Vendor Evaluation
Charity software is the most important purchase decision you will make. Getting it wrong wastes money, wrecks fundraising campaigns, frustrates staff, angers donors, and can set your organisation back years. Yet too many charity leaders treat charity CRM vendor selection with the same enthusiasm they show when ordering a new water cooler or inking a lease renewal for the office photocopier.
Yes, the demonstrations are shiny. The salespeople are charismatic. The feature lists are tantalising. But behind the glitz and hype, too few charity leaders ask the tough questions. Questions about the company’s financial stability. Questions about what happens when things go wrong. Questions about whether this vendor will still be in business three, five, ten years from now, and if they are, whether you still want them running your mission critical operations.
This is not an article about comparing features or price tiers, though these are important considerations. This is about asking the due diligence questions that can differentiate a strategic technology partnership from a bad tech bargain. These are the questions that safeguard your charity’s resources, your team’s time, and ultimately your ability to serve your beneficiaries.
Why Standard Vendor Evaluations Fall Short
Vendor selection processes are depressingly standard: draft a requirements list, request demonstrations, compare pricing and terms, run a few references, and make a decision. The process treats software as a commodity purchase rather than a strategic partnership that will touch every part of your organisation.
Standard vendor evaluation criteria are also focused almost exclusively on the needs of the present moment;
Does the software have the features we need right now?
Can we afford it within this year’s budget?
Do the screenshots look professional?
These are all valid questions, but not enough.
A more robust vendor vetting process looks past the immediate purchase transaction and into the relationship you are about to enter. It stress-tests vendors’ claims against the real world. It aims to uncover hidden risks that only come to light once the contract is signed and the data migrated.
The 10 questions below are designed to do just that.
They’re not the comfortable questions that vendors are happy to answer. They may make sales representatives squirm. That’s the point. The vendors worth partnering with will welcome your probing. Vendors who fob you off with stock responses, change the subject or pressure you to make a decision without satisfactory answers are in effect telling you everything you need to know.
Question 1: What is your company’s current financial position, and can you provide evidence of financial stability?
This is an uncomfortable question for many charity leaders. It sounds like you’re invading a vendor’s privacy. In reality, you are protecting your own. Choosing UK charity software means entrusting a vendor with your donor data, your fundraising operations, and possibly years of historical records. If they go into administration six months after you’ve completed your implementation, you’re in a crisis.
Ask directly and bluntly about the company’s current financial position. For private companies, ask questions about their funding sources, revenue growth, and profitability. If they are venture-capital funded, are they burning through successive investment rounds? If they are bootstrapped, are they profitable? If they are a subsidiary of a larger group, what are the financial resources of the parent company?
Publicly quoted companies have easily accessible financial statements. Private companies may be able or willing to provide a letter from their accountant confirming the financial viability of the company. Alternatively, you can ask whether they hold professional indemnity insurance, which would be used to pay out claims in the event of business failure.
Be suspicious if: vendors are unwilling to discuss finances at all; recent layoffs have affected the company’s support or development teams; the business has been through several recent ownership changes or locations; or the vendor is using aggressive discounting to entice you, which suggests the company is under financial pressure and needs the cash flow.
Question 2: What is your UK-specific support structure, and can you provide a UK-based contact number?
Many software vendors are multi-national operations, which sounds great until you need urgent support at 4 PM on a Friday and find that 24/7 support actually means a ticketing system being monitored from a different time zone, with answers to your queries arriving while you’re still trying to close your weekend fundraising event.
Ask vendors about UK-specific support structures. Do they have a UK phone number you can call? Are there any support staff based in the UK who are aware of UK charity regulations, Gift Aid requirements, UK data protection rules, and generally understand UK charity compliance from a British legal perspective?
Ask for details of support hours, response times, and escalation paths. What happens on UK bank holidays? What is the support staff-to-client ratio? If a vendor has five support reps and five thousand clients, you can safely assume they won’t be able to offer meaningful support.
You can even ask them to test their support story by saying, “If I have a critical issue at 3 PM on a Tuesday, I’m going to call support. Walk me through exactly what happens in this scenario.” If they can answer that with specific detail, it will tell you whether they have a substantial UK support presence or are instead competing with all their clients worldwide for limited support resources.
This is not just a matter of language. Even support teams based in the English-speaking world may lack an intimate knowledge of the specifics of UK charity governance, the Charity Commission’s regulatory requirements, and the compliance issues facing UK charities specifically.
Question 3: What is your product development roadmap for the next 24-36 months?
The software you’re evaluating today will not be the software you’re using in three years. It will evolve. It’s simply a question of whether it will do so in a way that meets your needs or in a way that leaves you behind.
Ask vendors for their product development roadmap. What major features or improvements are coming? What technology investments are being made? How are they prioritising development requests from clients?
Pay particular attention to vendors’ plans for addressing emerging requirements. What are they doing to future-proof their product against changes to data protection regulations? How are they approaching AI and automation? What is their strategy for donors’ evolving expectations around digital engagement?
Equally important: ask about legacy features. Are they planning to deprecate or remove any aspect of the current system? Some vendors are basically running two products in parallel—a legacy system and a “next generation” platform. These vendors may be planning to migrate all clients to the next-gen platform within your current contract period. Find out.
Request introductions to clients who have used the vendor’s software for five or more years. Ask these long-term clients whether the vendor has over the years consistently delivered on its roadmap promises, or whether all the announced features seem to arrive late, or not at all.
Be wary of roadmap timelines that seem to be built to tell you what you want to hear. A vendor that promises to build all the features you list is either not being honest about their development capacity or doesn’t have a coherent product strategy. The best vendors have a clear vision for their product and are able to explain to you why certain features are priorities and others aren’t.
Question 4: What are your contract terms regarding price increases, and what protection do we have against unexpected cost escalation?
The price quoted today is not the price you will pay over the life of the relationship. Every vendor will increase prices over time. The question is whether those increases are predictable and reasonable, or whether you will be subject to unexpected cost escalations that disrupt your technology budget.
Ask directly about the vendor’s pricing philosophy and history. What have annual price increases averaged over the past five years? Are they tied to inflation indices, or are they discretionary? How much advance notice of price increases will you receive?
Ask the vendor to put limitations on price increases in your contract. Some vendors will accept contractual language capping annual increases at a specific percentage or linked to the Consumer Price Index. Some vendors will refuse, which tells you they want complete flexibility to raise prices in any way they choose, regardless of your budget constraints.
Scrutinise the pricing model in detail. Are you charged per user, per contact record, per email sent, or some other metric? How will the cost rise as your charity grows? A pricing model that is affordable at one size may not scale when your database or team doubles or triples.
Ask about other fees on top of the base subscription price. What do they charge for additional training? For data migration assistance? For custom reports or integrations? For support above the standard level? These additional costs can easily double your total spend.
Finally, ask about scenarios where your charity has financial difficulties. Will the vendor work with you on payment terms, or will they immediately suspend your system access—and your data? The answer you receive will tell you whether they see you as a partner or simply as a revenue source.
Question 5: How do I exit this contract and get my data back?
You’d be surprised how many charity leaders make the decision to switch charity software, but then get trapped with their chosen CRM because they didn’t realise how hard it is to leave.
When was the last time you didn’t sign a contract when buying something? Sure, most things you buy online have terms and conditions you tick to accept before you place the order, but that’s not a contract in the same way as the legal document you have to sign to engage a new CRM service.
Read the contract termination clauses and make sure you understand them. What is the minimum contract term? How much notice do you need to give to cancel the contract? Are there any early cancellation charges? Some vendors offer discounts for signing a multi-year contract with automatic renewal clauses which are very difficult to opt out of.
More importantly, ask about data export. You need to be able to leave, taking all of your data with you, in a usable format to your next system. Ask specifically: What is included in the data export? Just contact records, or also donation history, email engagement data, custom fields, relationship data? How is the data format provided, and how long will it take to export the data?
- Ask for a sample data export file. Check it carefully to make sure it includes all the data that you would need to import into another system. Some vendors have data exports that, while technically complete, are practically useless – huge spreadsheets with unintelligible field names and no documentation.
- Ask what happens during a notice period, and whether or not you can continue to access the system during that time. If you give three months notice, do you get to keep using the system for three months or are you immediately locked out?
- Ask what happens to your data after you leave. Is it kept for some period of time, or is it immediately deleted? If data is retained, how long is it kept, and for what purposes? Your donor data is subject to GDPR requirements and you are responsible for it, even after you have stopped using a particular vendor’s system.
The best vendors make it easy to leave, because they know you won’t want to. Vendors who make it difficult to exit know that the honeymoon period of “everyone loves the new system” is temporary, and they prepare their clients for an exit they never want to take.
Question 6: Can you give us references from UK charities of a similar size and complexity, and can we speak to clients who have left your service?
All vendors will be able to provide you with a list of satisfied clients as references. The problem is, all vendors provide satisfied clients. You need to dig deeper.
Ask for references from UK charities specifically, not just any not-for-profit organisations. You need organisations which are subject to the same regulations as you, and which will have similar requirements. If you are a medium-sized charity, references from large international charities, or very small grassroots organisations, won’t be that useful.
Prepare a list of specific questions for references.
Don’t ask open questions like “Are you satisfied with this software?”
Instead, dig into the details: “Tell me about the implementation process – what went wrong and how did the vendor respond?”;
“How is the quality of the support?”; “What are the response times for support queries?”; “Were there any unexpected costs?”
Here’s the key request which separates due diligence from a casual reference check: ask the vendor for contact information for clients who have left their service. This request is almost always going to be refused, with the vendor usually citing privacy policies as the reason.
But the vendor’s response to this request tells you a lot. A vendor who flatly refuses to provide any information about past clients is likely covering up a high churn rate or negative exit experiences. A vendor who is willing to facilitate an introduction to a past client who left for a legitimate reason (eg a merger, or a shift to a completely different operational model) is confident in their service.
At the very least, ask the vendor directly “What are the most common reasons clients leave your service?” The honest answer (eg sometimes very small charities find the system more robust than they need, or very specialised organisations need a bespoke solution) is far more useful than the answer “We don’t have clients that leave our service.”
Question 7: How do you approach data security, and what certifications/compliance do you hold?
Your data is one of your charity’s most valuable assets. Donor details, financial information, beneficiary records, all of these need to be kept safe not only to comply with your legal obligations, but because it’s the right thing to do.
- Ask about their specific security certifications. ISO 27001 information security management, Cyber Essentials, regular third-party security audits – if they have them, they should be happy to tell you about them, and to show you the results of the most recent audit.
- Ask where your data is physically stored. This can have real implications for data protection, particularly if servers are hosted outside of the UK. How does the vendor ensure compliance with GDPR and UK data protection law?
- Ask about specific security practices. How is data encrypted both in transit and at rest? What are the available authentication methods – do they support two-factor authentication? How are access controls managed? How is security patch management handled?
- Ask them about their security incident response plan. What would happen in the event of a data breach? How quickly would you be notified? How much support would they provide to help you? Has it ever happened to them, and if so, how did they handle it?
- Ask them about business continuity and disaster recovery. How often are backups performed? Where are they stored? How quickly could they recover if their systems were to go down? Is there redundant infrastructure in place?
Don’t take vague assurances that they “take security seriously”. Every vendor will say that. Ask specific questions about their security practices and compliance with standards.
Question 8: How do you approach system updates and upgrades, and how disruptive will this be?
Software updates are part of life. But the way that a vendor handles updates and upgrades can be the difference between smooth improvements, and a few features that work better, or even much, much worse.
Ask about update frequency and cadence. How often is the system updated? Is it continuous or periodic (monthly, quarterly, annual)? Are updates automatic, or can you control when they are applied? Can updates be tested in a sandbox environment first, before being applied to the live system?
Ask about the types of updates. Are they security patches and bug fixes, or do they include changes to the interface and new features? How much notice do you get before significant changes? Is training provided if major updates change workflows?
Discuss any potential downtime. Do updates require system outages? If so, how long, and when are they scheduled? A vendor who schedules maintenance during UK business hours is not thinking about UK clients when they do this.
Ask about backwards compatibility of updates. If an update breaks how a feature works, or changes the interface, will your existing processes and integrations continue to work? Some vendors have a track record of breaking changes which require clients to re-create reports, automations, or integrations after each major update.
Ask to speak to clients about their experience with updates. Have they generally improved the system, or caused new problems? Has the vendor ever released an update that has caused major issues, and how did they respond?
The ideal vendor provides regular, well-tested updates that enhance the system’s capabilities without introducing significant disruption, with clear communication and transparency about what’s changing and why.
Question 9: What is your implementation methodology, and what is required from our team?
One of the most common sources of regret when leaders select a nonprofit CRM system is a flawed or failed implementation.
Ask the vendor to describe their implementation methodology in detail. What are the phases? What are typical timelines? What are dependencies and potential bottlenecks?
Crucially, ask what is required from your team. How many hours per week is your staff required to commit to the implementation? What skills are needed? Do you need to hire external consultants, or can the vendor’s team do the technical work?
Data migration is a key part of any implementation.
Who is responsible for preparing and cleaning your data?
Who is responsible for the migration itself?
How many test migrations are included?
What happens if data quality issues are found during the migration?
Ask about the vendor’s success rate with implementations. What percentage of implementations are on-time and on-budget? What are the most common causes of delays or cost overruns? Can you speak to organisations that have recently completed implementations?
Inquire about training. What training is included in the implementation? Is it generic or customised to your workflows? Is training provided in-person, or via video conference or recorded training materials? What ongoing training is available once go-live is reached?
Ask the vendor for a detailed implementation plan and timeline before you sign the contract. Promises of a “smooth implementation” mean nothing. You want a detailed plan with milestones, deliverables, and assigned responsibilities all made clear.
Be especially wary of vendors that claim their implementation will be easy. Vendors who say you’ll be “live in days”, or that the implementation process is “simple and straightforward” are almost certainly lying. An honest vendor who is upfront about the time and resource requirements for a successful implementation is far more trustworthy than one who makes the process sound simple.
Question 10: How do you use client feedback in product development, and what say will we have over the product’s future?
Purchasing charity software is not a decision you make today to affect your operations this year. It’s a decision that establishes a partnership you will need to work with for many years into the future. How much say will you have in that product’s future? Will you be at the mercy of whatever updates and new features the vendor decides to roll out, or will you have the ability to drive the product in a direction that works for you?
Ask the vendor how they solicit and prioritise client feedback. Do they have a formal feature request system? Do they have a client advisory board or user group? How do they determine product development priorities?
Find out about customisation options. Can you customise the system to work for your specific workflows and process or do you need to adapt your processes to the software? If the vendor allows customisations, what are the cost and limitations? Will customisations be overwritten by updates to the system?
- Ask about the vendor’s approach to product development. Are they creating a highly flexible foundation that can be configured for a variety of use cases, or are they taking a prescriptive approach with an opinionated product designed around best practices? Neither approach is right or wrong for every charity, but you need to know what you are getting.
- Ask about the vendor’s balance of new features and system stability. Some vendors are always adding new functionality to their systems, which sounds good on the surface but can result in an overly-complex and bloated solution that no one really wants to use. Others take a more measured approach of perfecting the core functions the system is designed to serve. Which approach is right for you?
- Ask for examples of features that were built in response to client feedback. How long did it take to go from initial request to product delivery? Were the clients who requested the features happy with the final implementation?
- Ask about the size of the client base. If you will be one of several thousand clients, then any individual feedback you provide will have limited impact on the product development roadmap. If you will be one of two dozen clients, you will potentially have much more influence on the product’s direction—but with that greater influence comes much greater risk in partnering with a smaller, less established vendor.
Making the Decision
These ten questions will not make the process of selecting a charity CRM vendor any easier. In fact, they will make it a lot harder. You will learn things you don’t want to know about vendors you were excited about. You will be given reasons to be concerned about vendors you were considering. You will have to extend your timeline to get through the necessary due diligence.
That’s a good thing.
Selecting charity software should not be a decision made overnight or taken lightly. The stakes are simply too high. The cost of making the wrong decision is not simply money thrown away on a poor product and wasted subscription fees. It is missed fundraising opportunities, staff burnout and turnover, frustrated donors, and organisational disruption that will set your charity back for years.
The vendors that will welcome these questions, that will answer them in detail and honestly, that will level with you when challenges arise rather than pretending that everything is perfect—those are the vendors worth working with. The vendors that respond to these questions with deflection and pressure to make a decision quickly, that make promises that sound too good to be true—those are the vendors you can walk away from, no matter how impressive their feature lists look on paper.
You are a steward of your organisation’s mission, resources, and future. That stewardship extends to your technology choices. By asking these hard questions, by not accepting sales pitches at face value, by digging into the nitty-gritty of a long-term partnership, you are serving your organisation and meeting that responsibility.
The right vendor will not just provide you with software. They will provide you with a foundation for growth, a platform for your mission’s success, and a true partnership that strengthens your capacity to serve your beneficiaries.
That vendor is out there, and these questions will help you find them.
