Contract Management

 View Only
  • 1.  NDAs for IT vendors

    This message was posted by a user wishing to remain anonymous
    Posted 12-13-2021 07:33 AM
    This message was posted by a user wishing to remain anonymous

    When do you use an NDA with IT vendors? If we are purchasing consulting services we require a signed NDA. Does anyone ask for an NDA when from the manufacturer of software? We have not historically. I was curious if others were, however.


  • 2.  RE: NDAs for IT vendors

    Posted 12-13-2021 09:03 AM
    We require an NDA as part of all contracting.  Some of the larger vendors there is no flexibility in contracting in which we case we make an exception and document the exception. 

    Shelly

    ------------------------------
    Shelly Chase
    Senior Risk Analyst Officer
    ------------------------------



  • 3.  RE: NDAs for IT vendors

    This message was posted by a user wishing to remain anonymous
    Posted 12-13-2021 09:22 AM
    This message was posted by a user wishing to remain anonymous

    For us it's a standard operating procedure for any engagement with a third party (prospective vendor or customer) where there is sharing of confidential information prior to the formal execution of a contract, as the contract has similar verbiage around confidentiality and privacy that essentially supplants the NDA. This is all outlined in an NDA Guidance that is appended to our corporate policies for Purchasing and Vendor Management. The NDA Guidance helps to clarify instances such as "When Is An NDA Required?" and help ensure the processes around it are universal across the enterprise (authority to sign, procedures for redlines, storage/retainment of executed NDAs, etc.)


  • 4.  RE: NDAs for IT vendors

    Posted 12-14-2021 08:20 PM
    hi

    in short:

    It has been my experience that we use NDAs when we engage a supplier and share data classified as confidential or higher.  It gives the client a level of comfort that if something happens (e.g., data leakage)  there is at least some level of compensation. (you should also have a security rider in the contract to help ensure the right level of data protection data privacy & controls are in place...but this is another story for another time)

    In most cases re SW manufacturers you are buying the SW, which will run in house...no sharing of data, so an NDA is not necessary.  In these cases, you should have an escrow clause.

    When you share data, use an NDA

    happy to chat further

    Happy Holidays

    ------------------------------
    john peck
    ------------------------------