# NDA Unlike [MSAs](/legal-and-documentation/msa.md), which govern the overall terms of a business relationship, NDAs focus exclusively on confidentiality. However, both agreements may coexist, with the NDA embedded within or referenced by the MSA when security and confidentiality concerns are paramount. You may be requested to (or want to) sign an NDA when entering a scoping or negotiation stage with your penetration testing partner, before any other documents (such as an [MSA](/legal-and-documentation/msa.md)) #### **About oneNDA** oneNDA is a crowd-sourced, open-source Non Disclosure Agreement. It can be downloaded and used by anyone for free. More information at: [**https://www.onenda.org/**](https://www.onenda.org/) #### **Mutual NDAs** Mutual NDAs are particularly relevant in penetration testing when: 1. **Pre-Engagement Discussions:** Both parties may share sensitive information (e.g., system architecture, methodologies, or pricing structures) to define the scope of work. 2. **Partner Collaborations:** When two organizations (e.g., a testing firm and a subcontractor) collaborate on projects requiring shared sensitive information. #### **When to Use an NDA vs. MSA** 1. **NDA:** * Before formal engagement, during discussions involving sensitive information. * To protect shared data when no ongoing service relationship is anticipated. 2. **MSA with Confidentiality Clauses:** * For long-term or repeat projects where an overarching framework is necessary. * To manage confidentiality as part of a larger agreement encompassing project execution, liability, and service terms. 3. **Both NDA and MSA:** * When sensitive information is shared before an MSA is signed. An NDA ensures protection until the MSA is in place. * For additional legal coverage if the MSA’s confidentiality clauses aren’t detailed enough. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.penetration-testing.com/legal-and-documentation/nda.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.