At what stage of your engagement do you sign an NDA with a vendor you are evaluating? Day 1? POC? Never?

Security & GRC Vendor Management Vendor/Product Assessment +1 more

3.8k views1 Upvote6 Comments

CIO in Energy and Utilities, 11 - 50 employees

Depends on what you understand as “day 1”.

It has to be signed as soon as you need to share sensitive info or grant access to any asset.

So, rule of thumb: it is much better to have your own NDA proforma and have it signed by all parties as soon as you realize you need it in order to move forward with your vendors.

CIO in Hardware, 1,001 - 5,000 employees

The day I start having business discussions.. It could be just after the first meeting..

Director of Network Transformation, Self-employed

When the talks get serious about the tech. Or there is a confidential use case. But never day 1.

VP of IT, Self-employed

Before sharing any information about the company, it could be on Day 1, POC, contracting, or before implementation. But it must precede sharing any information about the technology or security stack of my company.

VP of IT & CISPO in Finance (non-banking), 201 - 500 employees

It depends.

If we are doing something proprietary or a new competitive business initiative then on day 1.

If we are doing something more in the I&O space then at POC.

Executive Vice President, Chief Digital Officer & Head of Cybersecurity in IT Services, 1,001 - 5,000 employees

It is signed on the day when you are asked to share any information.

Content you might like

What's your favorite password management service?

Security & GRC Security Operations Center (SOC)Vendor/Product Recommendation +1 more

1Password19%

OneLogin41%

LastPass24%

BitWarden3%

Other (comment below!)12%

326 PARTICIPANTS

1.3k views1 Upvote11 Comments

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

142 19 Replies

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & Platforms End-User Services & Collaboration People & Leadership +4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.56%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.9%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%

333 PARTICIPANTS

8.7k views9 Upvotes1 Comment

Do you have a backup tool for Microsoft 365? Is it necessary?

Document Management Backup & Disaster Recovery Vendor/Product Recommendation

Director of IT in Software, 201 - 500 employees

Its a must as Microsoft don’t backup the office 365. Yes, you have 30 days retention or depending if its Sharepoint/one drive can go to 90 days there is nothing long term and there is no guarantee that the data can be restored. ...read more

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.

Security & GRC Regulatory Compliance

179 views