Every vendor has a polished pitch built around their strengths. Your job as a buyer is to find the weaknesses behind the pitch. The right questions — direct, specific, and hard to deflect — reveal far more than a feature demo ever will.
Why pointed questions work
Sales conversations are designed to steer you toward strengths and away from soft spots. Open-ended praise ("Tell me about your product") plays into that. Specific questions that require concrete answers, references, or documentation are much harder to spin and expose where a vendor is genuinely weak.
Questions by category
| Area | Question that reveals weakness |
|---|---|
| Cost | What costs aren't in this quote? |
| Implementation | What's the most common reason go-lives slip? |
| Support | What's your average response time, and what's excluded? |
| Security | When was your last breach or incident, and what changed? |
| Data | If we leave, exactly how do we export our data? |
| Roadmap | What did you promise last year that you didn't ship? |
Probe the answers, don't accept the first one
A confident "we have great support" means nothing. Follow up: What are your hours? What's your guaranteed response time in writing? What's not covered? Can I speak to a customer who had a serious problem? The follow-ups are where weaknesses surface, because they force the vendor off the script.
Three questions that consistently surface problems
- "What are you not good at?" A vendor who can't name a single weakness either doesn't know their product or won't be honest.
- "Can I talk to a customer who switched away from you?" Reveals churn patterns and how they handle endings.
- "What will this actually cost in year three?" Exposes price increases and hidden fees.
Tie answers back to compliance
For tools handling PHI, security questions aren't optional. Ask directly whether they'll sign a BAA, how they handle breach notification, and what certifications they can document. HHS guidance on business associates explains what a vendor's obligations should look like — use it to judge whether their answers are adequate or hand-wavy.
Ask about the things that go wrong after the sale
Most weakness-revealing questions focus on the buying moment, but the relationship's hardest parts come later. Ask what happens during an outage: how customers are notified, what the uptime track record looks like, and what compensation applies if service falls short. Ask how the vendor handles a feature you depend on being deprecated, or a price increase you can't absorb. Ask who you call when something breaks at 8 a.m. on a Monday and how long a real resolution typically takes. Vendors rehearse answers about onboarding; far fewer have polished answers about failure, and the quality of their response tells you how they'll treat you once the contract is signed and the leverage has shifted.
Cross-check answers against other sources
A vendor's self-assessment is one input, not the verdict. Take the claims they make in response to your questions and verify them independently: confirm certifications through primary sources, ask references whether the support response times match what you were told, and check whether the roadmap items promised last year actually shipped. Discrepancies between what a vendor says and what you can verify are among the most useful signals in the whole evaluation. A vendor whose answers consistently hold up under cross-checking has earned a measure of trust; one whose story keeps shifting has revealed a weakness more telling than any single bad answer.
The takeaway
Reveal a vendor's weaknesses with specific questions about hidden costs, go-live risks, support limits, security incidents, and data exit. Probe past the first answer, watch for evasion, and require documentation for compliance claims. The vendors worth choosing answer hard questions openly; the ones who dodge are telling you something too.