Confidential agreements or NDAs should be put in place to safeguard crucial information alongside legal requirements. These agreements apply to personnel and interested parties in the organization and the terms should be written based on the information security requirements, considering information type, how it’s classified, usage, and access permitted to the other party.