Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
Vendor Offboarding Checklist

Guide to Vendor Off-boarding: Checklist Included

Guide to Vendor Off-boarding: Checklist Included

There are several reasons why you may need to change your current solutions vendor or discontinue your contract.

First of all, you may have found a solution that fits your needs better, either because of the technological shift your company is experiencing, or because you have found a solution that has outgrown its competition and you think it's worth switching.

The second reason for switching is a rise in prices. Many vendors, when they grow to a certain size, can’t continue to increase profits without raising their prices. And while, for enterprise-grade companies, paying more for the solution is cheaper in comparison with overhauling the infrastructure and the existing processes to onboard a new application, small and medium businesses are more flexible and less amenable to paying more.

And lastly, there are security concerns. Nowadays a lot of vendors are under attack from hackers aiming to steal their clients’ personal data. You may have heard about the hacking of SonicWall, a VPN and firewall maker, which affected millions of devices and solutions. Basically, threat actors gained keys to millions of offices worldwide. Then there was the hacking of big MSP and IT solutions provider SolarWinds, which affected not only public companies but the US government as well. That said, each week you come across news of millions of stolen records and at least one breached solution. Thus, you might want to look for a new, safer solution that hasn’t yet been compromised.

However, once you find this solution, you first need to off-board the old one – and do it with care, since components left behind might be the cause of a security breach, and a contract which was not ended properly might be the reason for a lawsuit. In this guide, we will review the vendor off-boarding process step by step, so you will be sure that nothing is left behind.

Step 1. Create an Inventory

First of all, you should carefully check which vendor components you have integrated into your infrastructure. Such components include:

  • Software, including applications, agents installed on computers and mobile devices, proprietary or BYOD databases. You should also take into account that a piece of software is typically supported by a dozen proprietary services and processes, which in some cases will not be uninstalled with the main solution. So make sure you know about all such processes and components. Whether you are sure or not about your list, we highly recommend asking the support team or the sales representative of the given vendor in order to get a full list.
  • Hardware, including proprietary or BYOD servers and physical appliances that were designed to work with the given application. It is worth including all hardware in the list for two reasons – to define the rights of possession for the given piece, and, if the piece is owned by you, to determine its future use.
  • Licenses. Licenses are subject to renewal payments and you should make sure that you include those in the list to avoid paying more for the solution you are about to drop.

Step 2. Return the Equipment

An internet service provider or a backup appliance provider may lend you some equipment, so you can use it for free while you pay for their services. This equipment is in most cases owned by the provider and you should return it once you end your contract. Don’t forget to delete all data from the equipment you are returning.

Step 3. Disable Access to Network and Data

Sometimes you give access to certain applications and systems or even create accounts in your network for vendor representatives, so they can deliver their services or troubleshoot any issues. Needless to say, you should block all such accounts and monitor network activity to define whether any automated solutions from the given vendor are still accessing your premises.

Secondly, check your data sharing permissions. After your contract ends, none of the vendor's employees should be able to access your data.

  New call-to-action

Step 4. Check Physical Access

If you are dealing with a managed services provider or an ISP, their employees may have physical access to your facilities. First of all, you should have a list of those employees. Then, you should disable any entry cards or keys that the vendor's employees have.

Don't forget to notify your office personnel that you have stopped working with the given vendor. Some malefactors might try to sneak in using the name of the vendor you previously worked with.

Step 5. Discontinue All Licenses. Final Payments

The penultimate step is to discontinue all active licenses you currently use and cancel the renewal process. Make sure to contact your sales representative to check that no licenses are left behind. Once that is done, you should pay the vendor if you owe them anything, or demand payment if they have any unfulfilled obligations.

Step 6. End the Contract

Lastly, you should end the contract. Before doing that, review it once more with your lawyer to check if all services were delivered and all contractual obligations fulfilled. Also, check the outlined agreement upon the termination of the contract.

Further reading The Importance of Legal Services to MSPs

Once you terminate the contract, remove the vendor from your budget estimations for the upcoming periods.


Now you know how to carefully off-board a vendor and not leave anything behind. Take extreme care when doing this, and your security, both infrastructural and financial, will be well protected.

Before you start the off-boarding process, though, ask yourself if you have a vendor in place that will replace the existing one. Without a proper replacement solution in place, your operations and processes may suffer, or you may even experience downtime.

3 Reasons To Pick a Storage-Agnostic Backup and DR Vendor
Take full control of where your data is stored, as well as storage pricing and features
New call-to-action