What checklist do I use before signing a new SaaS vendor?
A sober set of questions prevents regret three months later. Four blocks: data and hosting, security and compliance, contract and exit, operational integration. A vendor that does not send a DPA before signing will not send it later either.
Try this first
- 1Ask for DPA, sub-processor list, and hosting location (region and country), preferably before commercial negotiation.
- 2Ask for SOC 2 Type 2 or ISO 27001 report (NDA fine), and check the scope matches what they sell, not just marketing.
- 3Pin down contract items: notice period, price cap, data-export formats and retention after cancellation.
- 4Test SSO and SCIM before signing, without integration it becomes a recurring audit topic.
When to bring us in
If you need a repeatable onboarding process that does not feel like bureaucracy, we can design it.
See also
- New hire has an account but cannot reach Outlook or TeamsAn M365 account without a license is an empty shell. Assigning takes a few clicks, but picking the right plan pays off long-term.
- Employee left, but their email must be retainedPulling the license straight away starts a 30-day timer on the mailbox. The right route keeps access to the mail without paying for the license.
- We pay for licenses nobody usesBetween leavers, duplicate plans, and test accounts there is often 10-20% wasted license spend. A usage report exposes it fast.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.