Contract Audit Checklist (Printable)
Use this to mark what's explicitly in the contract, and what's missing or negotiable.
Print from your browser (File → Print). Checkboxes won't save between visits (no JavaScript).
Section 1: Basic Contract Terms
Foundations of your agreement and renewal obligations
| Done | Checklist item | Notes |
|---|---|---|
|
Auto-renewal clause present and terms clear? Look for: How many days' notice required to prevent renewal? Is notice timing reasonable? |
||
|
Termination for convenience clause with notice period? Look for: Can you exit without cause? What's the notice requirement (30, 60, 90 days)? |
||
|
Price escalation limits documented? Look for: Is there a cap on annual price increases? Are indexing methods (CPI, inflation) defined? |
||
|
Contract term matches library's budget cycle? Look for: Does renewal align with your fiscal year? Are pricing reviews scheduled appropriately? |
||
|
Renewal dates clearly marked in calendar? Look for: Have you documented all key dates (renewal, notice deadline, payment date)? |
Section 2: Data Ownership & Portability
Controlling your data and avoiding lock-in
| Done | Checklist item | Notes |
|---|---|---|
|
Who owns patron data vs. library data? Look for: Does vendor claim any ownership or perpetual license to patron records? |
||
|
Can you extract data? In what format and timeline? Look for: CSV, JSON, XML formats? Is data provided in standard schema or proprietary format? |
||
|
Are there extraction fees? Look for: One-time migration fees, data export charges, rush service premiums |
||
|
What happens to data if vendor fails? Look for: Escrow arrangement? Data return provision? Timeline for access? |
||
|
MARC records and bibliographic data portable? Look for: Can you export MARC records freely? Any vendor-added metadata restriction? |
||
|
Patron history and statistics extractable? Look for: Circulation history, usage reports, analytics data, can you get this without vendor involvement? |
Section 3: Service Levels & Uptime
Guarantees and penalties for system unavailability
| Done | Checklist item | Notes |
|---|---|---|
|
Uptime SLA defined (99.5%? 99.9%?)? Look for: A specific uptime percentage stated in the contract/SLA. 99.9% = ~8.6 hours/year downtime; 99.5% = ~43 hours/year |
||
|
What counts as "downtime" (scheduled maintenance excluded)? Look for: Are maintenance windows excluded? Is partial degradation counted? Emergency patches? |
||
|
Remedies for SLA failure (credits, termination)? Look for: Service credits (typical: 5-10% of monthly fees)? Right to terminate for repeated failures? |
||
|
Support response times by priority level? Look for: P1 response time (should be < 2 hours)? P2 and P3 defined? Business hours only? |
Section 4: AI & Data Usage
Vendor use of your data for machine learning and analytics
| Done | Checklist item | Notes |
|---|---|---|
|
Vendor uses library data for AI training? Look for: Explicit statement that library/patron data NOT used for model training? |
||
|
Vendor AI tools require explicit opt-in? Look for: Any AI features in the system? Do they require separate agreement? Can you disable them? |
||
|
Patron data protected from vendor analytics? Look for: Does vendor collect or analyze patron usage data? For what purposes? With what retention? |
||
|
AI clause includes bias testing requirements? Look for: Does vendor test AI outputs for demographic bias? How frequently? |
||
|
GDPR/CCPA compliance documented? Look for: Does contract address data privacy regulations? Data transfer agreements for international services? |
Section 5: Switching Costs & Lock-In
The hidden costs of leaving or changing vendors
| Done | Checklist item | Notes |
|---|---|---|
|
Processing/preparation fees for data export? Look for: Is standard export included? Are custom exports charged? Data formatting fees? |
||
|
Rush fees or expedited service costs documented? Look for: If you need data urgently, what premium will vendor charge? |
||
|
Staff retraining costs estimated? Look for: This is your cost, not vendor's, but estimate time/cost for staff to learn new system |
||
|
Integration/migration costs included in contract? Look for: Does vendor provide import assistance? One-time setup fees? Connection costs for ILS integration? |
||
|
Hidden fees for custom reports or exports? Look for: Professional services rates? Overage fees? Custom integration charges buried in appendix? |
Section 6: Security & Compliance
Protection of library and patron data
| Done | Checklist item | Notes |
|---|---|---|
|
Encryption standards for data in transit and at rest? Look for: TLS 1.2+ for transit? AES-256 for at-rest? Hardware security modules? |
||
|
Incident response and breach notification timeline? Look for: How quickly must vendor notify you of breach? What information provided? Legal compliance timeline? |
||
|
SOC 2 or equivalent security certification? Look for: Type II certification? When was last audit? Can vendor provide audit report? |
||
|
Regular security audits required? Look for: How often? Penetration testing? Right to audit on-site? Third-party auditor allowed? |
Section 7: Vendor Stability
What happens if the vendor changes hands or fails
| Done | Checklist item | Notes |
|---|---|---|
|
Vendor financial stability documented? Look for: Is vendor profitable? Have they disclosed funding? Any recent financial challenges? |
||
|
Key person dependencies identified? Look for: Is product dependent on one person? What's the succession plan? Team stability? |
||
|
Change of control clause (notification if vendor acquired)? Look for: Right to terminate if vendor acquired by competitor? Notice period? |