Vendor Contract Negotiation: Best Practices & Tricks of the Trade

Posted by Tom McKeever | Jul 20, 2023 | 0 Comments

In this video, technology transactions attorney Tom McKeever discusses how to improve vendor outcomes for your business, save a few bucks, and lots of headache.

Download Slides


  • Be Clear about what you want from Vendor/Service Providers
  • Pre-Negotiation Preparation & Process Overview
  • Negotiating “Business” Terms
  • The Contract—Get it in Writing
  • Breach, Disputes and Ability to Recover Damages

Identify what you want from Vendor/Service Provider

  • Features/functionality you care about
  • Good price—every little bit counts toward margins/enterprise value
  • Motivate vendor performance
  • Financial recourse if the vendor doesn't perform or causes damage
  • Ability to switch vendors
  • Protect data (if applicable)
  • Manage intellectual property issues (if applicable)

Pre-Negotiation Blocking & Tackling

  • Find out how the vendor sells, i.e., what is their revenue model(s)?
    • There may be several ways to buy
      • Users? Devices? Consumption? Site license?
    • Resources
      • Website/LinkedIn
      • Talk/chat/email with their inside sales or similar “generally”
      • Do you know anyone there who might help get a bigger discount?
      • What time of the year/quarter is it?
  • Decide how you want to purchase and discuss with vendor
  • Be sure vendor understands your goals and confirms they can satisfy
  • Check references/reputation
  • Negotiate “business” terms
  • Negotiate contract terms
  • Pre-Negotiation Blocking & Tackling

Negotiating “Business” Terms

Discount, Term, Renewal Term & Price Increases

  • Discount—treat the spend as if it is your money
    • List is just a starting point/suggestion—is set with discounting in mind
    • Will vary from product to product/how much you are buying and other factors
    • Emphasize potential for growth—as this means more money in their future too
    • Bigger commitment = bigger discount
  • Term and Renewal Term
    • One-year term with month-to-month renewal preferred for flexibility
    • Multi-year initial term or annual renewals = additional discount
  • Auto renew
    • No auto renew if require annual renewal– ok if month to month
    • Ok to require notice of non-renewal (e.g. 30/60/90 days)
      • set tickler
  • Price Increases--None in initial term (however long it is)
  • Not to exceed x% every 12 months thereafter – can track CPI or just be flat rate

Ideas for Negotiation Tactics

  • My company is growing so amount of business will keep going up
  • Talking to multiple suppliers and will go with best bid
  • Never accept first offer—counteroffer or ask them to get back with a better price
    • You can justify with: the amount of business you're offering, the fact that you
      want a long-term partnership, product includes services or features you don't
      intend to use, CFO will never approve without discount
  • Be a decent human being--if you're a problem to deal with you may not get the
    best deal – “jerk pricing”
    • Caveat. With some suppliers you may need to take the completely opposite
  • Let them know you have plenty of funding, pay bills on time and plan to treat the
    relationship as a partnership, where both parties get what they need
  • Reference the “bad guy”– CFO or often legal

Additional use during the term – accidental and planned

  • No negative surprises on fees!
    • How does vendor ensure you don't use more than you purchased?
      • Log in credentials?
      • Other?
  • Will not have been budgeted
  • If no vendor controls you should only pay at contract rate for any overage—
    and this needs to be in the contract
    • Can also manage by pre-negotiating additional discount if you need “extra capacity”
  • You should be able to adjust usage periodically at least within bands
  • “Site license” “all you can eat” concept or similar if a substantial discount
  • Consider how you will be growing in the future and how use may change

Implementation & Customization


  • Detail in a statement of work
  • What are the deliverables?
  • ID who responsible for what
  • Time and materials with not to exceed number?
  • Penalty for late completion?
  • Pay on delivery after acceptance?


  • Understand and address required customization costs early in the discussion
    • Extra fees
    • Internal resource burden
  • On balance choose a vendor where no customization required to keep costs down and reduce complexity
  • Consider intellectual property issues

Vendor Performance: Service Level, Service Availability and Service Credits

  • Different ways to measure “Service Level” / Acceptable v. Unacceptable
    • How long to respond to a request for help
    • How long to fix the problem
    • What hours they will provide support
    • Service availability: how much uptime v. downtime
      • Usually measured in .9% uptime
      • E.g., .9, .95, .99, .999, .9999, .99999
      • Does not include scheduled downtime for patching, updates etc ok but be clear on what is
        and is not included
      • Be clear over what period of time the uptime is measured
    • What is our remedy for not meeting promise?
      • Service credit?
      • Ability to terminate for chronic misses?
      • Other damages?
  • Service levels outlined in a separate document often called service level
    agreement (“SLA”) or similar
  • Contract should outline process for asking for credit
    • typically set an outside limit (e.g., 30 days from failure) to request credit
  • Remedy for breach
    • Credit is usually free services or additional discounts for future services
    • Should include right to terminate for chronic problems
      • Need to define what is chronic
    • Vendor may try to limit recourse to service credits
      • Should also get damages if otherwise entitled

The End of the Relationship

  • Better to negotiate the end of a relationship while coming into it
  • What is the plan to change vendors if needed?
  • How long would it take to switch to another solution?
  • Is there a need for the vendor to provide transitional services?
  • Be sure you are entitled to a copy of our data
  • If complex and mission critical may need to negotiate “wind down” terms

The Contract—Get it in Writing

Core Terms

  • Summarize the core, material things you want in a “term sheet”
  • Compare term sheet to contract.
  • Find the relevant language—be sure it matches expectations
    • Don't be afraid to ask questions
      • Where is it?
      • This doesn't make sense please explain…
      • you will often be surprised at the answers!

Other important Issues

  • License Grant
    • Be sure it allows our intended use—
      • how you use it, what you will use it for, who will use it
      • known as the “field of use” limitation on the license grant
  • Will your customers/contractors be using the service?
    • If so, be sure license allows our customers/contractors to use the service
      • Depending on vendor license model may/may not matter

Data Ownership rights, security, backups, and conversion

  • Be sure you own the data you provide to the service and get a copy when agreement terminates or expires
  • Do you need the supplier to help transfer data to a new supplier or to us?
  • Understand how the provider can use, aggregate, or manipulate your data
  • Identify requirements to protect the security and confidentiality of the data including SOC audit
    levels and specific data security practices
  • Be sure that the provider agrees to a specific schedule for performing and testing backups
  • Warranties regarding data security, alteration and loss
  • Disaster recovery and business continuity plan
  • Compliance with applicable law— if you know about specific laws can call them out, e.g., HIPAA, GDPR, US state privacy laws
  • Approval to allow regular audits and security evaluations (12 months is market)
  • Specify data restoration requirements if applicable

Special Consideration: PHI and PII and Data Privacy Law

  • Are they handling, using, distributing, or accessing PHI or PII?
    • How are they protecting this special data?
    • Do you need a BAA?
    • If PHI or PII involved likely need very large limitation of liability
    • Talk to CISO and/or Legal

Intellectual property

  • Who will own what? Who has a license to what?
  • Crucial to think through when provider is developing software or implementing services
    • You need unfettered ability to use the IP you are paying for
    • Provider needs to re-use IP for its other customers, i.e., to run its ongoing business
  • Usually one party doesn't need to own the IP if it can have a license to use and distribute “as if” it owned the IP
  • Becomes a stickier situation when IP being created could be patentable
    • Only the party who owns title can patent the concept around the IP

Breach, Disputes and Ability to Recover Damages

Assignment of the Agreement and Applicable Law & Forum for Disputes

Assignment of the Agreement

  • Need the ability to assign the agreement without vendor consent if you sell the business

Applicable Law, Jurisdiction & Forum

  • Which law applies to interpretation of the agreement and to any disputes?
  • Where will dispute be resolved?

Identify Risks and Vendor Promises to Remedy

  • What are the risks to you or your customers, or your customers' customers from using the service?
    • Which of those risks are in the control of the service provider?
    • How are they promising to reduce/prevent those risks?
  • How much liability will the supplier take on? Is it satisfactory considering their service and how much you are paying them?

Insurance and Indemnification

  • Where appropriate be sure vendor has enough insurance to cover data loss, breach or business interruptions
  • May need high limits of liability on data loss & security and compliance remediation vendor handles or helps secure PHI/PII
  • Requires one party to pay for defense costs and any damages awarded/settlement amounts when a third party makes a particular claim – needs to be tailored to your situation/business.
  • Ensure the contract has indemnification for:
    • data loss or damage and security breaches
    • intellectual property infringement
  • Indemnification should be defined as direct, rather than indirect damages
  • Indemnification only valuable to the extent the other party has means (insurance or cash) to pay for it

Limitation of Liability

Needs to be reasonable for price paid and service being provided

  • Often the most important provision in an agreement
    • Defines maximum amount vendor has to pay no matter what they do
  • Should balance potential financial losses you as the customer can incur and the
    financial risk the supplier is willing to take given the revenue
  • Usually a relatively low limitation of liability for most claims, e.g., fees for one year of services and then carve out or “super cap” for some claims that are less likely but can be significantly more costly and thus have a much higher limitation of liability
  • Carve-outs often include: indemnification, confidentiality, claims covered by
    insurance, security breaches and IP infringement

Have questions? Contact us for guidance in the nuances of vendor negotiations and commercial technology transactions.

About the Author

Tom McKeever

Leverage Tom's deep technology law experience and solid business judgment to your unfair advantage.


There are no comments for this post. Be the first and Add your Comment below.

Leave a Comment