TMCnet Feature Free eNews Subscription
July 14, 2026

IT Teams Now Manage Hundreds of Vendor Contracts. Most Can't Say What Renews When



Information technology runs on vendors now. BetterCloud's 2025 data puts the average company at 106 SaaS (News - Alert) applications, and closer to 490 once shadow IT is counted. Every one of those tools arrives with a contract: an order form, a service-level agreement, a data-processing addendum, and a renewal date. The software gets managed carefully. The agreements behind it usually do not. They sit in scattered PDFs, a procurement inbox, and a folder nobody has opened since onboarding.

That gap costs money quietly. BetterCloud found that 75% of IT teams lack a clear view of which applications are in use or when their subscriptions renew. Around 57% of licences go unused or underused, and Zylo estimates the average organisation wastes roughly $135,000 a year on software nobody touches. Most of that waste is not a buying mistake. It is a renewal that fired automatically because the contract terms and the renewal date lived somewhere no one was watching.

The scale of that leakage keeps growing. Zylo's 2025 SaaS Management Index recorded the first rise in average SaaS spend in three years, and put the money lost to unused or underused licences at roughly $21 million a year for a large organisation, up 14.2% on the prior year. Estimates of the waste rate cluster between 30% and 40% of licences in a typical enterprise, with some 2025 analyses putting it higher still. The expensive part is rarely the licence being overpaid for today. It is the contract that renewed last month because nobody was watching the calendar.

Shadow IT widens the hole. With 48% of enterprise apps now acquired outside the IT department, a large share of an organisation's commitments are signed by people who never tell procurement, on terms nobody recorded centrally. The fix is not another spend dashboard. It is treating the agreement itself as a record you can query. Proper contract management for IT teams means that the answer to "what did we agree, when does it auto-renew, and who signed it" takes seconds, not a week of asking around.

The cost is easiest to see in a single ordinary failure: the auto-renewal nobody caught. A team trials a tool, signs a twelve-month order form with a thirty-day cancellation window, and moves on. Eleven months later the window opens and closes while the contract sits unread in an inbox. The renewal fires, another year is billed, and the first anyone hears of it is the invoice. The money is gone not because the deal was bad, but because the terms and the date were never anywhere the team could see them together.

Auto-renewal is worse than a wasted seat, because the price usually moves against the buyer. Most SaaS agreements bundle a renewal clause with a built-in uplift, so each missed cancellation window does not just re-buy last year's licences, it re-buys them at a higher rate. Miss the deadline and the company is locked in for another term with no leverage to renegotiate, no ability to right-size the seat count, and a bill that grows every cycle. Over a portfolio of a few hundred agreements, those unnoticed commitments compound into a number no one budgeted for.

Part of the reason is that almost nobody owns the work. Industry research finds only 59% of IT asset-management teams actively track SaaS usage, and just 56% right-size their contracts, which means more than four in ten organisations have no one doing either. This is not a tooling shortage. Plenty of these companies run a spend dashboard and a procurement suite. What they lack is a single place where the signed agreement, its renewal date, and its terms live together in a form the team can actually query when a decision has to be made.

The need gets sharper the moment something is contested. A vendor insists the SLA promised a different uptime. A renewal is disputed because the cancellation window was missed by two days. A security auditor asks to see the signed data-processing addendum for a tool that handles customer data. In each case the question is the same: which version was actually signed, and when? An email with a PDF attached cannot answer that cleanly, because either side can open a document, change it, and re-save it, and the metadata that might expose the edit is trivial to strip.

Audits raise the stakes again. A SOC 2 review or a customer's vendor-risk assessment will ask an IT function to produce signed data-processing terms and show they have not changed since execution. Producing a PDF is not the same as proving it is the one both parties signed. When the agreement that underpins a compliance claim cannot be verified, the control it was supposed to evidence is weaker than the audit assumes, and the finding lands on the team that could not produce defensible proof.

This is the case for putting the signing event on a footing that does not depend on one party's copy of the file. Approaches built around blockchain document signing hash each signature to a public, timestamped record, so anyone holding the document can confirm it matches what was signed, on the date claimed, without access to a vendor's internal system. The contract stops being a file that can quietly diverge between two inboxes and becomes a record with a verifiable history.

Independence is what makes that record useful past the IT department's own walls. An external auditor, a customer's security team, or a counterparty in a dispute can each confirm a signature on their own terms, rather than being asked to trust a screenshot or log into a system they do not control. Verification that only works inside one company's tooling is a convenience; verification anyone can reproduce is evidence.

The same record changes the renewal itself from a scramble into a decision. Renegotiating a contract before it rolls over means knowing the exact terms that were signed, the price protections that were agreed, and whether the seats are actually being used. When that sits in one queryable place, a team can walk into a renewal with the signed agreement and the usage side by side, and push back on an uplift instead of paying it by default. Without it, the renewal happens to the company rather than being run by it.

Privacy obligations pull in the same direction. Under regimes like GDPR and state privacy laws, a company has to know which processors hold customer data and on what contractual terms, and to produce the signed data-processing agreement on request. A scatter of PDFs cannot answer a regulator or a nervous enterprise customer quickly. A verifiable registry of signed DPAs, each tied to a checkable record, turns a fire drill into a lookup, which is exactly the kind of answer an auditor wants to see.

None of this replaces the SaaS-management or procurement tooling a large IT function already runs. It adds the layer those tools usually lack: defensible proof of the terms themselves. A renewal calendar is only as trustworthy as the contract it points at, and a spend report means little if the underlying agreement cannot be produced in a form an auditor will accept.

The same record matters just as much when a tool is switched off. Decommissioning a vendor is not only the technical task of revoking access and exporting data; it is a contractual one. The agreement usually sets out how notice must be given, what happens to the data on termination, and which obligations survive the relationship. When those terms sit in a findable, verifiable record, a team can end a contract cleanly, prove the data-deletion clause was invoked, and close the file. When they do not, a cancelled tool can leave a live obligation nobody remembers, which is exactly the kind of loose end a later audit or breach turns into a problem.

The bill for getting this wrong also compounds at the worst possible moment. When a company is acquired, raises funding, or sells into a regulated buyer, someone asks for the full contract corpus and proof of what was signed. A function that can hand over a queryable, verifiable record clears diligence quickly. One that cannot turns a routine request into weeks of reconstruction, and every gap a buyer's lawyers find becomes a point of leverage against the valuation.

As the application count keeps climbing, the difference between IT teams will not be how many tools they buy. It will be whether they can produce the signed terms, and the renewal dates attached to them, on demand. The ones who can will stop paying for renewals they forgot about, walk into negotiations with the leverage the contract already gave them, and stop losing arguments they should win.

There is a reporting angle, too. Finance and the board increasingly want to see committed spend and renewal exposure, not just last month's invoices, and that view is only as good as the contract data behind it. A queryable, verifiable record of every agreement is what turns "what are we actually committed to" from a quarterly scramble into a number the team can produce on demand, with the signed terms to back it.

 



» More TMCnet Feature Articles
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE

LATEST TMCNET ARTICLES

» More TMCnet Feature Articles