Vendor agreements range between a simple office purchase and an outsourced function that touches customers, funds, systems, personal data, intellectual property, or regulated activity. The contract should fit the dependency. Procurement savings mean little if the business cannot identify the deliverable, verify an invoice, control access, respond to an incident, or move the work at exit. A good review begins with operational and financial facts, then assigns risk through the agreement and internal controls. Tax, GST, MSME status, labour, data, security, IP, sector, insurance, and cross-border questions may apply. Procurement and the business owner need a focused brief before independent counsel reviews the draft. Current law and official requirements should be checked for the supplier, service, location, and payment arrangement before signature.
Rate the dependency before the clauses
Ask what the supplier receives and what the company loses if the service stops. Does the vendor access production systems, personal data, source code, facilities, payment instructions, customers, regulated records, or confidential strategy? Can another supplier take over quickly? Is the work performed by named people, subcontractors, or a shifting pool? Record business owner, data owner, system owner, budget owner, and exit owner. Then set the diligence depth. A low-value courier and a payroll processor should not pass through the same questions. Check the supplier's entity identity, tax and GST details, beneficial ownership where relevant, and licences. Then look beyond the paperwork. Experience evidence, references, insurance, financial stability, security practices, conflicts, sanctions, and litigation deserve scrutiny in proportion to risk. Save the evidence and decision. A contract cannot compensate for onboarding a supplier the business never understood.
Repeat the check at renewal.
- Operational and customer dependency
- System, data, and facility access
- Replacement time and concentration risk
- Risk-based diligence evidence
- Named internal owners
Write scope around proof and acceptance
Define services, deliverables, service locations, volumes, milestones, staffing, customer inputs, exclusions, and assumptions. Link each invoice to a purchase order, milestone, usage record, timesheet, or other agreed evidence. Acceptance should use criteria the business owner can test. If work is recurring, state reporting, service hours, request channels, priority levels, planned maintenance, and escalation. A supplier should not be able to replace key personnel or add subcontractors without the agreed notice or consent where that change matters. If personnel work at company premises or under company direction, review labour, safety, access, and classification issues. Avoid detailed service levels that nobody measures. Choose the few indicators that reveal whether the dependency is healthy. The business owner and finance reviewer should sign off on the scope and payment logic before procurement releases the agreement.
- Measurable services and deliverables
- Customer dependencies and exclusions
- Invoice support and acceptance
- Key people and subcontractor controls
- Useful service reporting
Align payment with tax and supplier status
Confirm the supplier's legal name, PAN, GST registration where relevant, bank details, invoice requirements, MSME or Udyam status, and place of supply before payment terms are fixed. Tax deduction, GST, reverse-charge, foreign remittance, and documentation questions should go to the finance and tax professionals. The Micro, Small and Medium Enterprises Development Act can affect payment and dispute analysis for qualifying suppliers, so collect current evidence rather than relying on a logo in an email signature. State invoice submission, dispute notice, undisputed payment, credits, set-off, expenses, taxes, and bank-change verification clearly. Avoid a process where a minor invoice error silently restarts every clock without notice. Internally, separate vendor creation, bank-detail change, invoice approval, and payment release where possible. Check current official rules, classification, and portal records at onboarding and renewal.
Keep that evidence with the contract.
- Verified entity, tax, and bank data
- Current MSME or Udyam evidence
- Invoice and dispute process
- Tax and foreign-payment review
- Independent bank-change verification
Plan continuity and exit before access begins
Set security, confidentiality, data, intellectual-property, business-continuity, audit, incident, insurance, and regulatory duties to match the service. Define notification routes and cooperation if something goes wrong. Ownership and licence terms should distinguish company materials, supplier tools, new deliverables, and third-party content. At exit, state what happens to work in progress, prepaid fees, company property, credentials, data, backups, records, subcontractors, and transition help. Decide whether termination for convenience is needed and how committed costs are handled. Critical vendors may require an exit plan outside the contract, including replacement data formats and a tested recovery route. Review access periodically and close it promptly. The agreement should require support for lawful handover, but the company should not rely on a reluctant supplier to invent the plan after notice is served.
Test the exit route before renewal.
- Security and incident cooperation
- Background tools and new deliverables
- Continuity and recovery evidence
- Data, credential, and property return
- Priced transition support
Primary sources and further reading
- India Code: Indian Contract Act, 1872
- India Code: Micro, Small and Medium Enterprises Development Act, 2006
- GST portal: search a registered taxpayer
Rules and procedures change. Check the current official source and obtain advice for the facts of your matter.