Nila Health Trust Center
At Nila Health, security isn't just a feature—it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies. We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.
Compliance
Resources
ISO 27001 Certificate
Information Security Policy
Bring Your Own Device (BYOD) policy
Information Security Management System Communication Plan Policy
Vendor Management Policy
Controls
Quarterly user access reviews performed
Source code access restricted and changes logged
Termination Access Revocation Checklist
Access Segmentation Between Customers and Environments
Multi-factor authentication enforced for production access
Data encrypted at rest
Data protection policy
Data transfers covered by approved safeguards
Cooperation agreements/data sharing frameworks
Data processing agreements executed and retained
Secure connection means utilized
Code of Conduct acknowledged by employees
Web application firewalls configuration
External Attack Surface Vulnerability Scanning & Remediation
Penetration testing and remediation conducted
Anti-malware monitoring
Intrusion detection tool
Centralized Log Collection and Monitoring
SSL/TLS certificates for infrastructure
Monitoring, measurement, analysis and evaluation
Business continuity & disaster recovery plans documented and tested
Incident response and breach notification policy
Security incident logging and review
Breach notification communication
Internal GDPR compliance assessments performed
Binding corporate rules policy
Visitor sign-in, badging, and escort policy
Automated decision-making policy
Technology assets inventoried
Documented Vendor Management Program
Vendor termination
Vendor onboarding
Vendor list
Consent for processing captured via explicit opt-in mechanisms
Age verification and parental/guardian consent process enforced
Confidentiality Agreement acknowledged by employees
Security awareness training implemented
Employee handbook
List of newly hired employees & contractors
Background checks performed on employees
Records of Processing Activities (RoPA) maintained
Multi-availability zones
Asset register maintaining
Notification workflows regarding rectification or erasure maintained
Risk management program
Risk and Governance Executive Committee meeting minutes
Lawful basis assessment
Legitimate interest assessment
Patch management process developed
Board/steering committee bylaws
Mobile Device Management (MDM) and BYOT
Board/steering commitee briefing
Production system hardening and baseline configuration management
Subprocessors
AzureCloud Infrastructure & Platform Services