Do we need an NDA before discussing scope with you?

Short answer

We default to working under a mutual NDA from the first scoping call. If your team has a standard NDA template, we sign yours. If you don't have one, we provide our standard mutual NDA. There is no charge for scoping discussions or for the NDA review.

What our standard NDA covers

Our standard mutual NDA covers technical, business, and personnel information shared during scoping discussions, engagement execution, and post-engagement support. It is mutual: protections apply equally to both parties. It includes:

- Confidentiality term: 5 years from disclosure for general technical and business information; perpetual for trade secrets clearly marked as such - Permitted disclosure: to professional advisors (legal, accounting) under their own confidentiality obligations - Return-or-destroy obligations at engagement end - No grant of intellectual-property licenses through information sharing - Jurisdiction: Hong Kong arbitration is our default; we adapt to client preference where required by client jurisdiction

We sign client-template NDAs without modification in the great majority of cases. Where a client template includes terms that conflict with our professional obligations (mandatory reporting, technical-finding ownership transfer, perpetual unilateral confidentiality without reciprocity), we discuss those specific clauses before signing.

The case for moving fast on the NDA

A signed NDA in place before the first technical conversation lets the client share the actual system architecture, source-code layout, and incident history that drive accurate scoping. Scoping engagements that operate under "let's be vague until the contract" tend to under-scope the actual technical surface, which produces engagement-execution friction that benefits no one.

Related

- Rules of Engagement - Security & Data Handling - Engagement models — overview

---

End of faq-batch-3/article.md (5 FAQ pages).