The 32-point contract review checklist

This checklist captures the 32 things experienced commercial counsel check on a first-pass review. It's the same list ClauseSpark Redline uses internally as a fallback when a customer hasn't yet given us a playbook. Use it as a reviewer's reference, a training aid, or the seed of your own playbook.

1. Parties & recitals

1. Correct legal entities named. Trading name vs. registered entity. Match what's on the invoice.
2. Authorised signatories identified. Title-checked against the entity's authorised list.
3. Recitals match the deal. Background paragraphs are sometimes copy-pasted from a different deal.

2. Defined terms

4. Defined terms used consistently. "Software" vs. "Services" vs. "Platform" — each defined exactly once.
5. No undefined capitalised terms. A capitalised term that isn't defined is either a bug or a trap.
6. "Affiliates" definition appropriate. Counterparty-favourable definitions over-extend obligations.

3. Scope & deliverables

7. Statement of work / order form referenced. Master agreements should defer specifics to a SOW.
8. Acceptance criteria specified. Avoid "to Customer's reasonable satisfaction" — too vague.
9. Change-control process defined. How do additions to scope work?

4. Pricing & payment

10. Price-increase mechanics. Caps on annual increases. Index reference (CPI etc.).
11. Payment terms. Net-30, net-60 — match your finance team's policy.
12. Late-payment consequences. Service suspension rights, interest, cure periods.
13. Tax allocation. Who pays VAT/GST, withholding obligations, gross-up requirements.

5. Term & termination

14. Initial term length. Match commercial intent.
15. Auto-renewal mechanics. Notice period (90 days standard); silently renewing forever is a trap.
16. Termination for convenience. Symmetric or asymmetric? Notice period reasonable?
17. Termination for material breach. Cure period (30 days standard).
18. Effects of termination. Data return, refunds, ongoing obligations.

6. Liability & indemnity

19. Liability cap amount. 12 months of fees is a common standard.
20. Liability cap carve-outs. Confidentiality, IP indemnification, gross negligence — typically uncapped.
21. Consequential damages exclusion. Mutual.
22. Indemnification scope. Mutual, third-party-claim-scoped, with notice/control provisions.
23. IP indemnification. Provider indemnifies for IP claims arising from the Services.

7. Data protection & security

24. DPA attached or referenced. Required for any contract involving personal data.
25. Sub-processor handling. Notification, approval rights, downstream obligations.
26. Security commitments. SOC 2, ISO 27001, encryption standards.
27. Breach notification timeline. 24–72 hours typical.

8. IP & confidentiality

28. IP ownership. Pre-existing IP retained by each party. Deliverables clearly assigned.
29. License scope. Permitted uses, geographic scope, duration, sub-licensing.
30. Residuals clause. Be careful: broad residuals clauses can effectively assign confidential information.

9. Boilerplate

31. Governing law & venue. Counterparty defaults to home jurisdiction; negotiate.
32. Force majeure, assignment, notices, severability. Standard clauses, but read for asymmetry.

---

Want this as an editable checklist? ClauseSpark Redline applies all 32 of these checks (and 200+ more) automatically on every contract you upload — and produces a tracked-changes draft addressing them in under three minutes. See it in action →