NDAs
This type of information includes, but is not limited to:
(i) customer information and prospective customer lists, and details of agreements with customers;
(ii) vendor and supplier information and prospective vendors and suppliers, and details of agreements with vendors and suppliers;
(iii) acquisition, expansion, marketing, financial and other business information, plans, projections and strategies;
(iv) research and development data;
(v) computer programs;
(vi) information concerning sources of supply;
(vii) information regarding the identity of vendors, suppliers, consultants and/or contractors and Confidential Information and/or work product developed by them on behalf of Disclosing Party;
(viii) purchasing and other cost data; (ix) special customer needs, cost and pricing data;
(x) employee information (including, but not limited to, personnel, payroll, compensation and benefit data and plans); (xi) franchisee information;
(xii) methods of operation;
(xiii) personally identifiable information; and
(xiv) all information or proprietary materials not generally known in the relevant trade or industry but commonly and uniformly treated as confidential
What is Confidential Information?
One who may have access to our Data, plans to store/process our Data, and/or interconnectivity to our systems.
What is a (Technology) Vendor?
This person is STS's Enterprise Architect.
Who is Jim Foppe?
This party/role is responsible for defining and negotiating Legal terms with vendors (not a trick question :) ).
Who is Legal?
This person is a contact for all things Vendor Management.
Who is Julie Price?
We typically only enter this type of NDA, which only covers confidential information disclosed by us to the vendor.
What is a Unilateral NDA?
This vendor is our partner for security and risk assessments. They assign a letter grade and risk rating for the vendor.
Who is CORL?
Any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual.
What is Personally Identifiable Information (PII)?
These are an input to the contract that are separate from its Legal Terms. They may vary based on types of Service (SaaS, Software Purchase, Professional/Staff Aug/Managed Services) and for SaaS include Term/Duration/Termination Assistance, Vendor's Termination Rights, Pricing, Payment Schedule, Service Levels, Maintenance and Support, Security, Functional/Architectural Specifications, and Disaster Recovery.
What are Business Terms?
This group supports stakeholders across the business with an objective vendor search via their Strategic Sourcing Process. Depending on the impact of the solution, they will either Lead or Coach/Consult vendor sourcing.
Who is Corporate Procurement?
Many vendors will ask to sign this type of NDA, which it is our position NOT to sign.
What is a Mutual NDA?
This activity aligns the business on strategy when contracting/managing vendors. Decisions around risk, security, financial auditing, business continuity, vendor scorecarding, etc are aligned with the business.
What is (Vendor) Tiering?
A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities.
What is a Disaster Recovery Plan?
This party/role is responsible for Business Terms definition and negotiation with the vendor.
Who is the DTT Owner?
NDAs take, on average, this long to prepare.
What is 1-2 days?
We may additionally enter in to this type of NDA where the vendor is the discloser & we are the recipient, and the scope of is limited to only the DTT Security Questionnaire. (This is only in conjunction with a signed Unilateral NDA)
What is a Limited Two-Way NDA?
This Tier has only one round of questioning during Tiering due to its impact on Sales/Operations, our Reputational Risk, and/or Personal Physical Safety.
What is Tier 1?
Disaster Recovery Plan effectiveness is measured by these two metrics/service levels that tell:
1. application downtime that can be tolerated without any significant harm to the business, and
2. amount of data that can be lost without causing irreparable damage to the business.
What are Recovery Time Objective (downtime) and Recovery Point Objective (data loss)?
This review process has both parties make changes to the contract and can go through multiple iterations.
What is Redlining?
This is the name of Legal's Contract Request Form Tool.
What is Boarding Pass?
When requesting a Limited Two-Way NDA for confidential details OTHER THAN the DTT Security Questionnaire, this person/role must first approve.
Who is a VP or the CDO?
This IT Vendor Segment, according to Gartner's Model, is HIGH on Business Value but LOW on Relationship Impact.
What is the Emerging segment?
This describes how a system is designed to maintain an agreed upon uptime requirement. In SaaS solutions, this often includes multiple, geographically dispersed tenants and data replication between them.
What is availability (architecture)?
Which contract form to use prior to responding to the vendor. Typically, when a Master Service Agreement is already in place, this type of document is produced.
What is Statement of Work?
Agreements with NEW legal terms -or- agreements with same/no new legal terms but are over $250,000 should be signed by this person/role.
Who is the DLT member (with DTT VP Awareness)?