<div>
As it is not likely any of us are attorney's, that question would be best left up to your own attorney.<br />
<br />
With that said, you can ask people to sign an NDA. &nbsp;You do need to think about both sides, not only what may make you liable, but what would make them?
</div>


As it is not likely any of us are attorney's, that question would be best left up to your own attorney.

With that said, you can ask people to sign an NDA.  You do need to think about both sides, not only what may make you liable, but what would make them?

Principal Software Engineer

Dr. Klahn

Developer & Coffee Roaster

Scott Fell

jaxjags

<div>
<div class="content wysiwyg-content">
Without providing too much detail publicly... we are a small company that has been asked to craft an API into our system for clients to make updates from their existing software platforms into ours. &nbsp;We have developers that have created most of the API infrastructure that is needed. However, my question is, from a business standpoint, should we be forcing these interested 3rd parties to sign confidentiality agreements before reviewing the technical documentation that has been created? Should an agreement / contract be created and signed before any work occurs? Are there any best practices when going through this process? This is not our core business function and looking for direction to make sure we have covered ourselves legally as well as an operational and security standpoint. Any feedback or guidance would be appreciated.
</div>
</div>


Without providing too much detail publicly... we are a small company that has been asked to craft an API into our system for clients to make updates from their existing software platforms into ours.  We have developers that have created most of the API infrastructure that is needed. However, my question is, from a business standpoint, should we be forcing these interested 3rd parties to sign confidentiality agreements before reviewing the technical documentation that has been created? Should an agreement / contract be created and signed before any work occurs? Are there any best practices when going through this process? This is not our core business function and looking for direction to make sure we have covered ourselves legally as well as an operational and security standpoint. Any feedback or guidance would be appreciated.

How do we cover ourselves legally when offering an API solution?

Software is any set of instructions that directs a computer to perform specific tasks or operations. Computer software consists of programs, libraries and related non-executable data (such as documentation). Computer software is non-tangible, contrasted with computer hardware, which is the physical component of computers. Software written in a machine language is known as "machine code". However, in practice, software is usually written in high-level programming languages than machine language. High-level languages are translated into machine language using a compiler or interpreter or a combination of the two.

Software

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.