Your Shared Profile is a repository for your security and compliance documentation (including questionnaires, SOC 2 reports, certifications, and more) which allows you to more easily share this information with your customers and other relevant parties, ultimately making it faster to complete assessments. You may want to ensure that anyone who has access to these documents has agreed to the terms of your organization’s standard NDA. You can do this using our NDA protection feature.
In this article we will cover:
What protection options are available for Shared Profiles?
The following protection options can be configured:
Publish or unpublish your Shared Profile, to make it available or hide it from view
Enable or disable request-based Access protection
Enable or disable NDA protection
You can use NDA protection in conjunction with Access protection, or on its own. If NDA protection and Access protection are enabled, customers must agree to the terms of your NDA, and request access to your Shared Profile. You must explicitly grant their access request before they are able to view the documents contained within.
If Access protection is disabled but NDA protection is enabled, customers must agree to the terms of your NDA before viewing the documents in your Shared Profile, but you do not need to explicitly approve or deny their request. Once an NDA is submitted, no further action is required.
In either case, you will be able to see who has access to your Shared Profile via the Access and Access log tabs in My Shared Profile.
How to set up NDA protection
To enable NDA protection, navigate to My Shared Profile, and click on the Shared profile settings button (cog icon), found at the top right of the page.
Then use the toggle to enable NDA protection.
Copy+paste your NDA text into the window that appears when NDA protection is enabled.
Because this is a legal agreement between you and a third party, UpGuard does not provide NDA wording, nor is UpGuard party to the agreement you form with those third parties.
You can preview the NDA to see what this will look like for your customers. Finally, don’t forget to click Save changes to complete the setup process.
How to access NDAs that have been agreed to
Navigate to My Shared Profile > Access to see a list of customers and their current state. From here, you can download copies of the agreed-to NDAs, which are annotated with a timestamp and the customer’s details. Your customers can also access a copy of this document at any time by viewing your Shared Profile.
How to change NDA protection settings
You can change these settings at any time via the Shared Profile Settings page. NDA protection is not applied retroactively, so any customers who you have previously granted access to will continue to have their access.
If you wish to change the access state of an individual organization—for example, to request that they agree to new NDA wording—you can do this via the Access page. The following statuses are available:
Download: An NDA has been agreed to, and can be downloaded via this link, along with any historical versions.
N/A: Organizations who had pre-existing access to your Shared Profile, and have been grandfathered in.
Manually Approved: If you have an NDA agreement in place external to the UpGuard platform, you can mark these organizations as ‘manually approved’.
Pending: Organizations in this state have not yet agreed to your NDA, and will not have access to your Shared Profile documents until they do.
You can edit these states per organization via the menu on the right-hand side of the table.
If you also have Access protection enabled an additional option will be available, which allows you to Revoke Access entirely.