How much company information should I share with external sales agents?

External agents need enough information to sell but not so much that you expose sensitive data. Learn how to balance access with security.

How to Manage Agent Access to Company Information

Share enough to sell, not enough to expose

External sales agents operate outside your organisation. They are not employees bound by employment contracts and internal policies. This means you need to be deliberate about what information they access and how it is protected.

The balance is between giving agents enough to be effective and protecting information that could harm your business if misused.

What agents need to know

Product information

Everything about what you sell: features, benefits, pricing, specifications, and limitations. Agents cannot sell effectively without comprehensive product knowledge.

Customer facing materials

Sales decks, brochures, case studies, testimonials, and competitor comparisons. These are tools of the trade and should be freely available.

Target market information

Who your ideal customer is, what industries you focus on, and what problems you solve. This helps agents prospect effectively.

Sales process

How deals flow from prospect to close. What CRM to use, how to log activity, and how to submit deals for approval.

Commission details

Their personal commission structure, payment terms, and how to track their earnings.

What agents should not access

Full customer database

Agents should see their own leads and customers, not your entire database. Limit CRM access using role based permissions.

Financial data

Revenue figures, margins, cost structures, and internal financial reports are not necessary for selling and should remain confidential.

Strategic plans

Product roadmaps, acquisition plans, and competitive strategies are sensitive information that should stay internal.

Other agents' data

An agent should not see another agent's pipeline, commission earnings, or customer list. This prevents poaching and protects privacy.

Technical controls

Access management

Use role based access controls in every system agents touch. Set permissions at the minimum level required for them to do their job.

Information classification

Classify your information into categories: public (for anyone), agent (for authorised agents), internal (for employees only), and confidential (for leadership only). This framework makes decisions about sharing straightforward.

Exit procedures

When an agent leaves, revoke all access immediately. This includes CRM, shared drives, communication channels, and any company tools. Have a checklist that covers every system.

Confidentiality agreements

Include a confidentiality clause in every agent agreement. Make sure it covers what information is confidential, how long the obligation lasts (typically surviving the end of the agreement), what happens if confidential information is breached, and the agent's obligation to return or destroy confidential materials on termination.

Zepys provides structured agent access with appropriate permission levels, ensuring agents see what they need without exposing sensitive business data.