Harper
← All Posts

Product

Obligation Tracking: Turn Static Contracts Into Live, Evidenced Tasks

One vendor contract hides 150-plus ongoing obligations in a dead PDF. Harper turns each into a live, owned, evidenced task you can actually track.

By HarperApril 21, 20264 min read

Obligation Tracking: Turn Static Contracts Into Live, Evidenced Tasks

Every vendor you sign brings more than 150 promises you are now on the hook to enforce. A single agreement with one third-party administrator can require insurance renewed every year with your entity named on the policy, a signed BAA, quarterly HIPAA attestations, monthly OIG and SAM exclusion screening, flow-down clauses that follow every subcontractor, background-check cadences, and SLA thresholds with reporting attached. The vendor owes all of it. Making sure they actually deliver it, contract after contract, year after year, is your problem to solve.

The trouble is where those promises end up: a static PDF, executed, filed, and effectively dark. The requirements inside it don't remind anyone they exist. So teams rebuild them by hand in spreadsheets and calendar alerts, which holds up until the vendor count climbs into the hundreds and the spreadsheet turns into a graveyard of stale rows. Then the drift starts. A certificate lapses in March. A subcontractor gets added with no flow-down. An excluded provider lands on a roster. Nobody notices until an audit finds it, and by then the exposure has been sitting open for a quarter.

A clause is not a task until someone owns it

Harper reads the executed contract first, all of it, and pulls out every discrete obligation - including the ones tucked into exhibits, amendments, and flow-down language a human reviewer skims right past. Each one is captured as the exact requirement, with the source clause attached, so there is never an argument later about what was actually promised.

But an obligation sitting in a database is still just text. The work is in turning it into something a person is on the hook for. "Maintain $2M general liability coverage with our entity named as additional insured" becomes an assigned task with an annual renewal cadence, routed to whoever owns that vendor. A monthly screening requirement becomes a recurring task that comes due on the first of every month, whether or not anyone remembers to look. The obligation says what is required. The task says who, by when, and how often.

Done means there's proof, not a checked box

A task isn't finished because someone marked it finished. It's finished when the evidence is on file and holds up. Harper links the proof straight to the requirement it satisfies: the actual insurance certificate, the countersigned BAA, the screening result showing a clean check against the federal exclusion lists. Not to a folder, not to an inbox thread - to the obligation itself.

That wiring is what turns "prove it" from a fire drill into a click. When an auditor or your own risk committee wants to see that a given vendor met a given requirement on a given date, the trail is already there. And because proof is tied to the requirement, you can see at a glance which obligations are backed by something current and which are running on faith. Harper treats an obligation with no in-date evidence as unmet. That is the honest default, and it is the one that keeps you out of trouble.

Risk accrues in the gaps between reviews

Most vendor compliance is point-in-time. You review a vendor at onboarding, clear them, and mostly trust them until next year's review comes around. The problem is that the obligations don't pause between those reviews, and neither does the risk. Insurance valid in January expires in July. A vendor with two subcontractors at signing has six by fall. An annual snapshot cannot catch what moves in the eleven months you weren't looking.

Harper watches continuously instead. It knows the cadence of every task and the expiration date of every document, and it raises its hand before something lapses rather than after. Coverage nearing its renewal date pings the owner well ahead of time. An overdue screening escalates instead of quietly aging into a liability. Every obligation on every contract is under watch at once, so a gap shows up the day it opens, not the quarter after it closed.

One live view instead of one analyst's spreadsheet

All of this rolls up into a single real-time picture of the whole vendor network. Not a tab someone maintains between other duties - a dashboard that shows, right now, which vendors are fully covered, which have items coming due, and which are out of compliance, down to the named requirement and the specific piece of missing proof. For a health system or plan carrying hundreds of vendor relationships, that is the line between hoping you're covered and knowing where every gap is.

None of this competes with your CLM, and it isn't meant to. Icertis, Gatekeeper, Ironclad, and the rest are built to author, negotiate, and store the contract, and they do that well. Keeping those obligations satisfied month after month, with evidence, is a different job. Your CLM holds the source of truth for what was agreed. Harper runs on top and makes sure it stays true. The contract lives in the CLM; its obligations live, and stay accountable, in Harper.

A static contract was always a compromise - a way to record commitments in a format that had no way of knowing whether they were kept. Obligation tracking closes that gap. Everything a vendor agreed to should be live, owned, and evidenced from the day of signing to the day the relationship ends, and increasingly it will be.

Request a Demo

Frequently asked questions

How is Harper’s obligation tracking different from a contract lifecycle management (CLM) system?
A CLM authors, negotiates, and stores the contract, and holds the source of truth for what was agreed. Harper does the job that starts after signing: it verifies that the obligations inside those contracts stay satisfied over time, with evidence linked to each one. It runs on top of your CLM as the operational layer, not in place of it.
What kinds of vendor obligations can Harper track?
Every discrete obligation in a contract. That covers insurance certificates and additional-insured status, BAAs and HIPAA attestations, monthly OIG and SAM exclusion checks, subcontractor flow-down clauses, background-check cadences, and SLA thresholds with reporting. Each is pulled from the contract with its source language, turned into an owned task with a cadence, and backed by linked proof.
Why is continuous monitoring better than annual vendor reviews?
Because the risk shows up between the reviews. Insurance valid in January can lapse in July, and an annual snapshot has no way to catch that drift. Harper tracks the cadence of every obligation and the expiration date of every document as it goes, reminding owners before things lapse and escalating overdue items, so a gap is visible the day it opens rather than months later at audit.

Other Posts

July 14, 2026 · Insights

The Unexplored Frontier of Contract Compliance

The cost of building software has collapsed, and the number of vendors every organization must trust is about to reorder. Compliance is the bottleneck - and continuous contract enforcement is the frontier no one has claimed yet.

June 16, 2026 · Insights

What Vendor Contract Management Looks Like in a World With AI

For decades a contract has been a document you sign and file. With AI, it becomes a live system that knows its own obligations and whether they are being met - and the work inverts from reading everything to reviewing the exceptions.

May 5, 2026 · Product

Meet Harper

Vendor compliance is mostly reading contracts and chasing paper. Harper does both, so the person who owns it can stop keeping plates spinning.

February 4, 2026 · Insights

The Illusion of Certificates

SOC 2, HIPAA, and HITRUST are NOT vendor contract compliance. Many vendors incorrectly believe this, exposing their enterprise customers to massive hidden risk.

February 2, 2026 · Insights

The Problem With Looming Audits

It's not a matter of if you'll get audited, but a matter of when. The problem lies at the very beginning: vendors lack proper tooling to organize compliance efforts.

January 28, 2026 · Company

Announcing Harper

We're excited to publicly announce Harper: a new way for health plans and systems to oversee, analyze, and boost vendor contract compliance.