The Modern Commerce RFP Builder

Looking for a new commerce vendor but not sure where to begin? Use this RFP builder to select key categories, customize questions, and export everything as a spreadsheet. It's fast, easy — and tailored to fit your needs.

Customer Profile

General

  • What is the GMV (Gross Merchandise Value) range of your customers?

  • What is the median GMV range of your customers?

  • Please explain your "typical" customer in a few sentences:

  • What verticals do you most often sell to? What's your most common vertical? What are some verticals you don't often sell to?

  • In what year was your platform first commercially available?

  • Does your platform meant to be purchased as part of a larger suite, or as part of a best of breed collection of products?

  • How is your company structured? (Public / Private, Partnership, Joint Venture, Subsidiary, etc.)?

  • Please outline your company's strategic vision / roadmap for the next 5 years:

  • How many people do you employ and in how many locations?

  • What verticals do you most often sell to? What's your most common vertical? What are some verticals you don't often sell to?

  • What selling channels do your customers typically sell through?

Deployment Architecture

Platform Architecture

  • What delivery models are supported (on-premises, managed hosted, single-tenant SaaS, multi-tenant SaaS, etc)?

  • Do you have to provision environments for new customers? If so, how long does that take per environment?

  • What parts of your platform are auto-scaled? What parts require manual scaling?

  • Internally, how are new instances of your platform provisioned? Please describe your architecture.

  • How many separate independent microservices (own database, own application, own teams) does your platform have?

  • Internally, do microservices read/write from each other's datastores? Or is access strictly through APIs/events?

  • Internally, does your platform have a way of separating reads from writes using an architecture like CQRS?

  • To what degree do you use eventing internally? What's exposed externally?

  • What kind of datastore(s) do you use? Why?

  • To what extent does your platform conform with each of the 12 principles listed in Twelve-Factor App Manifesto?

  • What Open Source do you use? What do you contribute back to the community?

Underlying Infrastructure

  • What cloud vendor do you use for hosting your platform?

  • Which cloud region(s) do you serve your platform from?

  • Internally, do you leverage fault domains/availability zones to ensure your application is as available as possible? If so, how many regions? Please describe your architecture.

  • Are customers able to choose which region they use?

  • Does data ever leave a region?

  • Where are your data centers or servers physically located?

  • Internally, do you deploy to two or more data centers? If so, is it active/active or active/passive?

Release Management

  • Explain your process for releasing new versions of software. How often are major/minor versions deployed? What do customers have to do to uptake those new versions of software?

  • Are individual microservice teams able to release independently, or is the entire platform released as one atomic unit?

  • What is your support policy for older versions of software?

  • Does your platform have scheduled downtime when updates are made?

Ops

  • What monitoring data does your platform expose?

  • Over the past two years, how much planned and unplanned downtime has your platform had?

  • How are outages communicated?

  • How quickly can you provision new instances of your platform to meet a sudden spike in demand that cannot be met using currently provisioned capacity?

  • Is there a plugin system for creating own extensions?

  • Must extensions/customizations to your platform be deployed to a specific cloud vendor/location?

  • Describe how the software can be monitored (at all tiers) for availability and performance?

  • Describe how the platform supports containerization?

Security

Ops Practices

  • Does every single administrator within your company have individual user accounts to every system?

  • Does your platform log changes made by individual administrators? What data is captured and how long is it retained?

  • What measures do you take to keep bots and other malicious actors out of your system?

  • Have you experienced any security breaches that caused any outages or data leaks? Describe.

  • Do you conduct whitebox testing? If so, at what frequency?

  • Do you conduct blackbox testing? If so, at what frequency?

  • Do you hire a third party to conduct penetration testing? If so, what type of testing is performed and how frequently?

  • In the event that a security issue needs to be fixed, how quickly can the change be pushed and adopted by users?

  • Please describe your platform Backup & Restore capabilities?

  • Are there options to encrypt data at rest in your platform?

  • Describe the resiliency models or strategies applied in the product. E.g. Fault Resiliency, Latencies, Limiting expensive resources

  • What measures are employed to ensure business continuity in case of major incidents or disasters?

Certificates and Compliance

  • Does your platform comply with SAS 70?

  • Does your platform comply with SAS 90?

  • Does your platform comply with SOC and SOC2?

  • Does your platform comply with SSAE16?

  • Does your platform comply with ISAE 3402?

  • Does your platform comply with HIPAA?

  • Does your platform comply with ISO 9000?

  • Does your platform comply with ISO 27001?

  • Does your platform comply with PCI-DSS 3?

  • Does your platform allow you to comply with GDPR?

Authentication

  • What forms of authentication are supported for APIs?

  • Are pluggable identification/authentication providers supported for APIs? If so, which are available as pre-built integrations?

  • What forms of authentication are supported for business user tooling?

  • Are pluggable identification/authentication providers supported for business user tooling? If so, which are available as pre-built integrations?

  • Is multi-factor authentication supported for business user authentication?

  • How is authentication for GraphQL handled?

Authorization

  • How are roles and privileges used to authorize access to APIs? Please describe your approach.

  • Can roles and privileges for APIs be externally managed? If yes, where?

  • Can roles and privileges for API authorization be hierarchial? Can they be inherited?

  • Is the OAuth 2 protocol supported for API authorization? If so, are scopes supported too? How granular are they?

  • How are roles and privileges used to authorize access to business user tools? Please describe your approach.

  • Can roles and privileges for business user tools be externally managed? If yes, where?

  • Can roles and privileges for business user tools be hierarchial? Can they be inherited?

Data Protection

  • Is 100% of data encrypted while it is "in motion" throughout your platform? If so, what types/levels of encryption are employed between each system?

  • Is 100% of data encrypted while it is "at rest" in storage? If so, what types/levels of encryption are used?

  • Besides when it is actively being processed in-process, is there any time that data is not encrypted?

  • How is data secured in transit between your enterprise applications and the commerce platform?

Data Processing

  • What third party companies have access to personally identifiable information? Please explain what data is available and what types of data processing agreements you have in place.

  • Does your platform allow to delete customer data on a request, including from backups?

APIs

General

  • Does your platform provide APIs? Please describe your general approach to APIs.

  • What percent of the functionality of your platform available through APIs? Is there any functionality only available through a UI, script, or by accessing a database directly?

  • What functionality and data is not accessible over APIs in your platform?

  • What percent of your customers only use your APIs to access your platform's functionality and data?

  • Do your platform's APIs conform to a third party specification like RAML or Open API? Is your specification published publicly?

  • Was your platform built from the start to be API-first?

  • What Richardson Maturity Model Level are your REST APIs compliant to? Why?

  • Do your REST APIs support multiple formats (XML, JSON). If so, which one(s)?

  • Which CDNs and load balancers front your APIs?

  • Are all of your API calls idempotent?

  • As you add new functionality, do your APIs evolve in a backwards-compatible manner or are they versioned?

  • Do you offer a web-based UI or IDE where developers can try executing APIs against your platform?

  • What type of API metrics are exposed? For example, does vendor expose number of API calls, average response time, etc?

Extensibility

  • What means do developers have to inject custom logic before/after API calls are made?

  • Does your platform allow you to take actions in response to API calls? For example, do you support eventing, calling serverless functions, web hooks, etc?

  • Can the data model of objects (profiles, products, carts, etc) be extended/configured using APIs?

  • Can your API store/retrieve arbitrary JSON data/custom objects?

SDKs

  • What native SDKs do you offer over your APIs? Please list the supported programming languages (including version numbers).

  • How is each SDK supported? Is it commercially supported as part of the product, or is it unsupported open source?

  • How are SDKs updated over time? How frequently are they released? How do customers uptake new versions?

GraphQL

  • Does your platform API support GraphQL?

  • What percent of your platform's data and functionality is exposed over GraphQL?

  • Do you support GraphQL mutations, or just queries?

  • What protections do you have in place against malicious queries?

  • Do you have any special integrations with GraphQL clients like Apollo and Relay?

  • Are GraphQL endpoints supported the same as traditional REST APIs?

Implementation

General

  • How long do B2C implementations typically take? What's a cost estimate for implementations?

Approach

  • What is your company's general approach to implementation support? Are systems integrators responsible for implementations or do you do them yourself?

  • What types of professional services does your company offer?

  • What percent of your company's revenue comes from professional services?

  • Do you retain ownership of code and other intellectual property created as part of a professional services agreement?

  • Can your platform be consumed in smaller granular pieces or does it have to be purchased and implemented as one indivisible platform?

Partner Network

  • Who are your top five implementation partners?

  • Do you have a formal certification program for partners?

  • How many certified implementation partners do you have per region in which you operate?

Vendor Support

  • Do you have any blueprints or step-by-step guides for implementing your product?

  • What training and enablement programs are provided for initial and ongoing training for developers, administrators and business users?

  • How can the data be imported into your platform? Which connectors do you offer?

  • How are new product features publicized? For example, are there quarterly workshops or webinars?

  • Do you support access to your platform to develop a POC or MVP during the selection process?

Technical Support

  • State the processes and procedures for managing and resolving support tickets:

  • Does the platform offer 24/7 365 support?

  • Does the platform have a mature and stable support model? Are there any plans to apply changes to the support model within the next year?

  • Is documentation available to our technical support teams? Explain how this documentation is delivered.

  • Does the platform provide adequate notice of maintenance windows (advised at least 7 days in advance)?

  • What is your SLA (for the platform and content delivery)?

  • Provide your SLA response and resolution times:

  • Does the platform define acceptable SLAs? Please specify response, resolution and availability SLAs. What remedies are available for breach of these SLAs?

  • Why do companies renew their contracts with your business?

  • How often are service reviews conducted and what data is provided for review?

Product Catalog

Strategy

  • Does your platform include a dedicated PIM?

  • What percent of customers use your product as a standalone PIM for the whole enterprise?

  • Did you build or acquire your PIM? Please explain its heritage.

  • Is your data versioned (a mutable copy of each object being edited)?

Core Functionality

  • How can the data model be customized/extended?

  • Can physical goods be modeled as products?

  • Can digital goods be modeled as products?

  • Can services be modeled as products?

  • Can different product catalog data be maintained per country?

  • Can different product catalog data be maintained per language?

  • Can different product catalog data be maintained per channel?

  • Can a single product exist in multiple categories without it being duplicated?

  • How are product images managed in your platform?

  • Are Custom Product Attributes supported?

  • What third party ERPs have you integrated with?

  • What third party PIMs have you integrated with?

  • Does your platform offer product reviews?

Publishing

  • Can multiple changes be grouped together into an atomic unit, like a "Project"?

  • Please explain how changes are deployed from the authoring environment to the production environment.

  • Can deployments be scheduled?

  • Can deployments be rolled back? Please explain your strategy for reverting changes.

  • Can restrictions be put in place to forbid specific users from publishing?

Scalability

  • How many total items (categories, products, SKUs, etc) can be in your catalog without suffering performance degradation?

  • What is the maximum number of SKUs that can belong to a single product without suffering performance degradation?

  • What is the maximum number of attributes/properties an item can have?

Pricing

General

  • Can your platform set validity dates/times for prices?

  • Does your platform support individualized pricing (per customer)?

  • Does your platform support segment-based pricing?

  • Does your platform support geographic pricing (per country, per region, per state, per city, etc)?

  • Does your platform support channel pricing (mobile, web, in-store, etc)?

  • Does your platform support tiered volume discount pricing?

  • Does your platform support bundled product pricing?

  • Does your platform support pricing by customer group?

  • Can your platform get prices from an ERP system, standalone pricing engine, or some other source?

  • What is the maximum number of prices per product/SKU that your platform supports?

Checkout

General

  • Can an order be constructed and placed with one API call?

  • Do you offer a one-click checkout (like Bolt, Bold, Fast, etc.)?

  • Can carts be persisted? For how long? Is cart persistence a scalable feature?

  • Is guest checkout supported?

Payment

  • Which currencies are supported out of the box?

  • Does your platform allow for split payments?

  • Which payment gateways are supported out of the box?

  • Does your platform support wallets like Alipay, Amazon Pay, Apple Pay?

  • Does your platform support cash on delivery as a payment method?

  • Does your platform support purchase orders as a payment method?

Tax

  • Which countries does your platform provide the ability to calculate sales tax?

  • Does your platform support VAT calculation?

  • What third party tax calculators does your platform integrate with out of the box?

  • Does your platform support VAT ID validation?

Shipping

  • Does your platform perform address verification?

  • Does your platform support shipping cost calculation?

  • Does your platform support estimated delivery date based on shipping calendar/time in transit?

  • Does your platform support multiple shipments in a single order based on delivery address?

  • Does your platform support ship to store?

Returns/Exchanges

  • Does your platform support customer-initiated returns?

  • Does your platform support re-opening orders for amendment?

Fraud

  • Does your platform support fraud integration to third party system?

  • Does your platform support holding orders based on fraud score for review?

  • Does your platform provide support for the implementation of third party fraud software?

OMS

  • Do you have a dedicated OMS solution in your commerce platform?

  • Which third party Order Management Systems have you integrated with?

Promotions

General

  • How can business users model promotions? Is there a user interface?

  • Can promotions be templatized? How does that work?

  • Does your platform support order-based promotions?

  • Does your platform support promotions based on tender used to pay for the order?

Product promotions

  • Does your platform support product-based promotions?

  • Does your platform support BOGO (Buy One Get One) promotions?

  • Does your platform support tiered price break promotions?

  • Does your platform support gift with purchase promotions?

  • Does your platform support brand-based promotions?

  • Does your platform have ability to show available coupons applicable to the cart/products?

  • Does your platform support time-based product discounts?

Order promotions

  • Does your platform support promotion tied to geography or excluded by geography?

  • Does your platform support promotions by channel including web, mobile, affiliate and social?

  • Does your platform support shipping promotions?

Discount Codes

  • Does your platform support discount codes?

  • Can discount codes be auto-generated by the platform?

  • Can discount codes be auto-generated by business users from an administrative user interface?

Front-end

General

  • What is your front-end strategy? Does the platform have full content management capabilities, or is the platform expected served headless?

  • Are front-ends typically built or bought (packaged CMS, WCMS, DXP, etc)?

  • Do you work with any headless content management vendors (like Contentstack, Amplience, Contentful, etc)?

  • Does your platform offer date/time-based preview?

Mobile

  • How does your platform provide support for modes of mobile delivery such as mobile web, mobile and tablet applications?

  • Does your platform provide PWA support?

  • Does your platform offer a Swift or Android SDK?

  • Does your platform support integration of push services?

SEO

  • Does your platform support remarketing tag integration?

  • Does your platform adjust images to be SEO friendly?

  • Can the platform render URLs using slugs?

A/B / Multi-variate Testing

  • Does your platform provide A/B testing capabilities?

  • Does your platform provide multi-variate testing capabilities?

Marketplace

Product Catalog

  • Can product catalog data be managed individually per retailer?

  • Can your platform create and maintain individual assortments per retailer?

  • Can your product catalog data be exported to 3rd party marketplaces like Amazon, eBay, etc?

Order Management

  • Does your platform have ability to consolidate marketplace orders with orders from other channels?

  • Does your platform have ability to track order status from the admin console?

  • Does your platform have ability to manage returns and replacement?

Inventory Management

  • Does your platform have ability to allocate inventory by marketplace?

  • Does your platform have the ability to consolidate marketplace inventory reporting to a single view?

Reports

  • Does your platform have ability to report sales by marketplace?

  • Does your platform have ability to report sales by product category?

Unified Commerce

General

  • Does your platform support in-store (POS) sales?

  • Describe the in-store solution. Can this be purchased as a standalone module?

  • Does your platform support buy online, return in store?

  • Does your platform support exchanges?

  • Can customers begin a transaction online and complete in store or vice versa?

  • Can store associates view inventory by store?

  • Does your platform provide a single source of truth for promotions across channels?

  • Does your platform provide a single source of truth for products across all channels?

Payment

  • Does your solution allow the following types of payments: cash, credit card, digital wallet, gift card, store credit?

  • Is it possible to scan items to cart and send the customer a link to pay with their mobile phone?

  • Does your solution offer cash management capabilities (cash counts, add/remove cash, safe deposits)?

Security

  • Where is the solution hosted?

  • Does your solution support SSO?