At what stage of your engagement do you sign an NDA with a vendor you are evaluating? Day 1? POC? Never?

Security & GRC Vendor Management Vendor/Product Assessment+1 more

3.9k views1 Upvote6 Comments

Sort By:

Oldest

CIO in Energy and Utilitiesa year ago

Depends on what you understand as “day 1”.

It has to be signed as soon as you need to share sensitive info or grant access to any asset.

So, rule of thumb: it is much better to have your own NDA proforma and have it signed by all parties as soon as you realize you need it in order to move forward with your vendors.

CIO in Hardwarea year ago

The day I start having business discussions.. It could be just after the first meeting..

Director of Network Transformationa year ago

When the talks get serious about the tech. Or there is a confidential use case. But never day 1.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

VP of ITa year ago

Before sharing any information about the company, it could be on Day 1, POC, contracting, or before implementation. But it must precede sharing any information about the technology or security stack of my company.

Chief Information Officer in Educationa year ago

It depends.

If we are doing something proprietary or a new competitive business initiative then on day 1.

If we are doing something more in the I&O space then at POC.

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRC Network Threat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results

1.7k views1 Upvote

If you have had a negative experience with a vendor (without naming the vendor), what did you learn from it?

Financial Management Vendor Management

VP of Global IT and Cybersecurity in Manufacturing6 years ago

Have clear business requirements up front, make sure the proposal includes items such as scope, timeline, cost, resources.

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer. They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management Tools Security & GRC Strategy & Architecture+1 more

Director of Information Security9 days ago

We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & Collaboration Security & GRC Device Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results

2.4k views2 Upvotes

Who do other large companies use as an outside cybersecurity firm to assess their cybersecurity program, controls and also have the capabilities to perform red team activities and adversary attack simulations?

Vendor/Product Recommendation Security

Strategy & Enterprise Architecture VP, Information Systems9 days ago

We have used in the past Mandiant, Accenture, and Deloitte to perform cybersecurity program assessments. For red team activities, we rotate vendors each year and have used the same vendors as above.