CyberGRX operates an exchange model that is predicated on our ability to share your assessment with your upstream Customers. To this end, CyberGRX is unable to sign an NDA for any engagement. As part of its services, CyberGRX conducts assessments on its Customers’ Third Party vendors to cover the existence of cyber security controls, which allows you to complete one assessment and share it multiple times with multiple Customers.
Our Third Party Profile Agreement (TPPA) specifically addresses your access to our software platform in order to complete the assessment questionnaire, how our assessment process works, and how we can use your data. None of these issues are addressed in an NDA, which ultimately intends to restrict the use of confidential information. This does not align with the intent of our exchange model.