At what stage of your engagement do you sign an NDA with a vendor you are evaluating? Day 1? POC? Never?


3.8k views1 Upvote6 Comments

CIO in Energy and Utilities, 11 - 50 employees
Depends on what you understand as “day 1”.

It has to be signed as soon as you need to share sensitive info or grant access to any asset.

So, rule of thumb: it is much better to have your own NDA proforma and have it signed by all parties as soon as you realize you need it in order to move forward with your vendors.
CIO in Hardware, 1,001 - 5,000 employees
The day I start having business discussions.. It could be just after the first meeting.. 
Director of Network Transformation, Self-employed
When the talks get serious about the tech.  Or there is a confidential use case.  But never day 1.  
1
VP of IT, Self-employed
Before sharing any information about the company, it could be on Day 1, POC, contracting, or before implementation. But it must precede sharing any information about the technology or security stack of my company.
VP of IT & CISPO in Finance (non-banking), 201 - 500 employees
It depends. 

If we are doing something proprietary or a new competitive business initiative then on day 1.  

If we are doing something more in the I&O space then at POC.  
1
Executive Vice President, Chief Digital Officer & Head of Cybersecurity in IT Services, 1,001 - 5,000 employees
It is signed on the day when you are asked to share any information.
2

Content you might like

1Password19%

OneLogin41%

LastPass24%

BitWarden3%

Other (comment below!)12%


326 PARTICIPANTS

1.3k views1 Upvote11 Comments

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.4k views133 Upvotes323 Comments

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.56%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.9%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


333 PARTICIPANTS

8.7k views9 Upvotes1 Comment