Vendor Contract Checklist: What to Include in Every Contract
Before signing any vendor contract, review these eight categories of terms. Miss even one — especially the renewal and termination section — and you're exposed to costs and risks that can be avoided entirely with a five-minute review.
Track every item on this checklist in Vendorm8
Store contracts, track renewal dates, record DPA status, and set automated reminders — all in one place, for €19/month.
Try Vendorm8 Free — 14 DaysThis checklist is organized by contract section. Use it when reviewing a new vendor contract, when auditing existing contracts, or when setting up a vendor record in your management system. The most critical section — renewals and termination — is highlighted with a warning banner.
Basic contract details
- Full legal name and registered address of both parties
- Contract effective date and initial term duration
- Scope of services — what exactly is covered
- Deliverables, timelines, and acceptance criteria (for project-based contracts)
- Contract owner name and contact information on both sides
- Governing law and jurisdiction
Pricing and payment terms
- Total contract value and payment schedule
- Per-user or per-seat pricing (if applicable) and calculation method
- Price increase terms — maximum allowed increase at renewal, notice required
- Currency and payment method
- Late payment penalties or interest clauses
- Invoicing schedule and approved invoice recipients
- Conditions for additional charges beyond the base contract
⚠ Renewal and termination terms — CRITICAL
Pay particular attention here — these terms determine your risk of surprise auto-renewals and your ability to exit.
- Auto-renewal clause: does the contract renew automatically?
- Renewal date: exact calendar date when the contract renews
- Cancellation notice period: how many days before renewal must you notify to cancel?
- Cancellation method: does cancellation require written notice, specific form, or registered mail?
- Early termination clause: can you exit before the renewal date, and at what cost?
- Price at renewal: does the contract lock in pricing at renewal, or revert to list price?
Service levels and performance
- Uptime or availability commitments (e.g., 99.9% SLA)
- Support tiers and response time guarantees
- Remedies for SLA failures (credits, termination rights)
- Performance metrics and how they are measured and reported
- Escalation procedures for unresolved issues
Data and GDPR compliance
- What personal data the vendor will access or process
- The vendor's role: data processor or independent data controller?
- Data Processing Agreement (DPA): signed and attached?
- Data storage location: where is the data hosted?
- Sub-processors: disclosed, and do they require your approval?
- Data transfer mechanism for non-EU storage (SCCs, adequacy decision, etc.)
- Data retention period and deletion process upon contract termination
- Security measures: encryption, access controls, breach notification timeline
Intellectual property and confidentiality
- Ownership of work product and deliverables
- Your data: confirmation that vendor cannot use your data for their own purposes
- Non-disclosure obligations — duration and scope
- Non-solicitation clause (if relevant)
- License grants and restrictions for software or IP provided under the contract
Liability and insurance
- Limitation of liability: maximum liability cap and exclusions
- Indemnification: who covers what types of claims
- Required insurance types and minimum coverage amounts
- Force majeure provisions: what events excuse non-performance
What to record in your vendor registry after signing
- Renewal date (add to vendor management system immediately)
- Cancellation deadline: renewal date minus notice period
- Reminder cadence: set 90/60/30-day reminders from signing
- Annual contract value
- Owner: who is responsible for managing this relationship?
- Data processing status: does this vendor process personal data?
- DPA status: signed / pending / not applicable
- Document storage: upload signed contract PDF to vendor record
- Risk classification: Low / Medium / High
Red flags to watch for in vendor contracts
- Auto-renewal with short cancellation windows. A 90-day cancellation notice on a monthly billing cycle means you need to decide to cancel 3 months before the renewal date. Many teams miss this and get locked in.
- Price increase clauses with no cap. Some contracts allow price increases at renewal at the vendor's discretion. Push for a fixed maximum increase percentage (e.g., 5% per year).
- Unilateral terms changes. Clauses that allow the vendor to change terms with minimal notice. Insist on a minimum notice period (30–60 days) for material changes.
- Broad data use rights. Language that allows the vendor to use your data for product improvement, aggregated analytics, or training purposes. Negotiate to limit this or opt out.
- Vague SLAs with no remedies. An uptime commitment without a defined remedy (credit, termination right) is not a real commitment. Ensure SLA failures have defined consequences.
- No DPA offer for a data processor. Any vendor that processes your customers' or employees' personal data must sign a DPA under GDPR. A vendor that refuses to sign one is a compliance risk.
After signing: set up your vendor record
The work doesn't end when you sign. The moment a contract is executed, create or update the vendor record in your management system with:
- The exact renewal date
- Automated reminders at 90, 60, and 30 days before renewal
- The cancellation deadline (renewal date minus notice period)
- The signed contract PDF attached to the record
- DPA status and signed DPA document
- Named contract owner
This setup takes 5 minutes per vendor and eliminates the single biggest cause of vendor management failures: surprise renewals that nobody saw coming.
Track every vendor contract in one place
Vendorm8 stores your contracts, tracks renewal dates, sends automated reminders, and keeps your DPA records — for €19/month flat.
Start Free Trial — 14 DaysNo credit card required. Import your vendor list in minutes.