onboarding, with ongoing training provided throughout their employment. Our people are required to review and accept key company policies annually. All employees are tested quarterly on social engineering attacks and receive follow-up training as required.

We take very careful and deliberate steps to manage the employment life cycle (prior to employment, during employment and at termination or change of employment) to effectively manage the risk of information security exposures to our customer-facing services and internal operational systems.

Access to systems is granted strictly in accordance with the principle of least privilege, ensuring that users receive only the minimum level of access required to perform their job functions. This includes active and ongoing monitoring of access to systems to ensure no unauthorized or excessive access.

Our access control procedures enforce timely modification, reduction, or removal of access rights when user roles change, ensuring that privileges always remain aligned with current responsibilities.

Network security

Our network architecture follows industry recommended practices of segmentation; the internal enterprise network is logically and physically separate from the production network with several layers of access control implemented to restrict access to the production environment.

Physical security

Physical access to our corporate facilities is restricted to authorized personnel, registered visitors, and authorized facility management personnel. Additionally, security controls such as a badge access system and closed-circuit television (CCTV) monitoring are in place to ensure that only authorized individuals access our facilities.

Secure software development

Nialli has implemented a Secure Development Process and formal procedures are in place to

  • Define Security Requirements: which include threat modelling, metrics for reporting and security/privacy considerations during design review

  • Secure Development and Testing: processes are in place to manage third-party components and tools; static analysis is performed during application build procedures; and dynamic analysis and penetration testing are conducted both internally and by external experts.

  • Review Security Compliance: the software delivery process includes a final security review before deployment

  • Respond to Security Incidents: established incident response and periodic disaster recovery testing procedures are in place

Encryption and key management

We adopt the use of 256-bit AES encryption for data at rest and Transport Layer Security (TLS) 1.2 or higher for data in transit. We maintain an “A” ranking from Qualys SSL Labs (www.ssllabs.com) for our certificate, protocol support, key exchange and cipher strength on our website. We only use current cryptographic technologies and disable older, less secure or compromised technologies. Encryption controls are reviewed periodically and as new threats emerge.

Security controls are implemented to ensure that cryptographic keys are managed across the life cycle – generation, distribution, storage and change. Company-owned devices are encrypted, and the management of encryption keys and certificates are highly restricted.

Change management

We use documented change management procedures to ensure changes to information systems and services are done reliably and with the least impact to customers and internal users.

Supplier relationships

We use approved third-party providers and technology to help meet our needs and that of our customers. These providers and technologies are evaluated for security and privacy risks and are required to meet our security requirements.

Payment processing

We use an independent, PCI-compliant company to process credit card payments. Nialli does not process or store customer payment card information.

Incident response and business continuity

If a security event is suspected to have occurred, our security incident process guides us through threat evaluation and containment of the event. This process includes appropriate notifications to customers.

We also take proactive steps by planning and testing our business continuity and disaster recovery capabilities to reduce the time and effort of recovering from a potential disruptive incident. The lessons learned from these exercises help improve the processes and our business continuity framework.

Technical security assessments

We regularly engage an independent, accredited third party to perform vulnerability assessments and penetration testing on our information systems and products. Any significant vulnerabilities identified are promptly remediated and subsequently retested to confirm resolution.

These assessments follow the Security Testing and Incident Response Team (STIRT) vulnerability assessment methodology, which is based on the Open Source Security Testing Methodology Manual (OSSTMM) developed by the Institute for Security and Open Methodologies (ISECOM) and incorporates guidance from the OWASP® Testing Guide.

Assessments are conducted both in alignment with product releases and at defined periodic intervals to ensure ongoing security assurance.

 © 2026 Nialli Inc. All rights reserved. Nialli and the Nialli logo are trademarks or registered trademarks of Nialli Inc. in the United States, Canada and other countries. All third-party product and company names are for identification purposes only and may be trademarks of their respective owners. May 2026.