NDA Processing Workflow Checklist Template

NDA Request Intake & Routing

NDA intake is where most NDA processing inefficiency is created. An NDA request received via an informal channel without structured information produces a back-and-forth of clarification questions that extends the 5-day average to 10 or more.

• Receive the NDA request through the defined intake channel — legal intake form, legal portal, or defined email address; not informally by direct message to an individual attorney
• Collect required intake information — counterparty legal name, NDA type (mutual or unilateral), purpose of the information exchange, requesting business unit and internal sponsor, expected signing timeline, and whether the counterparty has sent their own NDA template
• Confirm whether company paper or counterparty paper — company paper: issue the standard template; counterparty paper: route for legal review
• Conduct a rapid conflict check — is the counterparty adverse to the company on any current matter?
• Route to the correct track — standard template (company paper, low complexity): business user can execute with standard guidance; legal review track (third-party paper, unusual purpose, or non-standard scope)

Template Selection & Customisation

• Select the correct template — mutual or unilateral; confirm the template is the current approved version; do not use an old version from a previous deal
• Confirm the effective date — the date from which the NDA obligations run; typically the date of signing
• Confirm the duration of the NDA — the term during which the parties are permitted to share confidential information; typically 2–5 years
• Confirm the survival period — how long confidentiality obligations continue AFTER the NDA expires; this is often perpetual for trade secrets or a defined number of years; must be explicitly stated
• Customise the purpose — the specific purpose for which confidential information may be used; broader purpose = more risk; narrower purpose = better control
• Confirm governing law and jurisdiction — appropriate for the parties’ locations; the standard template may need adjustment for international counterparties

Legal Review of Counterparty NDA

This phase applies when reviewing a third-party NDA submitted on counterparty paper.

• Verify the parties — correct legal names of both parties; check the signing entity is the correct legal entity
• Review the definition of confidential information — is it broad enough to cover all information that will actually be shared? Too narrow a definition leaves important information unprotected
• Review permitted purpose — is the stated purpose consistent with the actual intended use? Too broad a purpose permits the counterparty to use information beyond the intended context
• Review the exceptions to confidentiality — typically: information already known to the recipient; publicly available information; information received from a third party without restriction; required disclosure by law; confirm these are appropriately scoped
• Review the obligations on the receiving party — how confidential information must be handled; disclosure to employees and advisers on a need-to-know basis; security measures required
• Review the duration and survival period — confirm these are appropriate for the nature of the information being shared
• Review return/destruction of information — what happens to confidential information when the NDA expires; return or certified destruction; carve-outs for required regulatory retention
• Flag any non-standard or unusual provisions — injunctive relief clauses, exclusivity provisions, or other unusual terms for business owner awareness

Approval & Execution

• Obtain legal approval — for company paper: legal sign-off that the template is issued correctly; for counterparty paper: legal sign-off on the reviewed draft
• Obtain business owner approval — the internal sponsor confirms the purpose, counterparty, and key terms are correct
• Issue for signature — via e-signature (preferred for speed and audit trail); to the correct authorised signatory at both parties
• Confirm signature authority — the person signing on behalf of both parties has authority to bind their respective organisation to the NDA
• Confirm both parties have executed — fully executed (signed by both parties) before treating the NDA as binding

Filing, Tracking & Expiry Management

• File the executed NDA — in the central contract repository; searchable by counterparty name, date, and expiry date
• Update the NDA register — counterparty, NDA type, effective date, expiry date, survival period end date, purpose, and internal owner
• Set expiry reminders — at least 30 days before expiry: is the relationship still active? Should the NDA be renewed or formally allowed to lapse?
• Set survival period reminders — when the survival period ends is distinct from when the NDA expires; both must be tracked
• Brief the internal sponsor — on key terms, obligations under the NDA, and the information that is and is not covered

Breach Identification & Response

• Define the breach indicators — what behaviours might indicate a breach; confirm the internal process for reporting a suspected breach
• Confirm the NDA is still in force — the breach must have occurred during the confidentiality period, which may include the survival period
• Collect evidence — how was the breach identified? What information was disclosed? To whom?
• Engage legal counsel — to assess the breach, available remedies (injunction, damages, liquidated damages if specified), and appropriate next steps
• Issue a cease and desist letter — if appropriate; drafted by qualified counsel
• Document everything — all evidence of the breach, all communications, and all steps taken; required for any legal action