A Non-Disclosure Agreement (NDA) is a legally binding contract that establishes a confidential relationship between parties, obligating them to protect sensitive information shared during a business relationship. NDAs specify what constitutes confidential information, the obligations of the receiving party, the duration of the confidentiality obligation, and the consequences of a breach, providing a legal framework for secure information exchange.
In a compliance and security context, NDAs are essential when engaging with third parties such as consultants, managed service providers, or potential business partners who may access sensitive data. Frameworks like ISO 27001 specifically require organisations to identify and document confidentiality requirements with external parties, making NDAs a fundamental control in third-party risk management programmes.