Customer-Managed Operational Checklist
Checklist items before sale, administrator distribution, support and backups.
Before sale
- Decide whether the product is B2B-only or also sold to consumers.
- Disclose price, payment method, renewal, cancellation, refund and delivery method.
- Prepare Product Terms, Customer-Managed Addendum, Privacy Notice and Support Policy.
- State what the vendor collects and what it does not collect.
Administrator distribution
- Provide installation steps and license information to customer administrators only.
- QR codes are issued by the customer administrator.
- Invitation emails are sent through the customer mail environment.
- QR codes do not contain passwords, private keys, personal information or persistent API keys.
Support
- Vendor remote login to customer environments is not the default.
- Log submission is voluntary and controlled by the customer administrator.
- Require masking of personal data, secrets and credentials in logs, screenshots and configurations.
- Do not accept certificate private keys, passwords or API keys through support.
Backups
- State customer-side backup responsibility.
- Include daily backup, weekly review and monthly restore-test guidance.
- State that the vendor does not store customer backups unless a separate service agreement is signed.