About the company
nilo is a digital mental health platform that supports companies and their employees with high-quality psychological healthcare. The offering includes individual sessions with psychotherapists and psychological coaches, group sessions, as well as webinars and on-demand content—all via an easy-to-use platform. With a 96% user satisfaction rate and a fivefold return on investment, nilo is one of the leading providers in the field of workplace mental health.
The challenge
The biggest challenge during implementation was the combination of an ambitious timeline and the intensive need for coordination between the client and the provider. Many processes were already working well at nilo, but structured, auditable documentation was missing in critical areas. This was particularly evident in the lack of transparency between the actual status quo and the requirements of ISO 27001: this gap needed not only to be closed but also permanently embedded into daily operations.
The solution
Kertos guided nilo through the entire ISO 27001 process with close, collaborative support on both sides. The focus was on making existing processes visible, documenting them in a structured way, and communicating them internally so that security is perceived not as an additional task, but as an integral part of daily work. Especially when handling sensitive health data, the combination of GDPR compliance and technical security measures was crucial.
Key components of the solution:
- ISO 27001 controls: fully mapped on the Kertos platform and documented without gaps
- Gap analysis & as-is/to-be transparency: systematic assessment of the current security level and derivation of concrete measures
- GDPR & data protection management: structured management of data protection requirements, particularly relevant for processing sensitive health data
- Process documentation & internal communication: sustainable integration of security processes into the daily work of all teams
- Trust Center: transparent presentation of certifications and data protection standards for corporate clients and business partners
- Kertos AutoChecks: ongoing, automated monitoring of technical controls for continuous compliance assurance
The result
ISO 27001 certification has created measurable added value for nilo in several ways: it confirms, both internally and externally, the high security standard that a mental health platform must meet when handling sensitive health data. Ongoing monitoring by Kertos ensures that processes comply with requirements not just at the time of certification, but on an ongoing basis. Furthermore, the Trust Center significantly simplifies the onboarding of new business partners—relevant security and data protection evidence is accessible at any time, without time-consuming manual audit processes.
Data protection as a promise of trust
At nilo, individuals and companies trust us with highly sensitive matters. For nilo, data protection and information security are not just compliance issues, but a core part of our product promise. Together with partners like Kertos, we ensure that we consistently meet the highest standards and continuously develop them further.




