PHASE 1: TRIAGE (5 minutes)
  - Identify contract type (SaaS, services, licensing, employment, NDA)
  - Determine your party's position (buyer/seller, licensor/licensee)
  - Note contract value and term
  - Flag overall risk level for appropriate review depth

PHASE 2: STRUCTURAL SCAN (10 minutes)
  - Verify all standard sections present
  - Check for missing critical clauses
  - Note any unusual structure or ordering
  - Identify exhibits, schedules, and SOWs

PHASE 3: CLAUSE-BY-CLAUSE REVIEW (bulk of time)
  - Review each clause against standard/market terms
  - Score risk level per clause
  - Draft redline markup for non-standard terms
  - Note clauses requiring business input

PHASE 4: RISK SUMMARY AND REDLINE (10 minutes)
  - Compile risk register
  - Prioritize redlines (must-have vs nice-to-have)
  - Draft negotiation talking points
  - Prepare executive summary

LEGAL RISK:
  - Uncapped liability exposure
  - Broad indemnification obligations
  - Unfavorable dispute resolution
  - Non-compliant data handling terms
  - IP ownership ambiguity

FINANCIAL RISK:
  - Unfavorable payment terms (net 90+, prepayment)
  - Auto-renewal with price escalation
  - Penalties and liquidated damages
  - Hidden fees or pass-through costs
  - No cap on expense reimbursement

OPERATIONAL RISK:
  - Unrealistic SLA commitments
  - Exclusivity or non-compete restrictions
  - Key person dependencies without backup
  - Audit rights without reasonable limitations
  - Change control process gaps

REPUTATIONAL RISK:
  - Press release or reference rights
  - Non-disparagement clauses (asymmetric)
  - Association with controversial terms
  - Public disclosure of agreement terms

RISK SCORE = LIKELIHOOD (1-5) x IMPACT (1-5)

Impact Scale:
  1 = Negligible (< $10K exposure)
  2 = Minor ($10K - $100K exposure)
  3 = Moderate ($100K - $1M exposure)
  4 = Major ($1M - $10M exposure)
  5 = Critical (> $10M or existential risk)

Likelihood Scale:
  1 = Rare (< 5% probability)
  2 = Unlikely (5-20%)
  3 = Possible (20-50%)
  4 = Likely (50-80%)
  5 = Almost Certain (> 80%)

RISK RESPONSE:
  20-25: CRITICAL - Must negotiate before signing
  12-19: HIGH - Strong redline, escalate if rejected
  6-11:  MEDIUM - Request change, may accept with mitigation
  1-5:   LOW - Note for record, accept if needed

STANDARD MARKET TERM:
  "Each party's aggregate liability shall not exceed the total fees
   paid or payable in the 12 months preceding the claim."

COMMON CARVE-OUTS FROM CAP (typically unlimited):
  - IP infringement indemnification
  - Breach of confidentiality
  - Gross negligence or willful misconduct
  - Data breach obligations
  - Payment obligations

RED FLAGS:
  - No liability cap at all
  - Cap set at contract value (too high for vendor)
  - No carve-outs for data breach or IP infringement
  - Consequential damages excluded for only one party
  - "Super cap" carve-outs that effectively eliminate the cap

REDLINE POSITIONS:
  Conservative: Cap at 12 months fees, mutual carve-outs
  Moderate: Cap at contract value, reasonable carve-outs
  Aggressive: Lower cap (6 months), broad exclusions of damages

ANATOMY OF INDEMNIFICATION CLAUSE:

TRIGGER:
  "Party A shall indemnify Party B against claims arising from..."
  - IP infringement by Party A's deliverables
  - Breach of representations and warranties
  - Gross negligence or willful misconduct
  - Violation of applicable law

PROCEDURE:
  - Prompt written notice requirement
  - Control of defense (indemnifying party typically controls)
  - Cooperation obligations
  - Settlement approval rights
  - Mitigation obligations

RED FLAGS:
  - Indemnification for "any and all claims" (too broad)
  - No notice requirement or short notice window
  - Indemnified party controls defense at indemnitor's expense
  - No right to approve settlements
  - Indemnification survives indefinitely

REDLINE POSITIONS:
  Standard: Mutual indemnification for IP, breach, negligence
  Protective: Add reasonable notice period, defense control, settlement consent
  Aggressive: Narrow triggers, cap indemnification at liability cap

TERMINATION PROVISIONS:

FOR CAUSE:
  - Material breach with cure period (30-60 days standard)
  - Insolvency or bankruptcy filing
  - Change of control (sometimes)
  - Failure to meet SLAs (after remediation period)

FOR CONVENIENCE:
  - Written notice period (30-90 days standard)
  - Pro-rata refund of prepaid fees
  - Wind-down obligations
  - Transition assistance

POST-TERMINATION:
  - Return or destruction of confidential information
  - Data export / transition period
  - Survival of certain clauses
  - Final invoicing and payment

RED FLAGS:
  - No termination for convenience right
  - Immediate termination without cure period
  - No refund of prepaid fees on termination
  - Excessive termination penalties
  - No transition assistance period
  - Automatic destruction of your data

OWNERSHIP FRAMEWORK:

BACKGROUND IP:
  Each party retains ownership of pre-existing IP
  License granted only as needed to perform under agreement

FOREGROUND IP (work product):
  - "Work made for hire" vs assignment vs license
  - Who owns custom developments?
  - Joint ownership provisions
  - Rights to derivative works

RED FLAGS:
  - Vendor retains ownership of all custom work
  - Broad license to use customer data/content
  - "Work for hire" language without proper assignment
  - No license back for vendor's tools/methodologies
  - Vague "improvements" ownership
  - Restrictions on using competitive products

REDLINE POSITIONS:
  Customer-favorable: Customer owns all custom deliverables
  Balanced: Customer owns custom; vendor retains tools/methodologies with license
  Vendor-favorable: Vendor retains all IP, customer gets license

DATA PROTECTION CLAUSE ESSENTIALS:

MUST INCLUDE:
  - Definition of personal data and processing activities
  - Roles (controller vs processor)
  - Processing instructions and limitations
  - Sub-processor management (notice, approval)
  - Security measures (technical and organizational)
  - Breach notification (timing, content)
  - Data subject rights assistance
  - Audit rights
  - Data return/deletion on termination
  - Cross-border transfer mechanisms (SCCs, adequacy)

RED FLAGS:
  - No Data Processing Agreement (DPA) at all
  - DPA not GDPR/CCPA compliant
  - Unrestricted sub-processor appointment
  - No breach notification obligation
  - No data deletion on termination
  - Broad rights to use customer data
  - Missing cross-border transfer safeguards

MARKUP FORMAT:

[ADDITION] = New language to add (shown in brackets)
[DELETION] = Language to remove (strikethrough in Word)
[MODIFICATION] = Changed language (tracked change)

COMMENT NOTATION:
  [MUST-HAVE] - Non-negotiable position
  [STRONG PREFERENCE] - Strongly prefer this change
  [NICE-TO-HAVE] - Would improve terms, but can concede
  [BUSINESS INPUT NEEDED] - Requires business team decision
  [LEGAL RISK] - Flagged for legal review

PRIORITY CODING:
  P1: Must resolve before signing (deal-breaker if rejected)
  P2: Strong preference, expect to negotiate
  P3: Opening position, prepared to concede
  P4: Cosmetic or clarification only

ASSESS YOUR LEVERAGE:

HIGH LEVERAGE (you have options):
  - Multiple competing vendors
  - Large deal value relative to vendor revenue
  - Long-term commitment being offered
  - Strategic account for vendor
  - Vendor initiated the deal

LOW LEVERAGE (they have options):
  - Sole-source / no alternatives
  - Small deal value
  - Short-term engagement
  - Commodity service
  - You initiated / urgently need solution

LEVERAGE TACTICS:
  High leverage: Lead with must-haves, concede P3s as goodwill
  Balanced: Trade concessions (give on term, get on liability cap)
  Low leverage: Focus on P1s only, accept standard terms elsewhere

ROUND 1: INITIAL REDLINE
  - Include all P1, P2, and P3 positions
  - Provide brief rationale for each change
  - Set professional, collaborative tone

ROUND 2: RESPONSE TO COUNTER
  - Accept reasonable P3 counter-positions
  - Hold firm on P1 items with explanation
  - Propose compromise language on P2 items
  - Identify trade opportunities

ROUND 3: FINAL POSITIONS
  - Resolve remaining P1 and P2 items
  - Escalate unresolved P1 items to business sponsors
  - Document any agreed exceptions
  - Prepare final execution version

DEADLOCK RESOLUTION:
  - Suggest alternative language that addresses both concerns
  - Propose risk mitigation (insurance, escrow, guarantees)
  - Escalate to executive sponsors
  - Consider side letter for sensitive terms
  - Walk away if P1 items cannot be resolved

RISK REGISTER:

| # | Clause | Section | Risk Level | Issue | Redline Position | Priority |
|---|--------|---------|-----------|-------|-----------------|----------|
| 1 | Liability Cap | 8.1 | HIGH | Uncapped liability | Cap at 12 mo fees | P1 |
| 2 | Indemnification | 9.2 | HIGH | One-sided | Add mutual indemnity | P1 |
| 3 | Data Protection | 11 | HIGH | No DPA | Add GDPR-compliant DPA | P1 |
| 4 | Termination | 6.2 | MEDIUM | No convenience right | Add 90-day notice | P2 |
| 5 | IP Ownership | 10.1 | MEDIUM | Vendor retains custom | Customer owns custom | P2 |
| 6 | Auto-Renewal | 6.1 | LOW | 60-day notice | Extend to 90 days | P3 |

EXECUTIVE SUMMARY:
  Total clauses reviewed: ___
  Critical risks identified: ___
  High risks identified: ___
  Must-negotiate items: ___
  Estimated negotiation rounds: ___
  Recommendation: Proceed / Proceed with changes / Do not proceed

FINAL REVIEW:

PARTIES AND EXECUTION:
  - [ ] Legal entity names correct and complete
  - [ ] Signatories have authority
  - [ ] Effective date specified
  - [ ] All exhibits and schedules attached
  - [ ] All blanks filled in (no TBDs remaining)

COMMERCIAL TERMS:
  - [ ] Pricing matches proposal/negotiation
  - [ ] Payment terms acceptable
  - [ ] Term and renewal provisions clear
  - [ ] SLAs and metrics defined

LEGAL PROTECTIONS:
  - [ ] Liability cap in place
  - [ ] Indemnification is mutual
  - [ ] Termination rights adequate
  - [ ] IP ownership clear
  - [ ] Confidentiality provisions mutual

COMPLIANCE:
  - [ ] Data protection addendum attached (if personal data)
  - [ ] Governing law and jurisdiction reviewed
  - [ ] Insurance requirements reviewed
  - [ ] Regulatory compliance addressed
  - [ ] Export control provisions (if applicable)

INTERNAL APPROVALS:
  - [ ] Legal approval obtained
  - [ ] Finance/procurement approval obtained
  - [ ] Business owner approval obtained
  - [ ] Any required board/executive approval obtained