A Non-Disclosure Agreement (or Confidentiality Agreement) is an agreement entered in to by two or more people, or on behalf of a legal entity, before particular data is shared between the parties for use to achieve an intended outcome.
For example, a contracted software developer may enter into an NDA with a company in order to gain access to a project plan or wire-frame of a new app.
At the point of entering in to an NDA there may be no any other contractual relationships in place, and it does not guarantee that the parties will continue the relationship to a successful/profitable conclusion.
However, it is likely that the clauses of the NDA will stand after the relationship has ended in order to protect one or all parties’ intellectual property, reputation or other asset.
So Why Enter in to an NDA?
To Test the Waters
You don’t always know if a project is going to work until you take the first step and an NDA allows parties to share information freely without entering in to a contract of work but while feeling comfortable that the information has some protection. It may also be required to meet other contracts that are in place, particularly in sub-contractor arrangements.
To Set the Expectation
An NDA can set the tone and expectations for an ongoing relationship by making clear that the originating party values the information it is holding, and expects proper security controls to be put in place.
Once this has been made clear, the information security culture is often carried through any ongoing relationship.
Provides the Allure of Something Important
Occasionally an NDA might be used to give the perception of value to the information that it covers, to ensure all parties take the project seriously or for other commercial reasons.
NDAs Addressed in ISO 27001 the Information Security Standard
In the 2013 revision of ISO 27001, Annex A provides a dedicated control (A13.2.14) for Confidentiality or non-disclosure agreements and requires agreements to reflect “the organisation’s needs for the protection of information [to] be identified, regularly reviewed and documented”.
Find Out More
For further help with protecting your data, intellectual property or implementing ISO 27001 contact our consultants.