Procurement and infosec will ask these. Arrive with answers.
Data ownership. The contract states, in writing, that attendee data is yours, exportable in full at any time, and deleted on termination. Ask how export works: API, CSV, or CRM sync.
Certifications. GDPR compliance is the floor for events with international attendees. SOC 2 and ISO 27001 prove the vendor's security has been externally audited. Ask for the reports, not the badges.
Single sign-on. For internal and enterprise events, SSO through SAML, Okta, or Azure AD is a hard IT requirement more often than vendors expect. Confirm it covers both the attendee app and the admin dashboard.
SLA and event-day support. Get uptime as a number and named support coverage for your event dates. An app failing during the opening keynote is not a ticket-queue problem.
CRM integrations. Attendee and lead data flows into Salesforce, HubSpot, or Marketo without manual exports. If leadership wants event ROI reporting, this integration is where it lives.
API access. Your insurance policy for custom reporting and future workflows, even if unused on day one.
Store account ownership. Repeated deliberately: the app publishes from your developer account. This is exit protection.
These requirements separate an event app from an enterprise event app, and they earn a dedicated line in your RFP even when vendor marketing already claims them.