Atlantic Business Technologies, Inc.

Category: ABT Culture

  • Atlantic BT Becomes SOC 2 Type I Certified. What’s Next?

    Services Organization Control 2 (SOC 2ÂŽ) is a thorough technical audit that requires companies to follow strict security procedures. Attaining a SOC 2ÂŽ report ensures that Atlantic BT is providing safe cloud environments for our clients, both protecting their private data and having a plan of action for detected threats.

    While Atlantic BT completed a SOC 2Ž Type I Audit examination on April 1st 2019, we are currently pursuing SOC 2Ž Type II. Our goal is to give clients peace of mind with our cloud solutions, educate on security measures, and continue to stay up-to-date with industry standards to prevent future threats.

    Type I vs. Type II: What’s the Difference?

    SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide. The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design of its internal controls.

    Type I and Type II both involve reporting controls and processes related to five principles: Privacy, Security, Availability, Processing Integrity, and Confidentiality. Atlantic BT is focusing on Security, Availability, and Confidentiality.

    The primary difference is that Type I confirms our security controls at a single point of time, assuring that all of the proper policies and procedures are in place. On the other hand, Type II spans over six months, assuring that these processes are effectively working.

    How Atlantic BT Became SOC 2ÂŽ Type I Certified

    SOC 2ÂŽ Type I is a starting point that paves the way for Type II. Some examples of the measures we took to achieve our Type I certification include:

    • Use of encryption protocols to protect customer data
    • Designing with tiered access for client accounts
    • Ongoing management of capacity demand
    • Required internal training courses to help employees spot suspicious activity

    Skoda Minotti, an international business advisory firm, was selected to conduct the final audit. Atlantic BT received its SOC 2ÂŽ Type I certification after thorough testing and review.

    [pull_quote]We were excited to work with Atlantic Business Technologies from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.[/pull_quote]

    Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group

    What This Means For Partners

    It is a requirement for many companies to work with SOC 2ÂŽ compliant software partners. Businesses handling sensitive data or working in highly regulated industries, for example being subjected to HIPAA compliance regulations, are required to work with SOC 2ÂŽ compliant providers.

    In general, any security-conscious business can count on the rigorous auditing process to hold companies to a high standard.

    What’s Next for ABT?

    Atlantic BT will undergo audits on an annual basis to maintain their SOC 2ÂŽ report and continue to apply best practices by maintaining logs of their application of these SOC 2ÂŽ controls, policies, and procedures to ultimately achieve SOC 2ÂŽ Type II. Committed to quality, we will continue this voluntary process to provide top-notch service and expand our capabilities.

    [pull_quote]The successful completion of our SOC 2ÂŽ Type I examination audit provides Atlantic BT’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line industry standards and best practices.[/pull_quote]    – Matt Lemke, President of Atlantic BT

    We are happy to further discuss our SOC 2ÂŽ certification or help you plan for any of your security needs. If you are interested in learning more about our cloud and cybersecurity solutions, reach out to schedule a free consultation.

  • How to Innovate in a Highly-Regulated Environment

    ABT helped Mutual Drug navigate a highly-regulated environment to provide a modern, user-friendly application which met and exceeded industry standards. Here’s how we modernized this healthcare website.

    Needed: A Secure and Streamlined Ordering System

    Pharmacists and pharmacy managers must maintain an inventory and order replenishment stock, just as any business selling physical products. However, pharmacies have the additional challenge of meeting the regulatory requirements of dealing with controlled substances (drugs that require a doctor’s permission to use). Specifically, any electronic ordering system they build or use must be compliant with the Controlled Substances Ordering System (CSOS) requirements of the Drug Enforcement Administration (DEA). This basically requires pharmacists to digitally sign orders for controlled substances in order to verify the authenticity of the order.

    Atlantic BT’s client, NC Mutual Drug, is a pharmaceutical distributor with $1.2B+ in B2B volume. Their existing system, while CSOS-compliant, was cumbersome to use and required logging in and navigating two different systems. The client tasked us with designing and building a new system that was secure, highly available, fault tolerant, fully compliant with CSOS requirements and, most importantly, simpler and faster to use than their previous system. Achieving these objectives made it easier for the client’s customers to place small orders more frequently, thus reducing the need for bulk orders and product stockpiling.  

    Performing 11 Validations without Losing Your Mind

    Conceptually, the technical challenge was straightforward: enable the standard required use of Public Key Infrastructure (PKI) to manage a system of digital signatures which could then be used to encrypt and ensure the authenticity and security of orders for controlled substances. This kind of technology is often integrated with web applications to facilitate the secure electronic transfer of information for a range of activities such as e-commerce, internet banking and confidential email.

    Straightforward, however, did not mean simple—we had to design, build, and test a robust, scalable, secure system that would perform eleven validations for each transaction, yet be simple and efficient for the user. After working closely with the client to understand all the usability and functional requirements, we proposed a design to meet their needs.

    Following the Rules, Even When They’re Old

    The real challenge was to implement this standard in a way that was efficient and intuitive yet compliant with standards written over a decade ago (and hence technologically outdated).

    Making matters even more complicated, the detailed requirements of implementing a CSOS-compliant system are scattered over 300+ pages of over a half-dozen government documents. On top of that, the final system would have to be certified by a 3rd-party auditor. Given the dispersed requirements and 3rd-party verification, development of a compliant CSOS system could become a very long, expensive process if not managed carefully.

    We needed to design a more modern web application which would perform both the client and server actions on a consolidated platform—while satisfying standards written more than 10 years ago. 

    Solution: Communicate, Iterate, and Evaluate

    To resolve any open questions, early in the process we contracted with an established 3rd party CSOS auditor to evaluate the application. Atlantic BT worked closely with the auditor to share documents and information so they could provide feedback on the development direction. Atlantic BT then performed multiple internal audits and tests to save our client the significant costs of multiple official audits.

    After extensive back-and-forth discussion with the client and the auditor, including a couple of challenges both to the requirements and to the proposed solution, all parties agreed a slight modification to ABT’s original design would meet both the client’s requirements and the standard. We built the system to the agreed-upon design, tested it, and had it evaluated by the auditors, who approved and certified the application as compliant.

    Result: Elegant Compliance Meets Streamlined Usability

    NC Mutual Drug now has a state-of-the-art solution for their customers to easily, securely place orders for their pharmaceuticals, including controlled substances. They can now rest assured they have a much more robust, fault-tolerant, scalable system that can easily grow with them into the future.

    Beyond stability and compliance, a validation process that formerly took 3+ minutes and multiple systems can now be completed in 30 seconds on a single interface. Considering NC Mutual Drug’s  operation runs hundreds of these processes every day, this exceptional boost in efficiency frees up member pharmacists to perform more important tasks to protect customer health.

    Get a more detailed look at the system Atlantic BT delivered by reading our in-depth writeup of Mutual Drug’s new CSOS system.

  • The Top 5 Things You Can Do to Improve Your Website Speed

    A colleague just shared a URL with you, his message reading “you gotta check this out!” The URL promises to lead you to a beautiful new website for a company that created a software tool that could save your life. You eagerly click the link and wait. One, two, three seconds go by as the page struggles to load. Before your frustration gains any more momentum, you close the page. Sound familiar?

    This example illustrates why site speed analysis should be STEP ONE of every conversion optimization project. And as the Internet becomes even more entwined in our work, entertainment, and everything else, your customers will become even less patient for any delay in opening your page.

    Before launching into ways to improve the speed of your website, here’s one key note about website speed: there’s a difference between Page Load Time and Page Interactive Time. Page Load Time means “the length of time until every element on the page is done loading”, while Page Interactive Time means “length of time until the site is usable.” The latter is the more important metric to pay attention to.

    Now, here are the top causes of site-slowing and what you can do to fix them:

    #1: Optimize Your Images

    Large images are the culprit for a lot of the ‘weight’ of many websites. Website weight, for our purposes, is measured in bytes—the fewer bytes the browser has to download, the faster the download can happen and the more quickly your users will see your content. This is a great argument for optimizing how you use images on your site.

    First, it’s important to consider how essential each image is to the success of your website. Well-placed images can communicate loads of information, but make sure every one of them is worth the real estate. Also, if you ever find yourself encoding text in an image asset, stop and reconsider. Text-in-images delivers a poor user experience – the text is not selectable, not searchable, not zoomable, nor accessible. Web fonts are always a better choice for text.

    Once you’ve chosen the most important images for your site, make sure their size isn’t adding a ton of weight for your website to load. There are dozens of tools you can use to adjust image size, but here is a short list:

    • Photoshop – open your image and choose the “Save for Web” option. The program includes an image quality slider so you can see the visual trade-offs.
    • Smush.it – this is a free online uploader that creates a zip archive of your optimized images.
    • Kraken – subscription-based image optimization software.

    #2: Compress Your Website Files

    Compressing your website will increase site speed by reducing the size of the HTTP response. You may need help to address this because both compression and deflation happen on the server side. The most common compression solution is GZIP and fortunately, almost all web servers support it. To see if your website is already GZIPPED, run this simple test: GIDZipTest. If you’re curious about how GZIP works, check out this video by the Google Webmasters themselves.

    #3: Use a Content Delivery Network

    A Content Delivery Network (CDN) is a distributed system of servers which are deployed over multiple data centers across the Internet. A CDN serves content to users from the most highly available server in order to deliver the best performance. This makes a CDN a great speed improvement if you have a high traffic website. Some of the most popular CDNs include:

    • Amazon CloudFront
    • MaxCDN
    • CacheFly
    • CloudFlare

    In addition to serving content from a CDN, you should also serve your static content (images, javascript, and CSS files) from a cookieless domain, backed by a CDN. Why cookieless domains? Every time a browser sends an HTTP request, it has to send all associated cookies that have been set for that domain and path along with it. Because static files don’t need to be accompanied by cookies, you can decrease latency by serving these static resources from a cloud domain that doesn’t serve cookies. You can accomplish this by using Amazon CloudFront or Rackspace.

    #4: Implement Browser Caching

    The browser cache is a temporary storage location on a user’s computer which stores files downloaded to display your website. The user’s browser can display your website faster by retrieving your site’s images, stylesheets, javascript, or multimedia content from the cache rather than having to download all this content again when they come back to your site.

    To ensure your site uses cached files, you may need your hosting provider to help you install a caching solution. Here are the top three caching programs:

    • Redis
    • CloudFlare
    • Memcached

    While we’re talking about hosting providers, it’s worth noting that not all web hosts are created equal. Indeed, many of the top web hosts include all the server-side speed optimization services you need. If you have a decent amount of traffic, skip the budget web hosts and research which hosting provider best suits your needs.

    #5: Minimize Redirects

    There are several types of redirects, all useful when you want to point a user’s browser to a different URL. The most widely used, a 301 redirect, is the preferred way to change your site structure without losing valuable SEO. The downside is that lots of redirects stacked together will confuse the browser, slowing it down as it wades through the old destinations to get the new ones.


    The Lazy Optimizer’s Guide to Accelerating Your Website

    If these steps seem overwhelming, there is a quick and easy path: Google provides expert advice on exactly what’s slowing your pages down and what you should do to fix the issues using its Page Speed Insights tool. Just type in your URL and the tool will ‘score’ your site speed on mobile and desktop.

    On the Internet, things change all the time, and these best practices are no exception. To get the latest and greatest tips on website speed, check out the Google Developers guide. Happy optimizing!

  • Take Your Client Relationships to the Next Level

    Ahhh, relationships. When they’re good, they’re great. When they’re bad, they can be downright painful. How’s an Account Executive supposed to keep that spark alive? Here’s my advice on how to get, maintain, and keep a healthy client relationship.

    Swiping Right…on the Right One.

    Compatibility leads to happiness and harmony. There are plenty of prospects out there that are attractive on paper but may not be looking for what you have to offer. Make sure that you and your potential client are a match.

    The most important part of this is knowing what your company is looking for in a partner before you begin a conversation. Do you share the same interests and goals? Are your communication styles similar? Do you just ‘get’ each other?  Once you find that match, be confident in what you have to offer and know what they expect from your collaboration. Your confidence will inspire their confidence and relationship potential will bloom.

    “Dress” to Impress

    So, you’ve set the first date—a face-to-face meeting with the potential client. Like most first dates, you want to put your best foot forward and leave the right impression.

        1. Do your research – Don’t be afraid to turn to Google and LinkedIn to gather information prior to your first meeting. Find out more about the client’s company, along with their own professional history, background, and interests. Sometimes this may be all you have to go on prior to the first meeting, and that’s okay! The goal here is to know what to ask and listen for.
        2. Show you are interested – Active listening is necessary in any stage of the relationship, but it’s key when you’re wooing someone new. In that first meeting, you will be able to glean what they need or are interested in from your company, giving your team a leg up in creating the right pitch and strategy.  Asking the right questions is crucial. You should be able to understand their budget, internal process, and expectations during those first conversations. Establish what you’re offering and what they need. It’s so much easier to keep a client happy when proper expectations are set from the beginning.
        3. Come prepared – After listening to their needs, wants, and wishes, make sure you have a bank of real world examples you can pull from to show why you’re the right fit. Talk about past projects that parallel their vision as examples of how your company has delivered in the past. Share whitepapers or case studies your company has produced. Use anything you have to help them connect to you.

    Defining the Relationship

    So your first date with the new client was followed by a second and then a third! They seem really interested and you’ve gathered plenty of information. It’s time to have the ‘what are we’ conversation and decide how best to move forward.

    This is where you put everything you’ve learned about your client to good use. Make sure you’re proposing a solution that not only gives them what they want, but that your team can deliver successfully. Don’t neglect timelines and details of when certain milestones will be reached in your collaboration. Short-changing your team on key details in an effort to win business will only cause headaches in the long run.

    Locking it Down

    You’ve submitted a proposal and negotiated a contract. Yay! Now it’s time to take the big leap together. First, make sure your production team is on the same page as you and your client. Communication is everything in a relationship, so make sure the client’s vision and priorities are clear and shared with your internal team.  

    man and women shaking hands
    Great client relationships always kick off projects with clear expectations and meeting your team.

    Start by introducing your client to the family in a kickoff meeting with the client and the production team. Just like in our regular families, if you’re concerned about any potential personality conflicts or sensitive subjects, prepare your team before they meet the client. Be sure everyone knows what to expect ahead of time.

    Hitting the Rut

    We all know how easy relationships are in the beginning. Everyone is excited, ideas are flowing, teams are gelling, things are moving. Then comes the middle of the project—heads are down, bumps are hit, and it can feel like the project isn’t going where we all imagined on day one. Here’s how to keep the relationship healthy in tough times:

        1. Stay connected – Stay in touch with your client. Plan one-on-one check-ins to stay updated on how your client is feeling about the project. Scheduling these regular meetings will maintain communication without smothering your client. It’s also important to stay connected to your production team, as it’s easier for a project manager and account executive team to handle roadblocks and scope creep together.
        2. Embrace the unexpected – Unless you have a reliable Magic 8 ball, your project will experience unexpected hiccups. It could be anything from a technology update that requires more patching to your lead developer falling off his mountain bike and breaking his collarbone. Regardless of what it is, you’ve got to address it head on by communicating it to the client and planning a work-around.
        3. Handle conflicts – By staying connected to the project life cycle, you’ll be able to foresee any potential conflicts and address them before they become full-blown issues. Be sure to give the client a chance to voice their concerns and share the necessary feedback with the team. Negotiate the peace and prioritize moving the project forward.
        4. Keep that spark alive – If the client gets frustrated by the process or how long it’s taking to complete, take a moment to remind them of the long-term goals you’re working towards and the progress you’ve made. Soothe their concerns, and show them why you got together in the first place.

    How Serious Is This Relationship?

    You’ve finally hit the home stretch, getting ready to deploy the amazing work that has taken months to achieve. Now comes the next step: are you in this for the long haul, or is this the end of the affair?

      1. Happily ever after – Hopefully you’ve had a successful working relationship thus far. You’ve built a healthy backlog of features and updates the client wants to pursue and the client truly understands the cost of ownership for their piece of technology. Now you need to figure out how best to move forward. Chat with your client and figure out what works best for their needs and budgeting cycles. Perhaps another SOW or some sort of retainer agreement will be agreed upon. Do it prior to the end of the contract so you don’t lose momentum.
      2. The fling has been flung – There are projects that are just one-and-done type contracts. Because you’ve stayed connected with your client, you both understand that the end of the project is it…for now.
        Stay connected. Be sure you keep the communication alive so you are at the top of their mind when the next project comes down the pipe. Think about inviting them to client-friendly events or connect with them on LinkedIn. Send a friendly email every so often to check in on the status of the application you worked on or share how any new services would benefit their business.
      3. It’s not you, it’s me – Sometimes you just know it’s not a good idea to continue with the relationship. Be honest with yourself, your team and your higher ups. If the client or project isn’t a good fit for your company, there is no reason to pursue additional work after the contract ends. Have the hard conversation with the client, and figure out a way to separate in a healthy manner. Think about providing recommendations for other vendors who may be a good fit and try to be as proactive as possible if you’re initiating the break-up.
      4. You’ve been ghosted – The client has decided not to move forward but doesn’t know how to have that conversation with you. So they just disappear. They stop responding to emails or returning voicemails.
        You should see it coming well before it happens. If the client complains regularly or there are ongoing personality conflicts that can never be resolved, these are clues that the relationship is fading fast. Enlist the help of your management team to define when enough is enough. Your time is valuable, and there’s no need to waste it chasing something that won’t come to fruition.

    Every Client Relationship Is Special. Make Them Count.

    hand holding a sparkler
    Treat every client relationship as special, because there is no other one like it.

    Whether you’re working together on one project or embarking on a long-term partnership, every client relationship has its own excitement, challenges, and rewards. If you always bring a listening ear, a friendly demeanor, and an eagerness to deliver what’s best for them, you’re well on your way to being a great partner for each and every one of your client relationships.

  • Boldly Go: What it Means to be an Entrepreneur and a Leader

    The core values of  The Entrepreneurs’ Organization (EO) are Boldly Go (bet on your own abilities), Thirst for Learning (be a student of opportunity), Make a Mark (leave a legacy), Trust and Respect (build a safe haven for learning and growth), and Cool (create, seek out and celebrate once-in-a-lifetime experiences). 

    Being thirsty for knowledge really resonates with me. From the day I started Atlantic BT to now, I didn’t want to be someone who waited to be told how to do something. The first time I went to an EO meeting, the other members were hungry for knowledge, eager to write down when a seminar was happening or what books they should read. Finding really successful people like these who shared this thirst opened a whole new chapter for me. I always try to share that knowledge and spirit here at ABT and inspire our management team to create that thirst for knowledge in our organization.

    I really believe high-achieving humans distinguish themselves from having a thirst for knowledge and desire to put different ideas together. That drives human innovation. Our ability to access knowledge has never been better than it is right now.  I love being able to share experiences with people from different situations. When we share what we’re dealing with in the group, we can all learn from it. In our EO forum, we’re very open to this kind of direct feedback.

    Inspiration

    What I enjoy the most is building things and making them better. There is a special sense of accomplishment when you create something that leaves a lasting impression. With Comfort Monster, being able to purchase a company and help it grow really meant a lot to me. You can look at something, have a vision for it, and keep pushing it toward something exceptional. At CM we have a long way to go, but we can continue to build momentum. This creates an engine that can run whether or not you’re applying that pressure.

    The Comfort Monster team

    At ABT I love having such a great team. We have a culture, an engine that runs well whether I’m in the office or not. I will apply some steering, but it would thrive whether or not I was here to provide direct input. Being able to see that momentum in action every day is definitely inspiring.

    How to Face Challenges

    Prioritization is your friend. It’s your job to break down larger goals into bite-sized pieces and make sure all of your resources are being used as effectively as possible. On any given day, you have hundreds of priorities. When you make the right decisions, your business does well. When you make the wrong decisions, you are slowing down your path to success.

    Sometimes these priorities are clear. They jump out at you and you know what to do next. Sometimes you’re faced with lots of choices that all seem to be right (or wrong) with no clear frontrunner. These situations can be difficult. But at the end of the day, you have to make a decision and move forward. Not making a decision is often worse than making the wrong decision. In most cases you can go back and correct mistakes when you have more data.

    The other challenge is that you can’t really have an “off” day. The people around you are depending on your energy and vision. An off day for you is amplified through the organization to your team. My theory is that you, the CEO, should have more energy than anyone else. If you make a mistake at this level, that’s a huge deal. This is why managing a small company effectively is HARDER than a large company because the smaller company really depends on your energy and leadership to keep momentum up. If you’ve got a big team, having a couple people be off course isn’t as big a deal—the engine will keep moving forward even if it could be more efficient.

    Social Responsibility and Business Leadership

    It’s now common to see companies come out and take a stand on social or political issues. This is a challenge because you’re tempted to use your company as a platform to influence others. This is why companies do this: you’ve got a captive base of people with a leadership chain in place and your influence is going to be magnified by that. Your customers are impacted in turn. This gets complicated because not everyone is going to agree with you.

    The Atlantic BT team

    I don’t want anyone to feel uncomfortable. I can have personal opinions and create a platform off the clock, but once I bring that into the workplace it’s almost guaranteed to make at least one person feel uncomfortable. If you lose even one person because of your political stance, that’s one person too many. But, if you look at it from a performance perspective, having uniformity within your culture will lead your company to under-perform. No one has any diverse opinions and then there is no room to grow, learn, or connect. Too political, and you’ll alienate people with different opinions. I want people who work with me to feel comfortable standing by their values. 

    Values in Action

    I totally get why companies use their business as a platform. When the NC General Assembly passed HB2, I felt it was important for me to speak out against this law and any efforts to discriminate against citizens based on their sexual orientation or identity. I sent a company-wide email at ABT reaffirming that as a company, our job is to create a welcoming and inclusive environment. I told all of our employees that anyone of any faith, race, nationality, or sexual orientation was welcome at ABT, and that we’d make any necessary accommodation to help our employees succeed and help ABT succeed as a company. This stand of inclusiveness felt deeply important to me, so I made my opinions public to my company.

    That said, I’ve always believed intimate impact is more important than sheer numbers. I’ve always been more of a quiet change kind of guy. My number one priority is creating a company culture where everyone enjoys working here. When I was young, I had several hourly jobs and I always felt like those days lasted an eternity. When I started ABT, one of the promises I made to myself is that we would create a culture where people enjoyed being at work so much they wouldn’t ever want to leave. It’s the responsibility of the company to create an environment that people feel is engaging, challenging, and meaningful. After all, think about how much of your waking life you spend at work!

    How to Lead and Leave a Legacy

    The most important thing to remember is that success is not going to happen over night. Keep going! Entrepreneurship is a journey. I remember one particular instance in my career. My first company was very young, we had 3–4 employees and a handful of customers. The work was hard, meeting payroll was hard, customers were hard to manage, and I was only paying myself the bare minimum to survive. I was sitting at a stoplight on my way to work and I thought to myself, “This sucks!” Then I thought “OK, if you don’t do this, what else do you want to do? Where would you rather work?” In that instance, I realized, there is nothing I would rather be doing. From that point on, the stress was my choice and there was nothing I’d rather do. It’s a big difference from finding yourself in a place you don’t to be.

    So my advice is this. Keep going and never quit. Even if the worst happens and your business fails, learn something from it and try again. When it gets tough and you’re thinking about quitting, do what I did. Think about what you would rather be doing for work. Chances are if you’re meant to be an entrepreneur, there is nothing better than the pressure and the adventure of entrepreneurship. That realization alone will make your journey easier.

  • NDAs: The Secrets That Make Friends and Why You Need Them

    Earlier this summer, I remember sitting in a meeting with a potential client. They asked about solutions we provided for other companies. Immediately, our team lead jumped in to answer. He referred to some clients by name, but used generic descriptions for others. For example: one client bore the name “a major health insurance provider.”

    Though this seemed to confuse a few in the room, the team lead knew exactly what he was doing. He knew our nondisclosure agreement (NDA) limited how much detail we could share. It even restricted how we publicly referred to some clients. That’s when I realized a crucial truth. It is important to know the basics of your company’s NDAs.

    What is a Nondisclosure Agreement, and why does it matter?

    NDAs are legally-binding agreements between a client and the company they have hired. It keeps secret information about the client, that the client shared, as a part of doing business. They are often used by companies to protect proprietary or sensitive information. It may also come into play to protect an organization’s brand or trademark. In addition, a nondisclosure agreement can exist between individuals. For example, an NDA may exist between a contract programmer and a company. This would protect information the contractor learns about the company’s inner workings.

    Regardless of whether an NDA is between companies or individuals, all parties involved should be aware of the terms. Here are the questions I ask to protect my team when their work involves a nondisclosure agreement:

    What information is confidential?

    • Is there private information that cannot come up in discussions? This might include financials, pending patents, new branding, or a patient diagnosis or test results. Even the company name can find protection under an NDA.

    What information can you share?

    • Protected information in a nondisclosure agreement doesn’t mean that everything is a secret. There may be other parts of the project that would be appropriate to share with the public. For example, a company may be able to post a client logo on their website. But, they cannot expose specifics about what they did for the client.

    Who are the parties involved?

    • Once everyone knows an agreement exists, they need to know all of the parties required to keep the secrets. This is pretty easy when there are just a few individuals involved. However, if the agreement is with a company, anyone in that company who is allowed to receive or use the sensitive information should also know about the agreement and be expected to adhere to it.

    Where is the nondisclosure agreement?

    • The NDA should be available to those who are bound by it in case they need to review or reference it. This can be located in your company’s wiki, for example.

    When do the restrictions apply?

    • Coverage of an NDA can extend beyond the relationship between the parties involved. It’s important to know how long the sensitive information must remain secret as a part of the agreement. In some cases, it may be several years after the business relationship has ended. In other cases, it may be required that the information be kept a secret forever.

    Why is it important to keep the agreement?

    • Breaching or violating an NDA can damage the client/contractor relationship. This unethical behavior can also result in penalty or legal action, so it’s important to adhere to the terms.

    You Need a Strategy for Handling Nondisclosure Agreements

    No matter how familiar your team is with NDAs, you want to have a plan for telling them about new agreements and potential issues. This can be as simple as saying “we have an NDA in place for this project, so please do not mention our relationship with this client publicly.” It’s important to do this as soon as an NDA is in place. Oftentimes it’s best to treat nondisclosure as the norm for all projects until you hear otherwise.

    If members of your team need to sign an NDA to work on a project, make a plan for that too. For an individual, the terms can usually be provided in a form to be signed. For a team, the terms agreed to by the company could be conveyed in a simple meeting at project kick-off. Regardless of whether a nondisclosure agreement is between individuals or organizations, providing everyone with basic information about it will give them a better chance of adhering to it.

    Compliance, in any industry, is something we value here at ABT. The rules and regulations can be difficult to navigate. If you’re in need of someone to help you find the balance between what you want to happen, what should happen, and what needs to happen, with regards to your website, we can help break it down for you.