When working with sensitive information, individuals are required to agree with and sign a non-disclosure agreement (NDA). At a minimum the NDA specifies how the individual should handle the sensitive information and how long restrictions apply after working with the information has ceased. Also, the NDA specifies the consequences for the individual when breaching the agreement.
Specification
NDA is available on processing sensitive data.
ISO 27001 & 27002:2022
8.1,
A5.14,
A5.19,
A5.20,
A5.21,
A5.22,
A5.23
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SC.03 Supplier risk management