This is a sample IT Staff NDA or "Employee Confidentiality Agreement" It has more power to educate staff on what they should or should not do with their power & Access.

1. Information Technology Services
Employee Confidentiality Agreement
To perform their job duties in support of the (Name of your Org), employees in (Org-Short Name)
Information Technology Services (ITS) support roles are frequently provided privileged access to
the information systems that they support and to the data and records managed by those
systems. Privileged access imposes upon the ITS employee the responsibility and obligation to
use that access in an ethical, professional, and legal manner that is strictly within their authorized
job functions.
In exchange for the elevated access privileges afforded to me as an ITS employee, I agree to
abide by the following performance standards:
1. To take every reasonable precaution to prevent unnecessary or unauthorized access to any
passwords, user identifications, or other information that may be used to access information
systems, whether those systems belong to the (ORG SHORT NAME) or to private parties.
2. To limit access to the information contained in or obtained from information systems to
authorized persons.
3. To treat all information encountered in the performance of my duties as confidential unless
and until advised otherwise by my supervisor and the relevant department data owners.
4. To seek guidance from my supervisor whenever I am unsure of the correct decision
regarding the appropriate use and confidentiality of information, and to do so BEFORE I take
any action that might compromise that use or confidentiality.
5. To avoid any sharing, recording, transmission, alteration, or deletion of information in the
information systems except as required in performance of my job duties.
6. To strictly comply with all (ORG SHORT NAME) policies related to the use and security of the
(ORG SHORT NAME)’s information resources.
7. To meet HIPAA requirements, I will not access or view any documents that I do not have
express permission to view or access.
8. To protect individuals and the conference I will not share any information about a potential or
actual security event even with other internal staff unless they have an express need to
know.
9. To report any incidents of non-compliance with the terms of this agreement to my supervisor.
I understand that this agreement applies to the (ORG SHORT NAME)’s corporate network, all
electronic systems owned or operated by the (ORG SHORT NAME), whether or not they are
connected to that network, and to all privately owned electronic systems that may be brought to
the (ORG SHORT NAME) Office or connected to the (ORG SHORT NAME) corporate network.
I further understand that the (Org Name) considers violation of these standards to be a serious
offense, and that if I violate this agreement, I may be subject to disciplinary action up to and
including termination of my employment with the (ORG SHORT NAME).
Employee Signature:
Printed Employee Name:
Employee Title:
Date: