This checklist is the capstone article of our IT Contract Negotiation Strategy cluster. Each checklist category links to a dedicated deep-dive guide covering the relevant provisions in detail. For the most comprehensive coverage, read this checklist in conjunction with the individual guides on price escalation, SLA negotiation, audit rights, liability caps, data portability, termination for convenience, benchmarking clauses, software escrow, IP ownership, and change of control.
How to Use This Checklist
Priority ratings reflect importance relative to contract value and term. CRITICAL items should be reviewed and negotiated in every significant enterprise contract. HIGH items apply to most enterprise contracts and should be reviewed unless there is a specific reason to waive. MEDIUM items are important for large, long-term, or high-risk relationships. Engage specialist negotiation advisors for CRITICAL items where your team lacks recent deal experience with the specific vendor.
Category 1: Pre-Negotiation Preparation
The most common source of poor contract outcomes is entering negotiations without adequate preparation. These seven items ensure your team has the information and leverage needed to negotiate effectively.
PRE-NEGOTIATION 7 Items
01
BATNA clearly defined and documented
What is your credible alternative if negotiations fail? A real BATNA (alternative vendor, build option, third-party support) changes your negotiating position fundamentally. See our
BATNA guide.
CRITICAL
02
Market pricing benchmarked before negotiation
Do you know what comparable buyers pay for equivalent volumes? Engaging a benchmarking firm (NPI, ISG, Gartner) before negotiation gives you an objective anchor for pricing discussions.
CRITICAL
03
Vendor fiscal calendar reviewed for timing leverage
Quarter-end and year-end deals consistently achieve better discounts. Map the vendor's fiscal calendar before setting your negotiation timeline. See our
timing strategy guide.
HIGH
04
Negotiation team roles defined
Commercial lead, technical authority, legal reviewer, and finance sign-off should be identified. Vendors exploit poorly coordinated buyer teams. See our
team structure guide.
HIGH
05
Vendor M&A and financial stability assessed
Is the vendor a PE acquisition target? Financially stressed? Recently acquired? These factors determine what change-of-control and continuity provisions are essential. See our
change of control guide.
HIGH
06
Usage data and licence position documented
For renewals, do you know your actual licence utilisation? Unused licences are negotiating currency. Overdeployment is a liability. Get accurate data before entering renewal discussions.
CRITICAL
07
Competitive RFP or quotes obtained
Even if you intend to stay with the incumbent, a competitive quote process demonstrates BATNA credibility. See our
competitive bidding guide.
HIGH
Category 2: Pricing and Fees
Pricing provisions determine not just the initial cost but the total cost of ownership over the contract term. These 10 items cover the most commercially significant pricing clauses. See our detailed guide on price escalation negotiation.
PRICING 10 Items
08
Annual price escalation cap negotiated and capped at CPI
Vendor-standard escalation is often 5–10% or "at vendor's discretion." Negotiate a hard cap tied to CPI (or a CPI +1% maximum). Compound escalation over 5 years at 8% increases cost by 47%. See our
escalation guide.
CRITICAL
09
Benchmarking right included for multi-year contracts
Long-term contracts without benchmarking rights lock you into above-market pricing with no remedy. Annual benchmarking with independent firm and meaningful remedy (5% threshold, termination right) is the target. See our
benchmarking guide.
HIGH
10
Most-favoured-nation (MFN) clause negotiated
Requires the vendor to offer you their best pricing for equivalent volume. Prevents the vendor from offering better terms to comparable buyers while maintaining your higher price.
HIGH
11
True-up and true-down mechanics defined
For volume-based licences, ensure the contract allows both true-up (additional users/usage) and true-down (licence reduction). Many contracts allow only true-up — locking you into paying for unused licences indefinitely.
CRITICAL
12
Discount documented in writing with basis clearly stated
Verbal or informal discounts are rarely honoured at renewal. All discounts must be captured in the contract or order form, not side letters or email commitments.
CRITICAL
13
New product and feature pricing locked
Vendors frequently introduce new pricing tiers for features that were previously included. Negotiate specific language that new functionality introduced during the term remains within existing pricing.
HIGH
14
Multi-year discount quantified and committed
If giving a multi-year commitment, ensure the discount for multi-year commitment is explicit, significant (typically 10–20% vs annual), and documented. The multi-year discount must outweigh the flexibility you are giving up.
HIGH
15
Tax and currency treatment specified
For cross-border contracts, specify the currency of payment, the party responsible for currency risk, and the treatment of VAT/GST and withholding taxes. Currency risk on multi-year contracts can be significant.
MEDIUM
16
Pricing for additional business units/subsidiaries agreed
Expansion pricing for M&A or organic growth is often dramatically above renewal pricing for existing seats. Negotiate expansion pricing caps at contract signature, when leverage is highest.
HIGH
17
Professional services and implementation pricing capped
Professional services rates are often uncapped in software contracts. Negotiate rate caps, project-based fixed-price options, and most-favoured pricing for professional services used within the contract term.
MEDIUM
Category 3: Service Levels and Support
SLA provisions determine the quality of service you receive and the remedies available when service fails. See our SLA negotiation guide for detailed coverage.
SLA / SUPPORT 8 Items
18
Uptime SLA matches business criticality
99.9% uptime (8.8 hrs downtime/year) vs 99.99% (52 minutes/year) is a meaningful difference for mission-critical systems. SLA targets should reflect actual business impact of outages, not vendor defaults.
CRITICAL
19
Planned maintenance excluded from SLA measurement only within defined windows
Many SLAs exclude all planned maintenance from uptime calculations — even maintenance conducted during business hours. Negotiate maintenance windows to weekends/off-peak, with advance notice requirements.
HIGH
20
SLA credits are meaningful and auto-triggered
Credits of 5–10% of monthly fees for SLA breaches are commercially trivial for major outages. Push for credits up to 100% of monthly fees for extended outages, triggered automatically without requiring the buyer to claim.
CRITICAL
21
"Sole remedy" restriction challenged or removed
Many SLAs specify that credits are the "sole remedy" for SLA breaches, preventing the buyer from claiming other damages even for extended failures. Push to remove or limit the sole remedy restriction for material, repeated SLA failures.
HIGH
22
Response time SLAs defined by severity level
Incident response SLAs should define severity levels (P1–P4), response time targets, and escalation paths for each level. Vendor defaults often have inadequate P1 (critical system down) response requirements.
HIGH
23
Support channels and hours specified
Phone, email, chat, and portal support have very different response characteristics. Ensure the contract specifies which channels are available and their hours of operation, not just a general "support" obligation.
MEDIUM
24
Named support contacts or dedicated support tier negotiated
For large contracts, dedicated or named support contacts (vs general support queues) significantly improve response quality. This is achievable as part of enterprise-tier agreements for significant spend.
MEDIUM
25
Performance benchmarking right included (not just SLA compliance)
SLA compliance verifies whether agreed standards are met — performance benchmarking verifies whether agreed standards remain competitive relative to the market. Both are needed for long-term contracts. See our
benchmarking guide.
MEDIUM
Want a full contract review against this checklist?
Our advisors review enterprise software contracts against all 75 points — identifying critical gaps before you sign.
Get a Review
Category 4: Intellectual Property
IP provisions have become increasingly significant as software relationships generate proprietary data, custom development, and AI-generated outputs. See our IP ownership guide for detailed coverage.
INTELLECTUAL PROPERTY 8 Items
26
Customer data ownership explicitly stated as belonging to buyer
Standard SaaS terms acknowledge data ownership but may grant extensive processing rights. Ensure ownership is stated clearly and that processing rights are limited to service delivery. See our
IP guide.
CRITICAL
27
AI training prohibition on customer data negotiated
Many enterprise SaaS vendors now use customer data to train AI models. Explicit prohibition required — general confidentiality provisions do not prevent this. See our
IP guide.
CRITICAL
28
Bespoke development IP ownership specified
If the vendor is building custom features or integrations funded by the buyer, the IP ownership should be buyer (with licence-back to vendor), not vendor (with licence to buyer).
HIGH
29
Feedback clause IP assignment removed
Standard feedback clauses transfer IP in product suggestions to the vendor. Replace IP assignment with a licence to implement — preserves vendor's ability to act on feedback without acquiring IP ownership.
HIGH
30
Derivative works definition narrowed
Broad derivative works definitions can capture buyer-created configurations and integrations. Push for a narrow definition that excludes buyer-created artefacts implemented on the vendor platform.
MEDIUM
31
SI/implementor IP ownership reviewed separately
Implementation partner contracts are separate from software licences. Ensure SI contracts specify buyer ownership of all implementation artefacts (scripts, configurations, integrations) funded by the buyer.
HIGH
32
AI-generated output ownership clarified
For AI platform contracts, ensure outputs are clearly assigned to the buyer, with vendor warranties that outputs do not infringe third-party IP.
HIGH
33
IP warranty and indemnification from vendor confirmed
Vendor should warrant that the software does not infringe third-party IP and should indemnify the buyer against third-party IP infringement claims. Many standard terms limit this warranty significantly.
CRITICAL
Category 5: Data Rights and Privacy
Data provisions address how customer data is handled, exported, and deleted. See our data portability guide for detailed coverage.
DATA RIGHTS 8 Items
34
Data export right in open, documented format
Proprietary export formats create practical lock-in even where contractual portability exists. Specify export in open formats (CSV, JSON, XML) that can be imported into alternative systems.
CRITICAL
35
Post-termination data access period specified (minimum 90 days)
The window to export data after termination is often 30 days or less in standard terms. For large datasets, 90–180 days is the minimum needed for a reliable export. See our
data portability guide.
CRITICAL
36
Data deletion confirmation required post-termination
After the post-termination access period, the vendor should provide written confirmation that all customer data (including backups) has been permanently deleted.
HIGH
37
Data residency requirements specified
For regulated industries, data must remain within specified geographic boundaries. Ensure the contract specifies permitted data locations and that the vendor warrants compliance with data residency requirements.
HIGH
38
Sub-processor list disclosed and update notification required
GDPR and equivalent regulations require disclosure of sub-processors. Ensure the vendor provides a current list and commits to advance notification before adding new sub-processors processing personal data.
HIGH
39
Breach notification timelines specified
GDPR requires notification to supervisory authorities within 72 hours of a breach. Your vendor contract should require the vendor to notify you within 24–48 hours of becoming aware of a breach affecting your data.
CRITICAL
40
Third-party sharing restrictions specified
Vendor should be prohibited from sharing customer data with third parties except as necessary to deliver the service, without the buyer's written consent. This includes aggregated or anonymised versions.
HIGH
41
Data processing agreement (DPA) in place
For personal data processing, a Data Processing Agreement is legally required under GDPR and most equivalent regimes. Ensure the DPA covers all relevant processing activities and meets legal requirements.
CRITICAL
Category 6: Audit Rights and Compliance
Audit rights clauses must be negotiated carefully — they affect both your ability to verify vendor performance and your exposure to vendor-initiated licence audits. See our audit rights guide.
AUDIT RIGHTS 7 Items
42
Vendor audit rights restricted: advance notice, scope, frequency
Push for 30+ days advance notice, agreement on audit scope before commencement, audits limited to once per 12 months, and a prohibition on audits conducted during business-critical periods.
CRITICAL
43
Audit cost responsibility specified
Vendor audits should be at the vendor's cost unless the audit reveals a material underpayment (typically >5%). Auditor independence should be required — internal auditors or conflicted third-party auditors should not be accepted.
HIGH
44
Audit findings dispute mechanism specified
If you dispute audit findings, you should have the right to commission an independent counter-audit and to dispute findings before any payment obligation arises. Many standard terms require payment of disputed amounts while dispute is pending.
HIGH
45
Safe harbour for good-faith compliance efforts
Where non-compliance results from genuine misunderstanding rather than deliberate avoidance, the contract should limit remediation to true-up (not penalties). Penalties for accidental non-compliance are commercially inappropriate.
HIGH
46
Your right to audit vendor SLA and security compliance
Buyers should have the right to audit vendor SLA performance data, security practices, and compliance with data processing obligations — not just a right to receive self-reported metrics.
MEDIUM
47
Licence position monitoring tool access negotiated
For complex licences (Oracle, SAP, Microsoft), negotiate access to vendor-provided or third-party licence monitoring tools as part of the contract, to allow ongoing compliance verification without depending on vendor auditors.
MEDIUM
48
Limitation period for retrospective audit claims specified
Specify a limitation period (2–3 years) for retrospective licence claims from audits. Preventing vendors from pursuing claims for historical periods longer than the limitation period provides important financial predictability.
HIGH
Category 7: Liability and Indemnification
Liability provisions determine your financial protection when vendor failures cause business losses. See our liability caps guide for detailed coverage.
LIABILITY 6 Items
49
Liability cap level commercially meaningful
The default cap of 12 months' fees covers 2–10% of the expected cost of a major data breach or extended outage for most enterprise buyers. Push for 3–5× annual fees for critical systems, with no cap for IP infringement and data protection breaches.
CRITICAL
50
Consequential damages exclusion does not apply to data breaches and IP claims
Standard terms exclude all consequential and indirect losses. Push for carve-outs that preserve the buyer's right to claim consequential losses for data breaches, security failures, and IP infringement.
CRITICAL
51
IP indemnification by vendor is comprehensive
Vendor should indemnify buyer for third-party IP infringement claims arising from use of the vendor's software. Exclusions for buyer modifications or third-party integrations should be narrowly drawn.
HIGH
52
Data breach indemnification specified
Where the vendor processes personal data, the vendor should indemnify the buyer for losses caused by vendor security failures resulting in data breaches, including regulatory fines attributable to vendor's non-compliance.
CRITICAL
53
Limitation of liability applies symmetrically
Some vendor contracts cap the vendor's liability while imposing unlimited liability on the buyer for certain breach categories. Review carefully for asymmetric liability provisions and push for symmetrical treatment.
HIGH
54
Uncapped liability carve-outs reviewed and limited
Most contracts include categories of uncapped liability (gross negligence, wilful misconduct, IP infringement, data protection). Review the uncapped categories from both sides: ensure they protect you while not exposing you to unlimited liability.
HIGH
Category 8: Exit, Escrow, and Continuity
Exit provisions determine how gracefully a software relationship can end. See our guides on termination for convenience, software escrow, and change of control.
EXIT / CONTINUITY 8 Items
55
Termination for convenience right included with reasonable notice
The right to exit a contract (with 90–180 days' notice) is the most powerful commercial protection available to buyers. It keeps vendors commercially honest throughout the term. See our
T4C guide.
CRITICAL
56
Early termination charges capped or eliminated
Many contracts include early termination charges equal to the remaining contract value — eliminating any commercial value of the termination right. Push for charges limited to genuinely sunk costs or eliminated entirely.
CRITICAL
57
Transition assistance obligation included (12–24 months)
Following termination notice, the vendor should be obliged to continue operating the service and providing transition support for 12–24 months, to allow migration to an alternative. See our
T4C guide.
HIGH
58
Software escrow in place for business-critical on-premises applications
Source code escrow with annual verification testing is essential for mission-critical, proprietary on-premises software. See our
escrow guide for what the deposit must include and how to ensure it is complete.
CRITICAL
59
Change of control provision includes meaningful buyer rights
At minimum, notification + price protection. Where achievable: consent right, renegotiation right, and termination right if renegotiation fails. See our
change of control guide.
CRITICAL
60
SaaS operational continuity obligations specified
For SaaS contracts where source code escrow is not practical, negotiate operational continuity obligations — requiring the vendor to continue operating the service for 12–24 months following a triggering event.
HIGH
61
Vendor insolvency protections addressed
In addition to escrow, consider: prepayment risk (avoid large upfront payments to financially distressed vendors); security deposit rights; and automatic assignment of the contract to the buyer on insolvency for critical relationships.
HIGH
62
Dispute resolution mechanism specified
Specify governing law, jurisdiction, and preferred dispute resolution mechanism (mediation before arbitration or litigation). For cross-border contracts, jurisdiction and governing law are particularly important.
MEDIUM
Category 9: Contract Terms and Governance
CONTRACT GOVERNANCE 7 Items
63
Renewal auto-renewal notice period is adequate (minimum 90 days)
Many contracts auto-renew at the vendor's then-current list price if the buyer fails to give notice within a specified window. Ensure the notice period is adequate (90–180 days) and that adequate internal process is in place.
CRITICAL
64
Order of precedence defined
Where a contract consists of multiple documents (MSA, order form, vendor's standard terms, DPA), the order of precedence — which document wins in case of conflict — must be explicit. Buyer-negotiated terms should take precedence over vendor standard terms.
HIGH
65
Terms of service / standard terms amendment right limited
Many SaaS vendors reserve the right to amend their standard terms on 30 days' notice. For enterprise contracts, negotiate that standard terms cannot be amended unilaterally — changes require written agreement.
HIGH
66
Subcontractor and assignment rights appropriately restricted
Vendors should not be able to assign the contract or subcontract material obligations without the buyer's consent. Subcontractors providing critical services should be listed and subject to the same obligations as the vendor.
MEDIUM
67
Governance and review meeting cadence specified
For significant contracts, specify a governance framework including regular review meetings, service reviews, and executive escalation paths. Governance structures prevent relationship drift and create a forum to address issues before they escalate.
MEDIUM
68
Product roadmap commitments captured in contract (where applicable)
If product roadmap commitments (feature delivery, platform support timelines) influenced your buying decision, they should be captured contractually — not just in pre-sales materials or emails. Include a remedy for material roadmap failures.
MEDIUM
69
Force majeure clause reviewed and scoped narrowly
Vendor force majeure clauses are often very broad. Ensure the clause does not excuse vendor performance for events that are foreseeable or preventable, and that the buyer can terminate if force majeure continues for more than 60–90 days.
MEDIUM
Category 10: Vendor-Specific Traps
Each major enterprise software vendor has specific commercial practices and contract traps that buyers should be alert to. For detailed guidance, see our vendor-specific negotiation guides for Oracle, Microsoft, SAP, Salesforce, and Broadcom/VMware.
VENDOR-SPECIFIC 6 Items
70
Oracle: VMware/virtualisation and processor licensing rules confirmed
Oracle's licensing of virtualised environments is the most complex and audit-prone area in enterprise software. Ensure your deployment model is explicitly covered by your licence, and that virtualisation rules are clearly documented. See our
Oracle VMware guide.
CRITICAL
71
Microsoft: NCE pricing model and monthly premium trap reviewed
Microsoft NCE imposes a 20% premium for monthly-commitment licences vs annual commitment. Review the commitment structure across your Microsoft estate for hidden cost drivers. See our
NCE guide.
CRITICAL
72
SAP: Indirect access / digital access exposure assessed
Third-party applications that access SAP data — even indirectly — may create substantial unlicensed use exposure. SAP's Digital Access model changed the rules; ensure your deployment is compliant or explicitly licensed. See our
indirect access guide.
CRITICAL
73
Salesforce: Data Cloud credit burn and shelfware reviewed
Salesforce's AI and Data Cloud products consume credits that can be depleted faster than expected. Audit licence utilisation across your Salesforce estate before renewal — shelfware rates exceed 30% in many enterprise deployments. See our
shelfware guide.
HIGH
74
Broadcom/VMware: VCF bundle forced purchasing impact modelled
Broadcom's VCF subscription model forces purchasing of bundled products whether or not the buyer uses all components. Model the full VCF cost vs selective deployment of alternatives. See our
VCF guide.
CRITICAL
75
Cloud: Committed spend (EDP/MACC/GCP Commit) terms reviewed carefully
Cloud commitment programmes lock in spend levels with limited flexibility for volume reduction. Ensure committed spend levels reflect realistic consumption forecasts, with review mechanisms if consumption falls short. See our
cloud negotiation guide.
CRITICAL
Want expert help working through this checklist?
Redress Compliance — ranked #1 overall — provides end-to-end contract review and negotiation support for enterprise buyers across all major vendors.
Get Matched
Frequently Asked Questions
How long should a software contract review take?
A thorough review of a significant enterprise software contract — using a checklist framework of this type — typically takes 2–4 weeks for an experienced contract reviewer. Rushing the review process under vendor-imposed time pressure is one of the most common causes of unfavourable contract outcomes. Build adequate review time into your procurement timeline and communicate this to vendors from the outset.
Which items on this checklist are non-negotiable?
No contract provision is truly non-negotiable for a vendor that wants to close the deal. However, CRITICAL items — particularly pricing escalation caps, liability provisions for data breaches, data ownership, termination rights, and audit scope restrictions — represent minimum standards for enterprise contracts. Accepting unfavourable positions on CRITICAL items for the sake of closing quickly typically results in costs that far exceed any short-term savings from simplifying the process.
Should I use external advisors for contract negotiation?
For contracts above £1m annually or with terms of 3+ years, specialist negotiation advisors typically deliver ROI of 3–10× their fees through improved pricing, better contract protections, and avoided traps that internal teams miss. For complex vendor relationships (Oracle, SAP, Microsoft, Salesforce, Broadcom), where vendor sales teams negotiate hundreds of contracts per year, specialist advisors with current deal intelligence are particularly valuable. See our
rankings of top negotiation consulting firms.
This checklist works best when used in conjunction with our individual deep-dive guides on each topic area. Start with the IT Contract Negotiation Strategy pillar page for an overview of the complete framework, then dive into the specific guides most relevant to your current negotiation.