Standard Operating Procedure: Confidentiality Agreement (NDA) Management for Research

This Standard Operating Procedure (SOP) outlines the mandatory process for drafting, executing, and storing Non-Disclosure Agreements (NDAs) within research environments. Protecting Intellectual Property (IP), sensitive patient/subject data, and proprietary methodologies is critical to the integrity of our research initiatives. Adherence to these steps ensures that all parties—including external collaborators, student researchers, and vendors—are legally bound to maintain confidentiality before access to project-specific information is granted.

Phase 1: Preparation and Identification

• Identify Scope: Define clearly what constitutes "Confidential Information" for the specific research project (e.g., unpublished datasets, software algorithms, or clinical trial protocols).
• Determine Party Roles: Identify whether the agreement is Unilateral (one-way disclosure) or Mutual (both parties exchanging sensitive information).
• Select Template: Access the approved legal template from the internal repository. Do not use generic internet templates, as these may not meet institutional compliance standards.
• Compliance Review: Check if the research involves Human Subjects (IRB requirements) or export-controlled data; these may require specialized clauses.

Phase 2: Customization and Drafting

• Define Purpose: Draft a precise "Purpose" section that limits the use of information strictly to the research project identified.
• Set Term: Establish both the "Disclosure Period" (how long information will be shared) and the "Survival Period" (how long the confidentiality obligations last after the project ends, typically 3–5 years).
• Exclusions Verification: Ensure standard exclusions are included (e.g., information already in the public domain, information independently developed).
• Internal Legal Review: Submit the draft to the Legal or Compliance Department if modifications have been made to the standard boilerplate terms.

Phase 3: Execution and Onboarding

• Circulate for Signature: Utilize an approved secure digital signature platform (e.g., DocuSign or Adobe Sign) to track the audit trail.
• Verification: Confirm that the signatory has the authority to bind their respective institution or company.
• Documentation: Save the fully executed PDF in the centralized Project Management Folder under the ‘Legal’ subfolder.
• Access Granting: Only provide access to research environments (VPN, shared drives, lab access) after the fully executed agreement is uploaded to the system.

Pro Tips & Pitfalls

• Pro Tip: Use a "Project-Specific" title in the NDA. Avoid "Blanket" NDAs that attempt to cover all future work with a partner, as these are often harder to enforce.
• Pro Tip: Include a clause requiring the immediate return or destruction of confidential information upon the expiration of the agreement.
• Pitfall: The "Public Disclosure" Trap. Avoid discussing research findings at conferences or in informal settings before the NDA is signed. An NDA cannot protect information that has already been made public.
• Pitfall: Failing to include a "No License" clause. Always clarify that sharing data does not grant the recipient any license or patent rights to the research materials.

Frequently Asked Questions (FAQ)

1. Does an NDA prevent me from publishing my research results? No, but it should contain a provision allowing for a "review period." This allows your organization to review the proposed publication to ensure that no proprietary IP is inadvertently disclosed, providing you with a window to file for a patent before the information becomes public.

2. Can I sign an NDA on behalf of my research lab? Usually, no. Unless you are the Principal Investigator (PI) or an authorized signatory for the institution, an individual research member does not have the legal authority to bind the institution. Ensure the agreement is signed by the appropriate authorized officer.

3. What happens if a breach occurs? Notify the Legal Department and the Institutional Research Integrity Officer immediately. Do not attempt to negotiate or investigate the breach independently, as this could compromise legal remedies or insurance claims.