[sooper]

I think this is a better aphorism than "trust, but verify".

I work in the information security assurance field, I swear that 90% of the issues I see at companies with external service providers comes back to the fact that their contract does not have anywhere enough ability to hold the service provider to task...

Get everything you need in the contract / agreement, then hope you never have to use it.

[maxxxxx]

From my experience it’s close to impossible to have a 100% bullet proof contract. If you try that you end up with the typical government contracting style where you spend a lot of time with specs and requirements upfront but it falls apart as soon as it touches reality.

In the end you need to pick suppliers you can work with productively no matter what the correct details are.