+HR-06 Non-disclosure Agreements
---+HR-06.01B
---+HR-06.02B
---+HR-06.03B
---+HR-06.04B
---+HR-06.05B
---+HR-06.06B

1. Übersicht

HR-06 Non-disclosure Agreements

-
HR-06.01B The non-disclosure or confidentiality agreements to be agreed with internal personnel and service organisations of the cloud service provider are based on the requirements identified by the cloud service provider for the protection of confidential information and operational details.

A non-disclosure agreement (NDA) is a legal document and has content required by both parties to protect confidential information. Processes and procedures around media handling can be managed separately outside of the NDA. An NDA should cover:

1. Which information or data types must be kept confidential;
2. The period for which this confidentiality agreement applies;
3. What actions must be taken upon termination of this agreement, e.g. destruction or return of data medium;
4. How the ownership of information is regulated;
5. What rules apply to the use and disclosure of confidential information to other partners, if necessary; and
6. The consequences of a breach of the agreement.

These agreements are described in general in HR-02.
HR-06.02B The agreements are to be accepted by service organisations when the contract is agreed.

Confidentiality or non-disclosure agreements should be signed by means of an electronic signature, insofar as this is legally binding.
HR-06.03B The agreements are to be accepted by internal personnel of the cloud service provider before authorisation to access cloud service customer data, cloud service derived data, cloud service provider data and account data is granted.

Confidentiality or non-disclosure agreements should be signed by means of an electronic signature, insofar as this is legally binding.
HR-06.04B The requirements are documented and reviewed at regular intervals (at least annually), as well as in case of significant changes to the cloud service. If the review shows that the requirements need to be adapted, the non-disclosure or confidentiality agreements are updated.
HR-06.05B The cloud service provider informs the internal personnel and service organisations and obtains confirmation of the updated confidentiality or non-disclosure agreement.

Confidentiality or non-disclosure agreements should be signed by means of an electronic signature, insofar as this is legally binding.
HR-06.06B In instances where an agreement on the updates cannot be reached, the cloud service provider assesses the resulting risks to information security according to OIS-07.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen

3. Related Regulations

Regulations
Impressum