Procurement toolkit

Vendor selection templates for Singapore tech buyers.

Use these checklists to scope projects, compare vendors, and avoid vague proposals before you request quotes.

Project RFQ brief

Clarify outcomes, current stack, constraints, timeline, budget, and decision criteria.

Compare capability, Singapore presence, proof, pricing clarity, delivery risk, and support.

Pressure-test uptime, latency, support hours, measurement windows, exclusions, and credits.

Ask for PDPA posture, access controls, incident handling, vulnerability management, and audit evidence.

Business outcome: what should change after this project ships?
Current environment: systems, vendors, network, users, locations, data sensitivity.
Scope boundary: what is in scope, out of scope, and optional.
Delivery constraints: deadline, blackout windows, compliance needs, procurement process.
Budget range and buying stage: exploring, approved budget, or urgent replacement.

Criterion	Weight	What to verify
Relevant capability	25%	Similar projects, category-specific services, technical depth.
Singapore fit	20%	Local office, UEN, response coverage, regulatory familiarity.
Proof and references	20%	Case studies, customer references, reviews, certifications.
Commercial clarity	15%	Pricing model, assumptions, exclusions, renewal terms.
Delivery and support risk	20%	Project governance, SLA, escalation path, handover plan.

PDPA handling: personal data collected, stored, processed, and deleted.
Access control: MFA, privileged access, joiner-mover-leaver process.
Infrastructure security: patching, vulnerability scans, endpoint controls, backups.
Incident response: notification timelines, severity definitions, evidence retention.
Subprocessors and data residency: cloud regions, third parties, audit rights.