Apr 07, 2017 - 06:48 AM
Most of the non-disclosure clauses embeded in a Software Licence Agreement will allow the customer to disclose the terms of the agreement and associated events to their advisors and auditors. So in principle it is not an issue.
However when customers signing additional NDAs for the purpose of the audit with the vendor and its auditors, such 'exception' is often overlooked - so in a way it can be a breach.
Apr 10, 2017 - 12:14 AM
Great question. Even with an NDA, could you still talk 'generally' about the audit - 'I'm being audited by a vendor who is focusing on how we virtualise our databases. Not finding the experience very useful' for example?
You're not actually disclosing any information or vendor names, but you may find someone who reads between the lines, works out the vendor and is able to offer advice!
Apr 10, 2017 - 08:15 AM
This raises a good point.
You can probably (depending on your NDA) about the general (aka non-confidential non-proprietary) aspects of your audit. I don't think I've ever seen an NDA that limits the licensee from disclosing general information about an audit.
I would suggest that you force any auditing licensor to sign an NDA on your behalf. Ex. "They cannot disclose without written permission from X the nature of the audit, the process undertaken, etc." This will avoid the licensor from sending this information to BSA or FAST. Just give you more peace of mind as well.