Glossary

A document specifying what users may and may not do on a software service, attached to the master agreement.

Automated Clearing House, the U.S. electronic network for bank-to-bank payments.

A vendor metric for the annualized value of all active subscription contracts, normalized to a single year.

A contract clause that renews the agreement automatically if neither party gives notice within a specified window.

The California Consumer Privacy Act (as amended by CPRA), giving California residents rights over their personal information.

The rate at which customers cancel or downgrade, expressed as a percentage of revenue or customers per period.

A contract structure where the buyer commits to a minimum spend in exchange for a discounted rate.

A vendor metric for the all-in cost to acquire one new customer, including sales, marketing, and onboarding.

A vendor metric for the total gross profit a vendor expects to earn from one customer over the relationship.

Data Processing Agreement — required by GDPR and similar regimes, defines how a vendor processes the buyer's personal data.

A multi-year, multi-product, all-you-can-eat contract sold to enterprise customers, typically priced as a flat annual commit.

The practice of restricting features to higher pricing tiers, often unrelated to underlying cost.

The European Union's General Data Protection Regulation, governing personal data of EU residents.

A U.S. law governing the privacy and security of protected health information, with corresponding obligations on covered entities and business associates.

A contract clause where one party agrees to cover specified damages or claims brought against the other.

An international standard for information security management systems (ISMS), audited and certified by accredited bodies.

A contract clause that caps the maximum dollar amount each party can be liable for under the agreement.

A vendor metric for the monthly recurring value of all active subscriptions.

Master Services Agreement — the umbrella legal contract between a buyer and a software vendor.

A login flow that requires two or more independent factors (something you know, have, or are).

A vendor metric showing the year-over-year change in revenue from existing customers, including expansion and churn.

Payment terms — invoice due 30 days from receipt.

A contract where one or both parties agree to keep specified information confidential.

The number of days before contract end during which a party must declare intent to renew, terminate, or renegotiate.

A modern, JSON-based protocol for identity and authentication, layered on OAuth 2.0.

The Payment Card Industry Data Security Standard, which governs the handling of credit card data.

An authorized simulated attack on a system to find vulnerabilities before real attackers do.

A buyer-issued document that authorizes a vendor to deliver specified goods or services at agreed prices.

An exploratory document asking vendors to describe their capabilities, used early in evaluation to narrow a long list.

A formal procurement document inviting vendors to bid on a defined scope of work, with structured evaluation criteria.

A short-form procurement document asking vendors to quote price for a clearly defined product or service, typically without proposing alternatives.

A model for granting permissions based on a user's role rather than assigning individual permissions per user.

The end-to-end process of evaluating, buying, deploying, and managing third-party software at a company.

An XML-based protocol for federated single sign-on, widely used in enterprise SaaS.

System for Cross-domain Identity Management — an open standard for automating user provisioning and deprovisioning between identity providers and SaaS apps.

A pricing model where the buyer pays per active user account.

A way for users to sign in to multiple applications with one set of credentials, typically managed by an identity provider.

Service Organization Control 2 — an audit framework for security, availability, processing integrity, confidentiality, and privacy controls.

A scoped document attached to a master agreement that specifies deliverables, timeline, and price for a specific engagement.

A pricing model where features and limits are bundled into named tiers (Starter, Pro, Business, Enterprise).

The full multi-year cost of a software purchase, including license fees, implementation, integration, training, and switching costs.

A pricing model where the buyer pays based on consumption (events, API calls, gigabytes, transactions).

The structured process of moving a new software vendor from contract signature to active deployment.