An NDA (Non-Disclosure Agreement) is a legally binding contract that obliges the signatories to keep specified information confidential. In an ISMS context, NDAs are relevant when working with suppliers, external consultants, and new employees. ISO 27001 Annex A.6.6 requires confidentiality agreements for individuals with access to sensitive information. A well-drafted NDA defines the scope of confidential information, the duration of the obligation, permitted exceptions, and consequences of a breach. You should use standardized NDAs as part of your onboarding and supplier management processes.