Vendor Agreement Review Framework

This checklist helps evaluate vendor, supplier, and service provider contracts before signing. Apply these criteria to identify favorable terms, potential concerns, and deal-breakers.

Green Flags (Favorable Terms)

These indicate a balanced, professional agreement:

Mutual indemnification where both parties indemnify each other for their own negligence or breach. Reasonable liability caps typically 1-2x annual contract value for general liability, with carve-outs only for gross negligence, willful misconduct, or IP infringement. Clear SLA definitions with specific uptime percentages (99.9%+), response times, and measurable performance metrics. Termination for convenience allowing either party to exit with 30-90 days notice. Standard data handling with clear ownership (you own your data), deletion upon termination, and no data selling. Transparent pricing with all fees disclosed, predictable renewal terms, and clear scope definitions. Reasonable warranty period (typically 12 months) with clear remedies. Standard governing law in familiar jurisdictions with reasonable venue provisions.

Yellow Flags (Review Carefully)

These warrant careful consideration and possible negotiation:

Auto-renewal clauses especially with short cancellation windows (under 60 days) or automatic price increases. One-sided indemnification where only you indemnify the vendor without reciprocal protection. Broad IP licensing giving vendor rights to use your data, content, or feedback beyond service delivery. Limitation of liability exclusions that carve out too many categories from the cap. Vague SLA remedies like "commercially reasonable efforts" without specific credits or refunds. Data subprocessor rights allowing unlimited third-party data sharing without notice. Assignment restrictions that prevent you from assigning during M&A without consent. Audit rights limitations that restrict your ability to verify compliance or security practices. Broad force majeure clauses that excuse performance for minor disruptions.

Red Flags (Requires Legal/Procurement Review)

If any appear, escalate before signing:

Unlimited liability exposure where your liability is uncapped while vendor's is limited. IP assignment or work-for-hire clauses that transfer ownership of your pre-existing IP or derivative works. Exclusive dealing requirements preventing use of competing services. Non-compete provisions restricting your business activities. Perpetual license grants to your data or content that survive termination. No termination for cause or unreasonably long cure periods (over 60 days). Mandatory arbitration with unfavorable venue, rules, or cost allocation. Unilateral modification rights allowing vendor to change terms without consent. Missing security commitments with no SOC 2, data encryption, or breach notification requirements. Unusual governing law in foreign jurisdictions or vendor-favorable states. Significant liquidated damages or penalties disproportionate to potential harm. Right of first refusal on future business or expansion. Most-favored-customer clauses with compliance burdens.

Analysis Approach

When reviewing a vendor agreement: Start by identifying the contract type (SaaS subscription, professional services, licensing, etc.) as expectations vary. Check liability and indemnification sections first—these have the highest risk exposure. Review termination provisions to understand your exit options. Examine data handling, especially for SaaS or any service processing your data. Flag any provisions that seem unusual for the contract type or value.