Nomiris is a compliance control tracking and risk management platform. It gives the CISO real-time visibility, automates follow-ups, and centralizes evidence.

How do escalations work?

When a control approaches its deadline, the owner receives a reminder. If nothing is done, automatic follow-ups are sent to the owner then escalated to the manager and director.

Can risk owners upload their evidence?

Yes. Each control owner accesses a simplified view of their assigned controls and can upload evidence directly in the platform.

Which frameworks are supported?

ISO 27001:2022 is the primary framework. Nomiris also covers SOC 2, DORA, and GDPR. More frameworks are added regularly.

Nomiris is a Swiss company. Your data is hosted in Switzerland, encrypted in transit and at rest, compliant with GDPR and nDSG.

Nomiris — ISO 27001 Compliance Tracking

1. Who we are

Nomiris is a compliance control tracking and risk management platform operated by Nomiris SA, a Swiss company. We are deeply committed to protecting your personal data and being transparent about how we process it.

2. Data we collect

We collect the following data:

Registration data: name, email address, company
Connection data: IP address, connection logs, browser preferences
Usage data: actions performed in the platform, controls created, evidence uploaded
Communication data: messages sent to our support, follow-up emails

3. How we use your data

Your data is processed for the following purposes:

Providing and improving the Nomiris service
Managing your user account and authentication
Sending notifications and follow-ups related to compliance controls
Customer support and incident resolution
Compliance with legal and regulatory obligations (GDPR, nDSG)

4. Hosting and security

Your data is hosted in Switzerland, in ISO 27001-certified data centers. We implement technical and organizational security measures to protect your data: encryption in transit (TLS 1.3) and at rest (AES-256), strict access controls, and regular encrypted backups.

5. Cookies

Nomiris only uses strictly necessary cookies for the operation of the platform (authentication, session, language preferences). We do not use tracking cookies or targeted advertising cookies.

6. Your rights

Under GDPR and Swiss nDSG, you have the following rights:

Right to access your data
Right to rectification
Right to erasure (right to be forgotten)
Right to data portability
Right to object to processing
Right to withdraw consent at any time

To exercise these rights, contact us at [email protected].

7. Data retention

Your data is retained as long as your account is active. Upon account deletion, your data is erased within 30 days, unless legally required to retain it. Security logs are kept for 12 months.

8. Contact

For any questions regarding this privacy policy, contact our Data Protection Officer (DPO) at [email protected].