⚖️Buying Guides

The SaaS Negotiation Checklist Every IT Leader Needs Before Signing

A practical, no-nonsense checklist for negotiating enterprise SaaS contracts. Covers pricing, terms, security, data rights, and exit planning — organized by what to verify before, during, and after the negotiation.

May 2, 2026
14 min read
🔍
Buying Guides

The SaaS Negotiation Checklist Every IT Leader Needs Before Signing

You've evaluated the product, picked a vendor, and the sales rep just sent over the contract. Before you sign, run through this checklist. It's built from real mistakes — each item exists because someone, somewhere, got burned by skipping it.

Print this out. Tape it to your monitor. Use it every time.

Before You Negotiate

These steps happen before the first pricing call. Skip them and you're negotiating blind.

Know Your Position

  • [ ] Document your actual requirements. Not features that sound nice — features you'll use in the first 90 days. Everything else is negotiating power you're giving away for free.
  • [ ] Calculate your true budget. Include implementation, training, integration work, and 6 months of parallel running costs if you're replacing an existing tool. The license fee is typically 30-40% of the real first-year cost.
  • [ ] Get at least one competing quote. Real quotes from real vendors, not just pricing page screenshots. Vendors can tell the difference between a genuine alternative and a bluff.
  • [ ] Know your timeline. If you need the tool deployed by Q3, don't reveal that. Urgency eliminates your bargaining position. Let the vendor think you're happy to take another quarter to decide.
  • [ ] Check the vendor's fiscal calendar. Negotiating in the last two weeks of the vendor's quarter (especially Q4) gives you measurably better pricing. Their sales rep needs your deal to close more than you need their software this week.

Understand the Vendor

  • [ ] Research recent pricing changes. Has this vendor raised prices on existing customers recently? Check forums, Reddit, Hacker News, and Gartner Peer Insights for complaints. Past behavior predicts future behavior.
  • [ ] Identify the vendor's competitive pressure points. If they're losing deals to a specific competitor, mentioning that competitor in negotiation carries weight. If they're the market leader with no real competition, your negotiating power is limited. Plan accordingly.
  • [ ] Talk to current customers. Not references the vendor provides — find your own through LinkedIn, industry groups, or peer networks. Ask about renewal pricing, support quality, and anything they wish they'd negotiated.

Pricing Terms

The most expensive mistakes live here.

Rate and Escalation

  • [ ] Lock in pricing for the full term. No language allowing "price adjustments" or "then-current list prices" at renewal. Your Year 1 rate should be your Year 3 rate.
  • [ ] Cap annual increases. If the contract spans multiple years, cap increases at CPI or 3%, whichever is lower. Reject any increase tied to the vendor's discretion.
  • [ ] Get the renewal rate in writing now. Don't accept "we'll discuss renewal pricing when the time comes." If Year 1 is discounted, know exactly what Year 4 costs before you sign Year 1.
  • [ ] Confirm what happens if you reduce seats/usage. Can you scale down, or only up? Some contracts allow adding users but not removing them during the term.
  • [ ] Understand true-up terms. If you go over your committed usage, what's the overage rate? It should match your contracted rate, not list price.

Payment and Billing

  • [ ] Negotiate payment terms. Net-60 or Net-90 is standard for enterprise. Don't accept Net-30 without a reason.
  • [ ] Push for quarterly billing over annual prepayment. Annual prepayment gives the vendor your money upfront with no incentive to keep you happy. Quarterly billing keeps them motivated.
  • [ ] Confirm proration policy. If you add users mid-cycle, are you prorated? If you remove users, do you get credit? Get both answers.
  • [ ] Verify no hidden fees. Implementation fees, onboarding fees, API access fees, data export fees, premium support fees, ask for a complete fee schedule.

Contract Terms

This is where legal earns its salary.

Renewal and Termination

  • [ ] Eliminate auto-renewal or reduce the notice window. Auto-renewal with a 90-day notice window is a trap. Push for 30 days, or require the vendor to send you a renewal notice before any auto-renewal takes effect.
  • [ ] Add a termination for convenience clause. You should be able to exit with 60-90 days' notice and a prorated refund, especially for multi-year deals.
  • [ ] Include a material breach termination right. If the vendor fails to meet their SLA for 3+ months, you can exit without penalty.
  • [ ] Get a post-termination access period. 90 days of read-only access after termination to complete data migration.

Service Levels

  • [ ] Get a real SLA, not a marketing SLA. 99.9% uptime sounds good until you realize the penalty for missing it is a service credit worth 5% of one month's fee. Negotiate meaningful consequences, fee reductions, not credits.
  • [ ] Define uptime clearly. Does scheduled maintenance count against uptime? What about partial outages that affect some features but not others? Degraded performance? Get clarity.
  • [ ] Require incident communication standards. Within what timeframe must the vendor notify you of an outage? What level of detail must they provide? Who is your escalation contact?

Change Protection

  • [ ] Add a feature-lock clause. Any feature included in your tier at signing stays in your tier for the contract duration. If the vendor moves features to higher tiers, your access is grandfathered.
  • [ ] Include change-of-control provisions. If the vendor is acquired, you get the right to terminate within 90 days if the acquiring company materially changes the product, pricing, or support.
  • [ ] Protect against SKU restructuring. The vendor can't increase your effective cost by renaming, rebundling, or reorganizing their product line during your contract.

Security and Compliance

Non-negotiable for any enterprise deal.

Security Requirements

  • [ ] Review their SOC 2 Type II report. Not Type I. Type II covers a period of operation, not just a point in time. If they don't have one, that's a red flag for any vendor handling sensitive data.
  • [ ] Confirm encryption standards. Data encrypted at rest (AES-256) and in transit (TLS 1.2+). Ask where encryption keys are managed and who has access.
  • [ ] Verify their incident response process. How quickly will they notify you of a breach that affects your data? 72 hours isn't fast enough for most regulatory requirements, push for 24-48 hours.
  • [ ] Check their subprocessor list. Who does the vendor share your data with? Cloud providers, analytics tools, support platforms, each one extends your attack surface.
  • [ ] Confirm SSO/SAML support is included. Not in a higher tier, not as an add-on, included. The "SSO tax" is a vendor charging you more for basic security.

Data Rights

  • [ ] You own your data. Period. The contract should state explicitly that all data you input remains your property. The vendor gets a license to process it for service delivery, nothing more.
  • [ ] Specify data export format. CSV and JSON at minimum, via documented API. No proprietary formats, no "data extraction fees," no rate limits that make full export take weeks.
  • [ ] Define data deletion on termination. Within 30 days of contract end, the vendor must delete all your data and certify that deletion in writing.
  • [ ] Confirm data residency. Where is your data stored? Which regions? Can you choose? This matters for GDPR, data sovereignty laws, and industry regulations.
  • [ ] Restrict vendor use of your data. No using your data for training ML models, benchmarking, or "anonymized" aggregate analytics without explicit opt-in.

Implementation and Support

The contract is signed. Now make sure you actually get what you paid for.

Implementation

  • [ ] Get implementation milestones in writing. Dates, deliverables, and what happens if the vendor misses them. Vague timelines like "8-12 weeks" should be replaced with a specific project plan.
  • [ ] Confirm who's doing the implementation. The vendor's A-team does the demo. Make sure the A-team does the implementation too, or at least oversees it. Ask for named resources.
  • [ ] Document everything the sales rep promised. Every verbal commitment. "we'll handle the migration," "we'll customize that report for you," "support response time is under 4 hours", goes into the contract as a deliverable. If it's not written down, it doesn't exist.

Ongoing Support

  • [ ] Define support tiers and response times. Not just "24/7 support", what's the response time for critical issues vs. general questions? What's the escalation path?
  • [ ] Confirm your support channel. Email, phone, chat, dedicated CSM? Know what you're getting before you need it.
  • [ ] Get a named account manager or CSM. Having a specific person who knows your account is worth more than any SLA guarantee.
  • [ ] Negotiate training. Initial training for your team should be included. Ask for recorded sessions, documentation access, and a set number of refresher training hours per year.

Exit Planning

Start planning your exit the day you sign. Not because you expect to leave, but because having an exit plan gives you use at every renewal.

  • [ ] Test data export in the first 90 days. Run a full export, verify the data is complete and usable, and document the process. If export doesn't work now, it definitely won't work under termination pressure.
  • [ ] Maintain a list of alternatives. Keep it updated. When renewal time comes, you should be able to credibly say "we've evaluated alternatives" because you actually have.
  • [ ] Document your integrations. Every connection between this tool and your other systems, with notes on how it was configured. This is your migration blueprint.
  • [ ] Track actual usage. Who's using it, how much, which features. This data powers your renewal negotiation and helps you identify shelfware before it costs you.

The Solo Buyer and Small Team Version

You do not have a procurement department. You might not have a lawyer. Here is the stripped-down checklist for individual buyers and teams under 10.

Before you buy:

  • [ ] Test the free tier or trial with your real work, not a demo project
  • [ ] Check if you can export your data in a standard format (CSV, JSON, Markdown) before you commit anything important
  • [ ] Search Reddit and Hacker News for complaints about the tool, pricing changes specifically
  • [ ] Compare annual vs. monthly pricing and decide if you are committed enough for annual

When you sign up:

  • [ ] Screenshot the pricing page and terms of service on the day you subscribe, vendors change these and claim the new terms always applied
  • [ ] Set a calendar reminder 30 days before renewal to evaluate whether you still use and need the tool
  • [ ] Use a dedicated email for SaaS signups so renewal notices do not get lost in your main inbox
  • [ ] Track every subscription in a spreadsheet or tool like Notion: name, cost, renewal date, cancellation method

Ongoing:

  • [ ] Audit subscriptions quarterly, cancel anything unused for 30+ days
  • [ ] When a tool raises prices, evaluate alternatives before paying, not after
  • [ ] Keep your data portable, export periodically even if you are not planning to leave

This takes 30 minutes to set up and saves hundreds of dollars a year. Most individuals are paying for 2-3 subscriptions they have forgotten about.

The Three Rules

If you remember nothing else from this checklist, remember these:

1. Read the order form, not just the MSA. The Master Service Agreement gets legal review. The order form, where the pricing, terms, and product specifics actually live, often gets signed by a business owner without scrutiny. This is where most traps hide.

2. Everything is negotiable. The vendor's "standard terms" are standard because no one pushed back. Pricing, payment terms, SLAs, auto-renewal, termination rights, all of it can be changed. The vendor wants your deal. Use that.

3. The contract protects you when the relationship goes wrong. You're not negotiating hard terms because you distrust the vendor. You're negotiating them because people change, companies get acquired, priorities shift, and the sales rep who promised you the world last year is working at a competitor now. The contract is what's left when the goodwill runs out.


This checklist is a starting point, not a replacement for legal counsel. For contracts over $100K annually, involve a lawyer who specializes in software licensing. The cost of legal review is trivial compared to the cost of a bad contract.

Related reads:

#negotiation#checklist#enterprise#procurement#contracts#it-leadership
Found this useful? Share it