Healthtech

Nilo: ISO 27001 as a foundation of trust for sensitive health data

How nilo achieved ISO 27001 certification with Kertos—and made security a permanent part of their daily workflow.

Nilo: ISO 27001 as a foundation of trust for sensitive health data
5
months

to successful ISO 27001 certification.

21
Policies

created in just a few weeks – structured, verifiable, and audit-ready with the Kertos platform.

4
hours

saved per month managing all ISO 27001-related tasks.

Discover Kertos

Put your compliance on autopilot - both data protection and information security.

Book a Demo

About the company

nilo is a digital mental health platform that supports companies and their employees with high-quality psychological healthcare. The offering includes individual sessions with psychotherapists and psychological coaches, group sessions, as well as webinars and on-demand content—all via an easy-to-use platform. With a 96% user satisfaction rate and a fivefold return on investment, nilo is one of the leading providers in the field of workplace mental health.

The challenge

The biggest challenge during implementation was the combination of an ambitious timeline and the intensive need for coordination between the client and the provider. Many processes were already working well at nilo, but structured, auditable documentation was missing in critical areas. This was particularly evident in the lack of transparency between the actual status quo and the requirements of ISO 27001: this gap needed not only to be closed but also permanently embedded into daily operations.

The solution

Kertos guided nilo through the entire ISO 27001 process with close, collaborative support on both sides. The focus was on making existing processes visible, documenting them in a structured way, and communicating them internally so that security is perceived not as an additional task, but as an integral part of daily work. Especially when handling sensitive health data, the combination of GDPR compliance and technical security measures was crucial.

Key components of the solution:

  • ISO 27001 controls: fully mapped on the Kertos platform and documented without gaps
  • Gap analysis & as-is/to-be transparency: systematic assessment of the current security level and derivation of concrete measures
  • GDPR & data protection management: structured management of data protection requirements, particularly relevant for processing sensitive health data
  • Process documentation & internal communication: sustainable integration of security processes into the daily work of all teams
  • Trust Center: transparent presentation of certifications and data protection standards for corporate clients and business partners
  • Kertos AutoChecks: ongoing, automated monitoring of technical controls for continuous compliance assurance

The result

ISO 27001 certification has created measurable added value for nilo in several ways: it confirms, both internally and externally, the high security standard that a mental health platform must meet when handling sensitive health data. Ongoing monitoring by Kertos ensures that processes comply with requirements not just at the time of certification, but on an ongoing basis. Furthermore, the Trust Center significantly simplifies the onboarding of new business partners—relevant security and data protection evidence is accessible at any time, without time-consuming manual audit processes.

Peter Schrader
Head of Finance

Data protection as a promise of trust

At nilo, individuals and companies trust us with highly sensitive matters. For nilo, data protection and information security are not just compliance issues, but a core part of our product promise. Together with partners like Kertos, we ensure that we consistently meet the highest standards and continuously develop them further.

FEATURES

No items found.
TESTIMONIALS

What Our Clients Say About Us

Compliance that stands out: Whether B2C, B2B, start-up or scale-up, Kertos is the right solution for companies that are scaling quickly.

Stefan Hessel
Stefan Hessel
Salary Partner & Head of Digital Business, reuschlaw

“Reliable partner for all compliance issues”

For us, Kertos is the reliable partner for all compliance issues. Whether it's ISO27001 certification or data protection, we really appreciate Kertos' expertise and support.

Mirco Roth
Mirco Roth
Co-Founder & CTO, Augmented Industries

“Absolutely impressed us”

From start to ISO 27001 in 2.5 months? — With Kertos, this goal was possible. We were absolutely impressed by the combination of technical innovation, comprehensive expert knowledge and flexible adaptation to our business needs.

Maurice Schweitzer
Maurice Schweitzer
Co-Founder & CEO
No items found.

Security that wins the trust of enterprise customers.

Kertos enabled us to centrally manage the entire ISO 27001 certification while staying fully focused on our product. With automated controls, first-class expert support, and a clear structure, the process was more efficient than expected and has permanently strengthened our position with enterprise customers.

📅 Schedule Your 5min Compliance Check

Please enter your business email to continue. We require a company email address to ensure we can best serve your organization.

📞 5min Compliance Check