Questions to ask a software vendor before you sign

Starter checklist

• What evidence supports your core product claims — customer references, benchmarks, or audit results?
• How is tenant data isolated, encrypted at rest and in transit, and who can access production data?
• What is your incident response process and when did you last test it?
• How do you handle sub-processors, data residency, and GDPR/UK GDPR requests?
• What are the true limits of your AI features — models used, training data, and human oversight?
• What happens to our data on contract termination — export format and deletion timelines?
• What contractual SLAs, liability caps, and indemnities do you offer enterprise customers?
• What is on your 12-month roadmap that could affect our integration or compliance posture?
• What lock-in risks exist — proprietary formats, export APIs, and migration support?
• Who owns IP for configurations, custom workflows, and data we contribute?

Go deeper with Scaler Audit

Generic lists miss vendor-specific gaps. Run a free assessment and get questions tied to the risks Scaler Audit finds in your evaluation — product, technical, security, commercial, and AI.