1. Objective
This SOP defines the absolute confidentiality standard every EA is required to maintain throughout their engagement — and after it ends. Working closely with a solo business owner means encountering sensitive information daily: financial details, client relationships, personal matters, business conflicts, and strategic plans. This information is shared with you because of the trust the role requires. It is not yours to share, reference, or use outside the scope of supporting your executive. This SOP is non-negotiable.
Where this SOP starts: Day one of any engagement, and applies to every piece of information encountered during the role.
Where this SOP ends: Never — confidentiality obligations extend beyond the end of an engagement.Success looks like: Your executive never has to worry about what you'll do with sensitive information. Clients, vendors, and contacts are never aware of internal business details they weren't meant to know. Your executive trusts you completely with the most sensitive parts of their professional life.
2. Your Role & Boundaries
2a. What you handle independently
- Identifying when information is confidential and treating it accordingly
- Storing sensitive information only in approved, secure systems
- Declining to share confidential information when asked by anyone — colleagues, mutual contacts, third parties
- Reporting to your executive immediately if you believe confidential information may have been compromised
2b. What requires executive approval before acting
- Sharing any business information with any third party, even if it seems innocuous
- Discussing business matters with other members of a team or organization not directly involved
- Accessing files or accounts beyond what's needed for your assigned work
2c. What you never do
- You never share anything you learn in this role with anyone outside the engagement — not colleagues, not mutual contacts, not family, not on social media
- You never discuss your executive's personal or financial situation with anyone, for any reason
- You never use information from this role for personal benefit
- You never access accounts, files, or communications that aren't part of your defined scope
- You never leave sensitive documents, screens, or conversations exposed where others can see or hear them
NEVER: Breach confidentiality with the belief that the information is harmless, that you're helping someone, or that "it's just between us." Confidentiality is absolute — not situational.
3. Categories of Confidential Information
Everything you encounter in this role should be treated as confidential unless your executive explicitly indicates otherwise. These categories require special care:
Financial information
- Revenue figures, profit and loss, personal income, debt, pricing strategies
- Bank account details, payment information, financial documents
- Business deals, contracts, proposed valuations
Client information
- Client names, contact details, and relationship history
- Client business situations, challenges, or personal matters shared in confidence
- Proposals, pricing, or agreements made with specific clients
- Any information a client shared with your executive that was not intended for wider circulation
Business strategy
- Upcoming products, services, or business pivots
- Partnership or acquisition discussions
- Competitive strategy and positioning
Personal matters
- Your executive's personal relationships, health, or family situations
- Personal financial matters beyond what's strictly necessary for your work
- Anything shared in casual conversation that was clearly personal
Legal and compliance
- Disputes, lawsuits, or legal proceedings of any kind
- Any regulatory issue or compliance matter
4. Secure Information Handling
Storage
- Store sensitive documents only in the approved, secure platforms your executive uses (e.g., Google Drive with proper access controls, Dropbox, iCloud, etc.)
- Never save sensitive documents to personal devices or personal cloud accounts
- Never email sensitive documents to personal email addresses (yours or anyone else's)
- Confirm that sharing settings on any document containing sensitive information are restricted to only those who need access
Communication
- Do not send sensitive information over channels that aren't approved for it (e.g., personal text, WhatsApp for business financials)
- When sending sensitive documents by email, confirm the recipient before sending
- Do not discuss confidential matters in public spaces, coworking environments, or shared video calls where others may overhear
Screen and workspace
- Close sensitive documents when not actively working on them
- Lock your screen when stepping away from your workspace
- Do not leave printed sensitive documents unattended
5. When Someone Asks About Your Executive's Business
You will occasionally be asked — by clients, mutual contacts, or even well-meaning colleagues — about your executive's business, finances, or personal life. This is especially common in relationship-heavy industries.
The universal response:
"I'm not the right person to speak to about that — you'd want to connect with [Executive Name] directly."
You do not need to explain why. You do not need to apologize. You do not need to soften it with details. A warm, brief deflection is both professional and adequate.
If pressed:
"I really can't speak to that — it's not something I can comment on. Happy to help you connect with [Executive] if that's useful."
6. Social Media and Public Communication
- Never post about your executive, their business, their clients, or your work on social media without explicit authorization
- Do not reference the engagement, clients you've interacted with, or business wins publicly without written permission from your executive
- This applies during the engagement and after it ends
7. After the Engagement Ends
Confidentiality obligations do not end when your engagement ends. After a placement concludes:
- You may not share confidential business information you encountered during the engagement
- You may not contact your executive's clients for business purposes without explicit written permission
- You may not use your access to their systems, accounts, or contacts for any purpose after your access is revoked
- You are expected to delete or return any confidential materials per your executive's instructions at offboarding
8. What to Do If Confidentiality Is Compromised
If you believe that confidential information has been — or may have been — disclosed inappropriately:
1. Stop any further disclosure immediately
2. Notify your executive as soon as possible, before attempting to manage the situation yourself
3. Document what happened: what information, what was disclosed, to whom, and when
4. Follow your executive's instructions for next steps
Do not attempt to minimize, manage, or resolve a confidentiality breach without your executive's knowledge and direction.
9. Escalation Protocol
Escalate immediately when:
- You believe confidential information has been accessed by an unauthorized party
- Someone is pressuring you to disclose information about your executive's business
- You're asked to share information by a third party claiming authority (legal requests, regulatory bodies) — this requires your executive's direct involvement before you respond
Escalation message format:
Urgent — flagging a confidentiality concern.
[Brief description of what happened or what you were asked]
I haven't responded/shared anything yet. Please advise on how to proceed.
10. Tools & Access
| Tool | Purpose | Confidentiality Note |
|---|---|---|
| [File storage platform] | Document management | Confirm sharing settings before use |
| [Email platform] | Communications | Confirm recipient before sending sensitive content |
| [Password manager] | Credential storage | Never share credentials via insecure channels |
11. Changelog
| Date | Notes |
|---|---|
| April 2026 | Initial release |