Comparable questions and verifiable answers
A polished demonstration is not evidence that a supplier can support the organisation’s everyday work, exceptions and future exit. A fair selection gives each provider the same material requirements and records what proves every answer.
Shortlist against mandatory requirements first. Ask every supplier for the same workflow demonstration, cost schedule, service evidence, data and integration detail, contract position, continuity arrangements and exit process. Score only evidence, and record unresolved conditions separately.
Use one evidence schedule for every supplier
| Area | Question | Strong evidence |
|---|---|---|
| Functional fit | Can representative users complete priority workflows and exceptions? | A scripted demonstration or pilot using realistic scenarios and agreed pass conditions. |
| Delivery and support | Who implements, supports and escalates the service, in which locations and hours? | Named responsibilities, service levels, response routes, capacity and relevant customer references. |
| Cost and change | Which charges vary with users, use, storage, integration, support, inflation, renewal or configuration? | A complete price schedule tied to the organisation’s scenarios and contract terms. |
| Data and integration | Where does information move, who can access it and how is it exported, corrected, retained and deleted? | Architecture and data-flow documentation, test export, interfaces and processor terms where applicable. |
| Continuity and exit | What happens during supplier failure, outage, acquisition or termination? | Recovery commitments, tested continuity evidence, data format, assistance, timescale and deletion confirmation. |
Separate four kinds of answer
Demonstrated
The organisation has seen the requirement work under an agreed test.
Documented
Current technical, assurance or service evidence supports the claim.
Contracted
The commitment, remedy, responsibility and timing appear in the proposed agreement.
Promised
A roadmap or sales statement has no present evidence or enforceable delivery; treat it as unavailable.
Scale due diligence to consequence
A low-impact, easily reversible tool needs lighter checks than a system supporting critical work or sensitive data. For security-specific questions, use the separate supplier cybersecurity due diligence guide. NIST’s CSF 2.0 supply-chain quick-start guide supports defining and communicating supplier requirements, while the UK NCSC supplier assurance questions cover governance, incident recovery, access, data and contracts.
Where UK personal-data processing is involved, check the current ICO controller–processor contract guidance. Other jurisdictions have different requirements.
Technology supplier comparison FAQs
How many technology suppliers should a business compare?
There is no universal number. Include enough credible options to test the market and the preferred approach, while keeping the work proportionate. Explain how suppliers entered the shortlist and whether any important alternative was excluded.
Should the supplier with the highest weighted score always win?
No. A weighted score cannot repair a failed mandatory requirement, unacceptable contract condition or unresolved high-consequence risk. Use scores to organise evidence, then make and record the judgement.
Can a customer reference prove that a supplier is suitable?
A relevant reference can test delivery and support claims, but it reflects another organisation and moment in time. Ask about comparable scale, workflows, problems, supplier response, unexpected costs, renewal and exit.
Continue your business technology decision
Use the next guide that matches the requirement, investment, supplier, implementation, migration, access, continuity or renewal question you still need to resolve.

