How to Review a Vendor Contract

Negotiation is vital. Do not accept the first contract that you see as changes to accommodate special requests by both parties are common and often necessary. It can be challenging, but break it down, take your time and eventually you will have an acceptable contract between your organization and the third-party vendor. 

15 Steps to Take for Vendor Contract Reviews 

Here are 15 steps to help you with your contract reviews:

1. Review the scope of services. You want to verify there are provisions, such as the following, included:
   • The products and/or services the vendor will provide
   • Rights and responsibilities of both parties (your organization and the third-party vendor)
   • Language around any timeframes promised or custom services requested
   • Rights to modify products and/or services
   • Any guidelines around adding products or services and contract re-negotiation
     
     
2. Locate the performance standards and make sure they are adequate. Here you should find the service level agreement (SLA) requirements, remedies and any penalties if the SLAs are not met.
   
   
3. Verify the duration of the contract is correct. Confirm that the term, renewal term, non-renewal and termination notice periods and anything else related to timeframes are accurate.
   
   
4. Ensure there is a default and termination clause within the contract. Also, be sure to review for early termination fees in the event you need to terminate the agreement for convenience as these can become quite costly.
   
   
5. Consider costs and price increase language. In the fee description, you are looking for information pertaining to the following:

• Cost overview
• Increase limitations
• Support for merger/acquisition activity and costs
• Payment terms
• Late fee language
• Deconversion fees
• If applicable, who is responsible for cost to provide or maintain software and/or hardware
  
  

6. Always looks for security and confidentiality provisions. This should include information on how the vendor plans to safeguard your data, prevent exposure to breaches, how they will notify you of a breach and how they plan to mitigate future incidents. You also want to confirm how the vendor will return or destroy your data or assets if the relationship terminates. Are there geographical limits on where data can reside and/or be transferred?  
   
   
7. Look at the audit requirements. Verify there is a description of audit reports your organization is entitled to receive – like a SOC 1, SOC 2 and SSAE 18 – and that they are provided annually at no cost to you.
   
   
8. Understand what reports will be made available to you and if there will be any fees for customizations. Reports often considered, but not limited to, are the following:

• Financial statements
• Performance reports
• PCI compliance certification
  
  

9. Look to verify business resumption and contingency plan language is included within the contract. You are seeking provisions around disaster recovery, business continuity and back-up record protection. This should include annual testing and provision of a summary of test results.
   
   
10. Be sure the vendor outlines their policies around subcontracting. This should include that your vendor will provide required due diligence documents for any subcontracted vendors and notify you in advance of any changes to subcontractors.
    
    
11. Ownership and license information should be included in the contract. There should be a description of ownership, rights and allowable use of your organization’s data, system documentation and other intellectual property. Also, look for protection by the vendor in the event of a patent/copyright infringement claim. It is important to make sure there are protection rights for your organization outlined within!
    
    
12. Confirm the contract includes a clause pertaining to indemnification. This is so that the vendor will hold your organization harmless from liability due to negligence of the vendor.
    
    
13. Review the limitation of liability to verify it equates to the amount of loss your organization might experience as a result of the vendor’s failure to perform.
    
    
14. Provisions around dispute resolution should always be included too. Be sure to identify how and where disputes will be heard. Many arbitration clauses benefit the vendor, so be sure to have your expert legal team review before signing!
    
    
15. And, to bring it all home, review the general provisions. You are looking for provisions such as the following:

• Survival
• Governing law
• Contract conflict – order of precedence
• Severability
• Failure to exercise/waiver
• And more, depending on the vendor relationship in review, as the provisions necessary aren’t limited to these five

Have a qualified subject matter expert, such as a paralegal, write up the analysis. Once you have your analysis in hand, reach out to the vendor to discuss any terms that may be missing and next steps to negotiate them into the contract. 

And just like that, you have taken steps to fully review a vendor contract.

Dive deeper into how to negotiate and manage your vendor contracts. Download the infographic.