NIC Trust Center

Configuration-derived security, compliance, architecture, and data handling profile for lenders and risk teams.

Last updated: 2026-03-03 | Source: runtime_configuration

THEME

1 Security Overview

Encryption in transit: Yes
Encryption at rest: Yes
Tenant isolation: Yes
RBAC enabled: Yes
Audit logging enabled: Yes
Retention policy engine: Yes
Connector KMS provider: local

2 Compliance Roadmap

SOC 2 Type I

in_progress.

SOC 2 Type II

planned.

ISO 27001

future.

3 Architecture Overview

Multi-tenant isolation: Yes
Control-plane separation: Yes
Evidence-first design: Yes

4 Data Handling

Data residency region: us-east-1
Data deletion SLA (days): 30
Retention policy configurable: Yes
Tenant-scoped storage: Yes

5 Access Control

Role-based permissions: admin, member, viewer, auditor, platform_admin
Mode-based UX separation: admin, business, auditor
Least privilege guidance: Yes

6 Incident Response Summary

Detection

Operational alerts, connector failures, and audit anomaly signals.

Response

Containment, investigation, remediation, and tenant impact review.

Notification

Customer communication based on severity and contractual obligations.

7 Vendor Risk FAQ

Do you support SSO?

OIDC-based SSO is supported.

Status: configured

Do you have audit logs?

Tenant-scoped audit logs capture access, ingestion, governance, and workflow actions.

Status: yes

Do you support data residency?

Deployment region is configured as 'us-east-1'.

Status: yes

Do you encrypt data at rest?

Data at rest uses platform-managed encryption controls.

Status: yes

8 Evidence Links

KMS Rotation Runbook (runbook)

9 Attestation

This profile is configuration-derived and does not itself certify external compliance.

10 Vendor Questionnaire Accelerators

SIG Lite Pre-Answers

SIG-LITE-001: How do you isolate customer data?

Tenant-scoped isolation is enforced across retrieval, storage, and audit boundaries.

Status: ready

SIG-LITE-002: Do you provide audit logging and evidentiary exports?

Yes. Tenant-scoped audit trails and export packs are available for compliance workflows.

Status: ready

SIG-LITE-003: What are your encryption controls?

Encryption is enabled in transit and at rest with environment-configured key management.

Status: ready

CAIQ Mapping

AIS-01 -> SIG-LITE-001

Application & Interface Security

Status: mapped

LOG-01 -> SIG-LITE-002

Logging & Monitoring

Status: mapped

EKM-03 -> SIG-LITE-003

Encryption & Key Management

Status: mapped

Data Flow Summary

Nodes: 5 | Flows: 4

source -> ingest

documents, transcripts, metadata

ingest -> store

parsed text, chunks, audit metadata

store -> reason

tenant-scoped retrieval context

reason -> ui

answers, citations, exports

Subprocessors

OpenAI

Model Inference

Reasoning and summarization tasks where enabled by tenant policy.Region: Configurable by deployment | Status: active