Contract Management

This message was posted by a user wishing to remain anonymous

When do you have a vendor sign a non-disclosure agreement? All vendors, or just vendors in certain situations (eg, those who will be on-site or have system access)?

We require NDAs from downstream vendors / subprocessors when they will have access to physical locations, but also if they are able to access / view / process / download our employee or customer data as part of their provision of services.

We also require NDAs 'upstream' to our customers before we will release responses to security questionnaires, documents such as policies, IR plans, etc. Some documents we only screen share and discuss on a call.  KW

Kate Wakefield, CISSP CIPT
kwakefield@infoblox.com

------------------------------
Kate Wakefield, CISSP / CIPT
kwakefield@infoblox.com
------------------------------

Original Message:
Sent: 06-04-2021 10:23 AM
From: Anonymous Member
Subject: use of non-disclosure agreements

This message was posted by a user wishing to remain anonymous

When do you have a vendor sign a non-disclosure agreement? All vendors, or just vendors in certain situations (eg, those who will be on-site or have system access)?

We required NDA's from all 3rd party providers, regardless of services provided​.

------------------------------
Shelly Chase
Senior Risk Analyst Officer
------------------------------

Original Message:
Sent: 06-04-2021 10:23 AM
From: Anonymous Member
Subject: use of non-disclosure agreements

This message was posted by a user wishing to remain anonymous

When do you have a vendor sign a non-disclosure agreement? All vendors, or just vendors in certain situations (eg, those who will be on-site or have system access)?