Here's the scenario: You're speaking with a new managed service provider (MSP) and think you've found one that fits the bill perfectly. However, after speaking with their sales representative regarding a free IT assessment, they ask you to sign a document. It's asking you for something other providers haven't asked you to do before: agree to a non-disclosure agreement (NDA).
You might be wondering what that's for and why other providers don't present it after the initial call. We can help answer that.
Intelligent Technical Solutions (ITS) is an MSP that has helped hundreds of businesses optimize their IT for over two decades. As part of our standard practice, we like to have a mutual NDA with our clients before we look at their environment. In this article, we'll explain why we do and why some MSPs don't.
NDA After the Initial Call: What is it for?
In as few words as possible, it's for mutual protection.
An NDA is necessary because it helps organizations protect sensitive and confidential information from being disclosed to unauthorized parties. It is a legal contract between parties that ensures the recipient of the confidential information is bound by law not to share, misuse, or exploit the information for their gain.
In the context of this article, however, the NDA is shared between two parties that haven't exactly joined into a service agreement. That has led to some people questioning why it's there in the first place.
To explain that, we had a chat with ITS Partner Todd Whitley. According to him, conducting a network assessment after the initial call is part of the ITS sales process. It helps build the team's credibility and helps clients understand what the company does. It's also because they will be going through your organization's IT environment to look for gaps and vulnerabilities.
"If we're going to start looking around in your environment, you should have some assurances that we're not going to keep this information or sell it or anything like that," Whitley explains. He adds that the agreement helps affirm that ITS is just there to gather information and report it back to you.
On the flip side, a mutual NDA also helps ITS protect its information from leaking out. More specifically, they're trying to protect their business processes, proprietary software, etc. "Because ultimately, that's our secret sauce," Whitley says.
That protection is crucial as it helps ITS safeguard its intellectual property, maintain a competitive advantage, and preserve the trust and confidentiality essential for successful business collaborations in the future.
Why Don't All MSPs Have NDAs Before Conducting a Network Assessment?
While offering an NDA before conducting a network assessment is standard practice for ITS, it's not so standard in the industry. According to Whitley, while many MSPs are already picking up the practice, not everyone is doing it. And the ones that do it do so voluntarily. That's because there is currently no regulation mandating IT support companies to offer an NDA before conducting an IT assessment.
"If an MSP or IT service provider doesn't have those things, that should raise some red flags, especially if regulatory compliance requirements are in play," he warns. Letting an MSP go inside your network to look around is a big risk. It's a lot like allowing a third-party entity to browse your smartphone without limits. They can see your messages, call history, contacts, emails, and more. You can already imagine how much damage that can do, especially if that party had malicious intent.
Now, we're not saying MSPs that don't have NDAs will use your information for nefarious schemes. However, you should know better than to let strangers into your network without imposing strict rules and a legally binding contract.
Risks of Not Agreeing with a Mutual NDA Before the Assessment
There are a lot of things that can go wrong if you choose to opt out of the NDA before getting an assessment from an MSP. They include:
1. Legal Liabilities
Without an NDA, there could be no legal action you can take against someone who breaches confidentiality and misuses your data. In short, you'll be left up a river without a paddle. An NDA will set clear expectations and legal obligations regarding the handling of confidential information and provide a basis for legal action in case of violations.
2. Compliance Problems
If your organization is subject to regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS), not having an NDA will cause an issue. These regulations and others like them require you to safeguard sensitive data and maintain confidentiality. Failing to implement appropriate measures, such as an NDA, could lead to non-compliance and potential legal repercussions.
3. Reputational Damage
If customer data or proprietary information is leaked or misused, it can lead to a significant loss of trust among your clients, business partners, and stakeholders. It can cause considerable damage to your reputation, which can be challenging to recover from.
4. Uncontrolled Data Sharing
You might not want to share all your information with a third party. Unfortunately, that level of control is not assured unless you have an NDA. It establishes clear guidelines on what information can be shared, with whom, and under what conditions. Without an NDA, your company has less control over how the information is used and disseminated.
Are You Ready for a Network Assessment?
It is essential to have an NDA in place before allowing a potential MSP to conduct a network assessment. The agreement should outline the scope of confidentiality, the purpose of sharing information, the permitted use of the information, and the consequences of breaching the agreement. A reliable MSP will provide you with all of that and even allow you to change certain parts of the agreement when necessary. That gives you more control over what data you share.
ITS has provided network assessments to hundreds of businesses, helping them spot gaps and vulnerabilities as part of its sales process. If you want to know where your current cybersecurity efforts stand while ensuring your private data remains confidential, schedule a free IT assessment with us. You may also reach out to one of our consultants for a quick call on your concerns about signing an NDA and the network assessment process.