If your janitorial staff is a contracted service (whether to an employee, a private individual, or a cleaning service company), there should be a contract in place that includes privacy and non-disclosure clauses. It doesn't have to be too fancy, but the privacy/NDA should be there. You should not have NDAs with individual employees of a cleaning service company; that's the responsibility of the company, and your contract is with the company. Bonding and insurance issues are part of your vendor acceptance/review process for the cleaning service company, and should be considered in your risk analysis/due diligence.
Chris Fawcett, CISA
Manager, IT Services
Norman Backues & Associates, Inc.