Home Compliance & Certification Non-Disclosure Agreement Guide

Non-Disclosure Agreement Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact shows that your company uses NDAs to protect sensitive information when working with staff, contractors, or partners. Cyber Essentials requires this because without confidentiality agreements, third parties could legally (or accidentally) share your secrets with outsiders — and that’s like leaving the castle gate unguarded.

2. What You Will Submit

You will need:

  • signed NDA document (template customised for your organisation).

  • This should cover:

    • Definitions of confidential information.

    • Obligations to protect that information.

    • Restrictions on disclosure and use.

    • Duration of the agreement.

    • Parties bound (employees, contractors, vendors).

3. How to Collect / Obtain / Generate This Evidence

For StrongKeep Customers:

  1. Download StrongKeep's Non-Disclosure Agreement Template.

  2. Add your company name, logo, and specific details (parties, scope, duration).

  3. Circulate for signing with employees, contractors, or vendors.

  4. Save the signed copy as PDF.

If building your own NDA:

  1. Use your legal counsel or internal policy framework.

  2. Ensure the NDA covers:

    • Confidential data scope (business, financial, IT, customer).

    • Use restrictions (no sharing, no re-use outside contract).

    • Remedies in case of breach.

  3. Collect signed copies from all relevant parties.

4. Evidence Format

  • Accepted file types: PDF, DOCX.

  • Suggested naming format:
    YourCompanyName_NDA_YYYY-MM-DD.pdf
    Example: AcmeCorp_NDA_2025-07-01.pdf

5. What “Good” Looks Like

  • NDA includes clear confidentiality clauses.

  • Document shows signatures from both parties.

  • Agreement applies to all relevant stakeholders (employees, contractors, vendors).

  • Recent version (not an outdated draft).

Why it matters: auditors want proof that sensitive information is legally protected, not just secured by goodwill.

6. Tips

  • Use e-signature platforms (e.g., DocuSign, Adobe Sign) for easy tracking.

  • Keep a central record of all signed NDAs in your compliance folder.

  • Pair this with your Access Request Process evidence to show contractors don’t just get access — they’re bound by confidentiality too.