Vendor Evaluation →

How to evaluate a technology vendor without getting sold to

An evaluation framework for executives signing major vendor contracts: the five questions the sales deck will never answer. Anchored on a G4S Justice engagement.

A few months ago, a CEO showed me a sales deck for a vendor he was about to sign with. Six-figure first year, projected to grow to seven over three years. The demo had gone well. The references had checked out. Everything in the deck added up. He told me he had a feeling something was off, and he could not articulate what. We spent an hour going through the deck together. By the end of the hour, the contract did not get signed. The reason had nothing to do with the demo, nothing to do with the references, and nothing to do with the price.

That hour is the post. The pattern repeats more often than it should. Smart operators get pulled through a well-orchestrated sales process and arrive at a signature decision without ever investigating the four or five things that actually determine whether a vendor contract turns into value or into a multi-year drag. The reason is structural. Vendor sales processes are designed to surface the product’s strengths. Vendor evaluation processes, if there is one at all, tend to test those same strengths from a different angle. Nobody is paid to look at the parts of the product the vendor would prefer you not look at, so they go uninvestigated until they show up as the reason the renewal conversation gets ugly two years in.

quadrantChart
title Vendor Maturity vs Fit
x-axis Low fit --> High fit
y-axis Low maturity --> High maturity
quadrant-1 Sign with clear eyes
quadrant-2 Promising, needs work
quadrant-3 Walk away
quadrant-4 Tempting trap
Polished demo, brittle support: [0.78, 0.32]
Roadmap aligned, weak ops: [0.72, 0.58]
Stable platform, wrong shape: [0.22, 0.82]
Right shape, right ops: [0.82, 0.85]
Fast-growth startup, narrow product: [0.55, 0.45]

What follows is the evaluation frame I run with clients. It is five questions, in order. Each one is a question the sales deck cannot answer for you, because the sales deck was written by people whose compensation depends on not answering it.

The vendor’s roadmap is a sales artifact, not a planning document

The roadmap slide in a vendor pitch is a marketing instrument. It exists to tell you that whatever your product is missing today will be there by next quarter, and that the vendor’s direction of travel is the same as yours. The slide is not lying, exactly. It is showing you the parts of the roadmap the sales team has been authorized to show. The actual roadmap, the one their product organization argues about in their quarterly planning, is a different document and you will not see it.

This matters because vendor priorities and customer priorities diverge predictably over time. A vendor in growth mode is building for the largest segment of the market that has not yet bought their product. If you are in that segment, the roadmap will feel like it was built for you. If you are in a more mature or more specialized segment, the things you need will keep getting bumped for whatever helps the vendor close the next ten deals in the segment they are chasing. That is not malice. It is how product organizations make decisions under resource constraint. It is also why customers of a vendor’s earlier product generation often feel, three years in, like they have been quietly deprioritized.

The diagnostic question is not “what is on your roadmap.” It is “tell me about a feature that a major customer asked for in the last year that you decided not to build, and why.” A vendor that cannot answer that question concretely either does not have a real planning process or is not willing to tell you about it. Either answer is informative. A vendor that can answer it is showing you how they make tradeoff decisions, which is exactly what you need to know to predict how they will treat your priorities once you are a customer.

The second diagnostic question is about the gap between the published roadmap and the engineering work. Ask to talk to a product manager, not a sales engineer, about a specific item on the roadmap. Ask what stage it is at, what the design tradeoffs were, and what would cause it to slip. The answer will tell you whether the roadmap is a real artifact of a real product process or whether it is a slide deck the sales team updates when they need a new version.

The exit clause you did not read is the exit clause that decides everything

The contract is where the deal you negotiated and the deal you actually signed diverge. Most executives spend their attention during contract review on the things the legal team is trained to flag: liability caps, indemnification, IP ownership, payment terms. Those matter. They are also the terms vendors expect you to push on, and they are usually negotiable within a known range. The terms that decide whether a vendor relationship becomes a long-term problem are different and tend to get under-examined.

Four contract questions matter more than the rest, and they all answer the same underlying question: what happens when you want to leave.

The first is data portability. What format does your data export in. Is the export self-service or does it require a support ticket. How long does the vendor commit to retaining data after termination. Is there a fee for export, and if so, is the fee capped. A vendor whose data export is “we will work with you on a transition plan” is telling you they have not thought about this from the customer side, or that they have thought about it from the customer side and prefer the friction. Either reading is bad.

The second is the price ladder. The first-year price you negotiated is rarely the price you will be paying in year three. The contract should specify the maximum annual increase, and it should specify what happens at renewal if you do not actively renegotiate. A vendor whose contract auto-renews at “then-current list price” is reserving the right to reprice you as your switching cost grows.

The third is the SLA definition. SLAs are written in a language that looks precise and turns out to be elastic. What counts as an outage. Is partial degradation a covered event or only complete unavailability. How are credits calculated, and are credits the only remedy or can you exit the contract for repeated breach. A vendor’s posture on SLA enforcement is a better predictor of their support culture than anything their sales engineer will say in the discovery call.

The fourth is the assignment and change-of-control clause. Vendors get acquired. You signed a contract with a company whose values and posture you evaluated. The acquirer may have neither. The assignment clause determines whether the new owner can hold you to the contract on the original terms, change the terms, or whether you have a clean exit on change of control. This was not an academic concern in the last cycle and will be less of one in the next.

What 2am support reveals about the engineering culture

The customer support function is the part of a vendor’s product that you experience under stress. The demo runs in a happy path. The support function is what handles every path that is not happy. The single most predictive interview you can run as part of vendor evaluation is a conversation with a current customer about a bad day they had with the vendor.

The questions are concrete. Walk me through your worst incident with this vendor in the last twelve months. How long did it take for a human to respond. Was that human in a position to resolve the issue or were they a triage function that escalated to someone else. Who actually resolved the issue, and how long did it take from first report to resolution. What was the post-mortem like. Did the vendor take responsibility, propose changes, follow up.

Most vendors will not let you do that conversation directly. They will offer reference customers, and those reference customers will have been screened and prepped. The workaround is to ask the vendor for a list of all their customers in your industry segment and then reach out to two or three on your own, ideally through your network rather than through the vendor’s introduction. Customers who were not chosen by the vendor as references will give you a more honest answer about what happens during incidents.

The other diagnostic on support quality is the structure of the on-call function itself. A vendor whose support tier-one is offshored to a contracted call center, with escalation paths that route through ticket triage rather than directly to engineering, is showing you what they will look like when your system breaks. There is nothing inherently wrong with offshored or tiered support. The problem is when the structure is designed to deflect escalation rather than to resolve incidents. A support function that is hard to escalate out of is a support function that has been designed to absorb customer dissatisfaction rather than to solve customer problems.

At G4S Justice Services, the work was building a GPS-based monitoring system for tracking parole offenders against geo-fenced coordinates. The product was sold to county and state justice agencies whose workflows depended on the system being available at the moment a monitored individual crossed a boundary. The buyers in that domain do not run software evaluations the way a SaaS buyer does. They run them the way an operations function runs them, because the cost of the system failing is not lost revenue, it is a parolee in a place they are not supposed to be and a public-safety incident on the local news. The vendor evaluation questions a justice-tech buyer asks are the same questions every executive should be asking and rarely does: who answers the phone when the system is down, what is their authority, and what happens if the answer is not good enough.

The lesson generalizes. Any technology contract worth signing should be evaluated against the question of what the worst day looks like. If the answer is not clear from the contract, the support documentation, and conversations with real customers, the answer is going to be discovered the hard way.

The architecture decides what your data is going to do for the next five years

The architecture conversation in vendor evaluation tends to get delegated. Sales engineering produces a diagram, the engineering side of the buyer reviews it, the executive side signs off based on the engineering side’s blessing. That works for some categories of decision and fails badly for others. The architectural decisions that matter most are not the ones that show up on the diagram. They are the ones that shape what your data can do once it is inside the vendor’s system.

Three architecture questions matter more than the rest.

The first is the data model. Vendor systems are built around a data model that reflects how the vendor understands their domain. That model is the lens through which everything you do with the system gets refracted. If the vendor’s data model assumes things about your business that are not true, every customization, every integration, every report will be working against the grain of the system. The diagnostic is to take a real piece of your business, something specific to how you operate, and ask the vendor’s engineering team how it would be represented in their system. The answer will tell you whether the data model maps cleanly to your reality or whether you are going to spend years writing workarounds against it.

The second is the integration surface. How does data get into and out of the system. Is the integration model push or pull, real-time or batch, vendor-controlled or customer-controlled. Are there APIs that match the operations you actually need to perform, or are the APIs structured around the vendor’s internal architecture rather than around the customer use cases. An integration surface designed for the vendor’s convenience rather than the customer’s use case is a long-term cost that does not appear in the contract.

The third is the multi-tenant architecture. Most modern SaaS vendors run a multi-tenant system, which is a reasonable architectural choice with real customer consequences. The relevant questions are whether your data is logically isolated or physically isolated, whether the security model assumes mutual trust between tenants, and what the blast radius is when another customer of the vendor has an incident. Multi-tenant architecture is not bad. Multi-tenant architecture without clarity on isolation is a risk you may not have priced.

Who actually answers when the vendor’s system breaks at 2am

The last question is the most direct version of the support question, and it deserves its own treatment because the answer reveals the most.

Call the support number on the vendor’s website. Right now, while you are still evaluating, before you have signed anything. See who answers. See how long they take. See whether they can help you with a question that requires actual product knowledge rather than ticket-routing. The vendor’s sales team will not love you doing this. Do it anyway. The cost is twenty minutes and the value is finding out, before you have committed to a multi-year contract, what the support experience actually looks like.

Then ask the vendor for a written runbook for P1 incidents. Not a marketing description of their support tiers, the actual runbook the on-call engineer follows. A vendor that has a real runbook will share it, redacted as needed. A vendor that does not have a runbook will produce a marketing artifact instead. Both responses are informative.

The underlying point across all five questions is that vendor evaluation is an act of skepticism, and skepticism is uncomfortable. The sales process is designed to make you comfortable. The evaluation process has to be designed by you, and the standard it has to meet is the standard your business will hold you to two years from now when the contract is in production and the things you did not check are the things that are causing problems. A six-or-seven-figure contract deserves six-to-twelve weeks of real work. Vendors that respect that timeline are vendors worth signing with. Vendors that pressure you to compress it are vendors whose behavior under pressure you have already seen, before you ever became a customer.

If you want a structured evaluation against a real contract you are considering, the fractional CTO engagement covers vendor evaluation as part of the broader technology decision portfolio. The questions above are the floor, not the ceiling.

Vendor Evaluation
Are Your Vendors AI-Ready, or AI-Washed?
A scored evaluation framework for separating vendors with real AI integration depth from those running a marketing-only AI story.

Frequently Asked Questions

What is the single biggest mistake executives make when evaluating a technology vendor?

They treat the demo as the product. The demo is a polished surface built by the vendor's best engineers, demonstrated by their best presenter, on a dataset chosen because it shines. The product you actually buy is the demo plus the support function, the data architecture, the contract, the roadmap politics, and whatever happens at 2am when something breaks. The single biggest mistake is signing based on the demo and never investigating the other four layers that determine whether you get value out of the contract.

How long should a technology vendor evaluation actually take for a six-or-seven-figure deal?

For a contract above one million dollars in total commitment, the evaluation should take six to twelve weeks of real work, not three demos and a reference call. That window should include a written architecture review, conversations with two or three customers chosen by you rather than by the vendor, a sandbox or proof-of-concept against your real data, a contract review with attention to exit terms and SLA definitions, and a conversation with the vendor's actual support team rather than their sales engineering team. Vendors who pressure you to compress that timeline are telling you something about how they will behave once the contract is signed.

How do you evaluate a vendor's support function before you become a customer?

Ask for the runbook. Ask what their P1 incident response time is in writing, what the median time-to-resolution looks like for the last quarter, and whether the on-call engineer is in your timezone or twelve hours away. Ask to speak to a current customer who has had a major incident and find out who actually answered the call. The vendor's account executive will give you a polished answer to all of this. The honest answer comes from a customer who has been through a bad day with them.

What contract terms matter most when evaluating a technology vendor?

Four terms decide whether you can leave cleanly. The first is data portability, including the format your data exports in and the timeline the vendor commits to. The second is the price ladder, the maximum annual increase, and what happens at renewal. The third is the SLA definition, including what counts as an outage, how credits are calculated, and whether credits are the only remedy. The fourth is the assignment and change-of-control clause, which determines what happens if the vendor gets acquired by someone you would never have bought from in the first place. Everything else is negotiable. Those four are the floor.

Shawn Livermore — Fractional CTO & Chief AI Officer
About the Author

Shawn Livermore

Fractional CTO and Chief AI Officer with nearly 3 decades of enterprise architecture experience. Clients include Kelley Blue Book, LERETA ($18B property tax processor), First American Financial, Carvana, WellPoint/Anthem, and PacifiCare. 92 client reviews, 5-star average.

View full background →

Need a fractional CTO or CAIO?

Technology leadership without the full-time headcount. Engagements start with a conversation.

Man writing a flowchart diagram on a whiteboard with a blue marker.