Vendor contracts are always a tough topic. You always want to protect yourself or your company, but you also don’t want to be so restrictive that the vendor feels handcuffed. Just like the agile method of developing, you want to have your vendor contract have the flexibility to allow for those frequent changes and pivots, without being a runaway cash train.
I also like to establish a way for major red flags with a project to be brought to the table and addressed in a group. It’s similar to a whistleblower clause. If anyone feels there is something dangerous or legally risky being done, they have a clear place to take the issue to be addressed and that group is responsible for its resolution and logging of the issue. This helps both sides mitigate that type of risk.
Finally, you want to make sure information management issues are addressed as tightly as possible. Since we do all B2B, we often don’t run into a lot of personal information, just business information. We do try to address the information management and security issues in many different ways to ensure data isn’t leaked, stolen or used for anything outside of our own analysis to make our services better.