What About Data Breaches?
This is quite the comprehensive checklist that any decision maker in any IT dept. should have handy, but I might also add that it should also include and spell out in no uncertain terms the client's rights and responsibilities in the event the vendor's servers are hacked and data is breached. All too often when this happens it is the innocent client (and its clients) who bears the brunt of a breach. As long as we're spelling out/negotiating a memorandum of understanding between the parties, we may as well add data breaches while we're at it.