A vendor, consultant, or service provider sends you a service agreement to sign. It covers the work they will do for you — IT support, marketing services, cleaning, consulting, software, or any other professional service.
The agreement looks standard. It probably is, in the sense that it standardly protects the provider at your expense.
These 10 checks will help you spot unfavorable terms before you commit.
1. Scope of Services: What Exactly Are You Getting?
The scope clause defines what the provider will deliver. If it is vague, you will pay for services you thought were included but were not.
What to look for:
- Specific services listed, not general categories
- What is explicitly excluded from the scope
- Deliverable formats and standards
- Frequency and schedule of services
- Named personnel or team qualifications
Red flag: "Provider will deliver professional services as mutually agreed upon." This means nothing is guaranteed.
What to do: Require a detailed scope document as an exhibit to the agreement. List specific tasks, deliverables, timelines, and acceptance criteria. If the provider cannot define the scope clearly, they cannot deliver it reliably.
2. Pricing and Payment Structure
Look beyond the headline price. Service agreements often include fees that surface only after signing.
What to look for:
- Base fee and what it covers
- Per-unit, per-hour, or overage charges
- Price escalation clauses (annual increases)
- Expenses and pass-through costs
- Invoice schedule and payment terms
- Late payment penalties
Red flag: "Fees subject to adjustment at Provider's discretion" or annual increases tied to an unspecified index.
What to do: Lock in pricing for the initial term. Cap annual increases (3-5% or CPI, whichever is lower). Require written approval before any charges beyond the base fee. Specify that expenses above a threshold (e.g., $500) need your pre-approval.
3. Service Level Commitments
If the provider promises a certain level of performance, it should be in the contract with defined remedies.
What to look for:
- Measurable performance standards (uptime, response time, delivery deadlines)
- How performance is measured and reported
- Remedies for missed SLAs (service credits, fee reductions, right to terminate)
- Exclusions from SLA calculations
- Escalation process for recurring failures
Red flag: "Provider will use commercially reasonable efforts to deliver services." This is a best-effort commitment with no teeth.
What to do: Define specific, measurable SLAs with meaningful remedies. For example: "99.9% uptime measured monthly; each 0.1% below target results in a 5% service credit." If the provider will not commit to SLAs, reconsider whether they can deliver what you need.
4. Liability Caps and Indemnification
These clauses determine who pays when things go wrong. Service providers typically limit their own liability while maximizing yours.
What to look for:
- Liability cap amount (should be mutual)
- Whether consequential and indirect damages are excluded
- Indemnification obligations (mutual or one-way)
- Carve-outs from the liability cap (IP infringement, confidentiality breach, willful misconduct)
- Insurance requirements and minimum coverage amounts
Red flag: Provider's liability capped at "fees paid in the prior month" while your indemnification obligation is unlimited.
What to do: Negotiate a mutual liability cap at 12 months of fees paid. Ensure indemnification runs both ways. Require the provider to carry professional liability, general liability, and cyber liability insurance with minimum coverage amounts specified in the agreement.
5. Data Handling and Confidentiality
If the provider will access your business data, customer data, or proprietary information, the agreement must address how that data is handled.
What to look for:
- Data ownership (your data remains yours)
- Data security standards and certifications
- Data breach notification requirements and timeline
- Data return or destruction upon termination
- Subprocessor restrictions (can they share your data with third parties?)
- Compliance with applicable privacy laws (GDPR, CCPA, state laws)
Red flag: "Provider may use aggregated and anonymized client data for any purpose." Depending on definition of "aggregated," this could include your proprietary business information.
What to do: Ensure the agreement explicitly states that you own all your data. Require breach notification within 24-72 hours. Restrict the provider from sharing data with subprocessors without your approval. Include a data processing addendum if personal data is involved.
6. Termination Rights
How do you exit the agreement if the provider underperforms or your needs change?
What to look for:
- Termination for cause (material breach, with cure period)
- Termination for convenience (with advance notice)
- Early termination fees or penalties
- Minimum commitment period
- Transition assistance obligations
- Data return upon termination
Red flag: No termination for convenience, combined with an automatic 12-month renewal. This locks you in with no exit short of proving breach.
What to do: Always negotiate termination for convenience with 30-60 days' written notice. If the provider requires an early termination fee, cap it at a reasonable amount (e.g., one to three months of fees). Require transition assistance at no additional charge for 30 days post-termination.
7. Auto-Renewal Terms
Many service agreements auto-renew unless you actively cancel. Miss the window, and you are locked in for another term.
What to look for:
- Whether the agreement auto-renews
- Renewal term length
- Notice period for non-renewal
- Whether pricing changes on renewal
- Whether terms change on renewal
Red flag: 12-month auto-renewal with a 90-day notice requirement for non-renewal. This means you must decide three months before the term ends or you are committed for another year.
What to do: Mark the non-renewal notice deadline in your calendar the day you sign. Negotiate a shorter notice period (30-60 days). If possible, convert auto-renewal to month-to-month after the initial term.
8. Change Order Process
Business needs change. The agreement should define how scope changes are handled without renegotiating the entire contract.
What to look for:
- Formal change order process
- Written approval required before additional work begins
- Pricing for additional services
- Impact on timelines and existing deliverables
- Who can authorize change orders on each side
Red flag: No change order process. The provider adds services and bills you, or you request changes and the provider claims they are out of scope.
What to do: Require all scope changes to go through a written change order signed by both parties before work begins. The change order should specify the additional scope, cost, and timeline impact.
9. Intellectual Property and Work Product
If the provider creates anything for you — reports, software, designs, strategies — who owns it?
What to look for:
- Ownership of custom work product
- License rights to provider's pre-existing tools and methodologies
- Whether the provider can reuse your custom work for other clients
- Assignment of IP upon payment
- Rights during a dispute (can the provider withhold deliverables?)
Red flag: "All tools, methodologies, and work product developed by Provider remain the exclusive property of Provider, including any customizations made for Client."
What to do: Negotiate ownership of custom work product created specifically for you. Accept a license (not ownership) for the provider's pre-existing tools and platforms. Ensure the provider cannot withhold your data or deliverables during a payment dispute.
10. Force Majeure and Business Continuity
What happens if the provider cannot deliver due to events beyond their control?
What to look for:
- Defined force majeure events
- Provider's obligations during a force majeure event
- Your right to terminate if the disruption exceeds a certain period
- Business continuity or disaster recovery commitments
- Whether the provider must maintain backup systems or redundancy
Red flag: A broad force majeure clause that includes "labor shortages," "supply chain disruptions," or "technology failures" — essentially excusing the provider from performing under common business challenges.
What to do: Narrow the force majeure clause to truly extraordinary events (natural disasters, government actions, pandemics). Set a threshold — if the disruption exceeds 30-60 days, you should have the right to terminate without penalty. Require the provider to maintain a business continuity plan.
Quick-Reference Checklist
| # | Check | Pass? | |---|-------|-------| | 1 | Scope is specific with defined deliverables and exclusions | | | 2 | Pricing is locked with capped escalation and no hidden fees | | | 3 | SLAs are measurable with meaningful remedies | | | 4 | Liability cap is mutual and reasonable | | | 5 | Data handling protects your ownership and privacy | | | 6 | Termination for convenience is available with reasonable notice | | | 7 | Auto-renewal deadline is calendared with manageable notice period | | | 8 | Change orders require written mutual approval | | | 9 | You own custom work product created for you | | | 10 | Force majeure is narrow with a termination trigger | |
Create Your Own Service Agreement
When you control the terms, you set the standard. Draft a service agreement that protects your business from the start.
Create a service agreement on contract.diy — with SLA templates, liability provisions, and termination clauses built in. Or browse all contract types to find the right template.