Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Who needs to sign an NDA?

Im buiding up the ISMS and I requested some positions in my company to sign on NDA in ISMS, but I dont know exactly who have to sign on NDA (eg. Director, CSO, Security Representative etc). If Im the boss, do I have to sign on an NDA?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Signing a Non-disclosure Agreement is one of the controls that can be implemented according to ISO 27001. But, as with other controls in ISO 27001 it should be implemented only if there are risks that need to be decreased with such a control. See also this article: The basic logic of ISO 27001 - How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

To answer your question directly, only those employees where the risks are higher should sign the NDA - it can include also you as their boss if there are risks that need to be decreased using this control. Therefore, first do your risk assessment and then decide who needs to sign the NDA.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community