We require NDAs from downstream vendors / subprocessors when they will have access to physical locations, but also if they are able to access / view / process / download our employee or customer data as part of their provision of services.
We also require NDAs 'upstream' to our customers before we will release responses to security questionnaires, documents such as policies, IR plans, etc. Some documents we only screen share and discuss on a call. KW
Kate Wakefield, CISSP CIPT
kwakefield@infoblox.com------------------------------
Kate Wakefield, CISSP / CIPT
kwakefield@infoblox.com------------------------------
Original Message:
Sent: 06-04-2021 10:23 AM
From: Anonymous Member
Subject: use of non-disclosure agreements
This message was posted by a user wishing to remain anonymous
When do you have a vendor sign a non-disclosure agreement? All vendors, or just vendors in certain situations (eg, those who will be on-site or have system access)?