Don’t skip vendor due diligence when buying enterprise software

It’s all too easy to skip vendor due diligence when buying enterprise software. This is an important part of the evaluation and selection process that can help avoid starting a business relationship with a vendor that just will not work in the long term.

Make time for vendor due diligence

Make time for vendor due diligence

Credit: Copyright: 123RF Stock Photo

When making an enterprise software purchase, even a relatively small one, you want a long-term relationship with a software vendor. You really want them to be a reliable and productive part of your team. When considering a long-term relationship, what signs might suggest there are storm clouds on the horizon?

It is too easy for organizations to be caught up in the excitement of a new purchase and not perform due diligence on the vendor. This can be a big mistake, especially when buying business critical software from smaller enterprise vendors. Due diligence is investigating vendors before the purchase so comments like this are not made: “If I had known that about this vendor, we would not have bought their product!”

A while ago, we were helping a client select call center software. There were several products that looked great from a feature perspective. However, when we looked at the vendors, I was left feeling that it was a bit like buying a second-hand car. And how much do you trust a second-hand car sales person when they glibly assure you that some noise in the vehicle is nothing to worry about?

The last thing you want to find out after the purchase is the vendor is not as substantial as you had hoped, and just can’t support their product the way you need. Here are some core vendor due diligence requirements that you should examine before making the purchase.

Due Diligence

To prime your thinking, below are some requirements we use at Wayferry. Create a system to rate each due diligence requirement for importance to you (the same concept as rating functional requirements for importance). Then measure how well the vendor scores against these requirements (the same concept as scoring products against requirements). Use a rating scale where 100 percent means all the requirements are fully met.

5 years in business under one name. A vendor that has weathered a few years in the market has less risk. Disreputable vendors regularly change their name to escape a bad reputation. You would like the vendor to have been actively operating under the same legal name and “trading as" name for at least the past five years. To get an idea of their history, use a tool like DomainTuno to see how long their website has been around. Note: this does not apply if the company is a spin-off or the result of a corporate breakup

Broken links on website. Use a tool like the W3C Link Checker to test for broken links on the website. There should not be any. If there are broken links, this suggests a level of sloppiness in the vendor that can extend to the product and tech support.

Poor corporate communication. Things like minimal or no postings on Twitter, no press releases page on the website, only occasional corporate blog postings, e.g. 3 or 4 per year. All of this means the vendor does not put much effort into customer communication, which can suggest a lower quality tech support experience.

Inadequate LinkedIn presence. You are looking for stability and growth. The company should have an established LinkedIn presence with a current corporate page. There are an appropriate number of employees listed on LinkedIn, and some of them have been with the company a reasonable length of time. You can also search LinkedIn for people who worked at the company but have left, and try reaching out to them. They might provide invaluable insight into that vendor, especially if you can get talking to them on the phone.

Presence on reference sites like Established companies are almost always listed on Hoovers, but companies that change their name because of a bad reputation will not be listed. Hoovers is also another way to get a company address if it is not listed on their website. The free version of Hoovers provides good basic information, and you can always purchase a detailed report.

Glassdoor reputation. Glassdoor is a place where employees anonymously rate a company. You are looking for an average rating of 3 out of 5 or higher and ratings from at least 15 to 20 employees. If employees are not happy working for the company, you can be sure things like tech support and the product development roadmap will suffer.

Job postings on external sites. Does the vendor have any postings on public job sites like,, or the more specialist job sites? A lack of any job postings is not necessarily bad, but it does warrant further investigation. Some active job postings suggest the vendor is growing. Note that job postings on the vendor website do not count for this requirement.

Management team. Does the vendor website list their management team, along with biographies? If not, why not? What are they hiding? Interestingly enough, when researching VoIP phone services and SaaS call center software very few companies have anything about their management teams, which doesn’t inspire confidence. Management should also have their resumes on LinkedIn, and most of them should have 500+ connections. It's hard to fake this, so that lends credibility to the team.

Investor team. This only applies to private companies. Reasonably well-known investors add a great deal of credibility to a company. Investors who understand the business can help it, and you can judge this from perusing other companies in the investor’s portfolio.

Phone numbers listed. Does the vendor provide phone numbers? Have you called them, and did you get the expected response, or do you always get voicemail? You will be surprised how many smaller SaaS vendors don’t list a phone number. This could suggest they are more interested in your money than having a customer.

Street address listed. If it is, is there any evidence the company is actually there? For example, are they listed on Google Maps, or can you see a confirmation of that address in Google street view (i.e. you can see the name of the company on a sign or building)? Check on LinkedIn: How many employees are at that location? If very few or no employees list the corporate location on their personal LinkedIn page, you can be confident that something is not right.

Pre-sales access. Particularly for cloud software, the vendor should provide pre-sales access to the system. If they don’t, how do you know it is a current product, and not still under development? See Promises, promises: A look at Waste Management's case against SAP for an example of this type of problem. Likewise, the vendor should provide pre-sales tech support so you can verify how well they respond to real issues encountered evaluating the products, and the quality of that response.

A comment on software price

Some software buyers, especially those in government, like to squeeze vendors, especially smaller vendors, for the lowest possible price. This is a very shortsighted approach. See Lessons to be learned from a project nightmare by Bart Perkins for an example of what happens when you buy solely based on price. Although this example concerns software implementation rather than software purchase, the principle is the same: it is in your best interest to pay a fair price for what you are buying. You want a financially sound vendor who can continually improve their product, not one that is going to fail. Also, when it comes to selecting enterprise software, you need to be especially careful when one vendor is substantially cheaper than all their competition.


While a low score on any one of these individual factors is not a big deal, you are looking at the overall score. For example, vendors that score less than 50% are best avoided while vendors that score more than 80% will have a reduced risk of problems after the purchase. Examining enterprise software vendors against these requirements, particularly smaller vendors, helps prevent you from buying from a vendor who is ultimately unsuitable in the long term.

This article is published as part of the IDG Contributor Network. Want to Join?

Download the CIO October 2016 Digital Magazine
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies