ISO 27001 & 22301 / Question regarding NDA
Would like to know whether the certified under ISO 27001 party should obtain from the employees of the outsourcer NDAs or the NDA between the outsourcer and the party is sufficient.
Please select user.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
By your question, I’m assuming that control A.13.2.4 Confidentiality or nondisclosure agreements are applicable to your scenario.
Considering that, the answer to this question will depend on the laws and regulations applicable to your jurisdiction, so you should consider hiring local legal expert advice.
For example, some laws and regulations may require an NDA only from the outsourcer organization, or that this NDA must be extended to individual NDAs to their employees.
This article may provide you a start on applicable laws and regulations, but note that these references depend on the contributions of our reader, and some of them can be outdated:
For further information, see:
HTML tags are not allowed