Procurement Document Library / Doc Set 2026
RFPrequestforproposaltemplate.com
Section: 03 / Scope of WorkSection Deep Dive
Section Guide / SOW

Writing the RFP Scope of Work That Survives the First Change Request

The American Bar Association's 2024 Construction Law report attributes 71 percent of post-award disputes to ambiguous scope definitions. The same pattern holds across IT, professional services, and capital equipment procurement. The scope of work is not where most RFP authors spend their best hour, and it shows. This guide is structure, examples, and rewrites for the section that does most of the work.

Part I / Structure

The Standard Five-Part Scope Structure

A scope of work that holds up under change has five parts. Each part is short. The total scope statement runs 1 to 2 pages for most projects, 3 to 5 pages for complex capital projects. Length is not the goal; specificity is.

  1. Objectives. Two to four sentences. The business outcome the engagement is intended to deliver. Outcomes, not activities (reduce close cycle from 14 days to 5 days, not implement new close software).
  2. Deliverables. The set of named outputs the vendor will produce. Each with a description, acceptance criterion, and milestone tag. Typically 5 to 15 rows for a mid sized project.
  3. In scope / out of scope boundary. What the engagement does and does not cover. Locations, user populations, integrated systems, geographies, languages, browsers, time periods, all expressed as a boundary the vendor can size against.
  4. Assumptions. What the vendor is taking as given when pricing. Each assumption owned by either the client (we will provide X) or the vendor (we are assuming Y). Failure of an assumption triggers the change control process.
  5. Dependencies. The external inputs the project relies on. Client side dependencies (decisions, data, access, people). Third party dependencies (vendor APIs, partner deliverables, regulatory approvals). Each with an owner and a need by date.

The PMBOK Guide (Project Management Institute) describes the scope statement as a project management deliverable; the same content structure works in the RFP because both serve to bound the work. For full PMBOK alignment see pmi.org/standards/pmbok.

Part II / Deliverables

Writing Deliverables With Acceptance Criteria

Most disputes about whether a vendor delivered come down to whether the deliverable was specified well enough to test against. Every deliverable should pass the test: can a third party, given only this scope statement, tell whether the deliverable was met. The rewrite pattern is:

WeakDefensible rewrite
Project documentationAdmin user guide (30 to 50 pages, Word), end-user quick-reference (2 pages, PDF), runbook for ops team (15 to 25 pages, Confluence or Markdown), delivered 2 weeks before go-live
Training materialsTrain-the-trainer session (4 hours, on-site, 5 client trainers), 4 recorded modules (15 min each, MP4), trainer slide deck, knowledge check (15 questions, passing 80 percent), all delivered before week-1 user training
Reporting suite12 named reports as listed in Appendix B, each meeting the Report Specification template, runnable on demand and via scheduled email, performance under 5 seconds at 50K-row source
Data migrationMigration of approximately 1.2M rows from source schema as defined in Appendix C to target schema as defined in Appendix D, with reconciliation report showing source count, target count, exception count, and remediation status
ImplementationDeployment to production environment, smoke testing of 12 critical-path scenarios as defined in Appendix E, UAT support for 2 cycles of 5 business days each, hyper-care support for 2 weeks post-launch covering 8am to 8pm local time

The defensible rewrites are longer but they prevent the 5x longer dispute resolution that follows the weak version. The acceptance criterion does not need to be elaborate; it needs to be measurable. Two questions to ask of every deliverable: who looks at it, and what test do they apply to decide if it is done.

Part III / Out of scope

The Out-of-Scope List That Prevents Disputes

The out of scope list is the under used half of the scope boundary. Most scope statements are good at listing what is in scope and silent on what is not. Silence creates the worst category of dispute: a feature the client assumed was included and the vendor assumed was extra. The fix is an explicit out of scope list of the items most likely to be assumed.

Out of scope examples: IT projects

  • Data migration of legacy data older than 24 months
  • Integration with system X (separately quoted)
  • User training beyond named admin and super-user populations
  • Post-launch support beyond 30-day warranty period
  • Hosting infrastructure (client provides)
  • Application customisation beyond the standard configuration

Out of scope examples: Marketing engagements

  • Original photography or videography (client provides or separately quoted)
  • Paid media budget (client funds directly)
  • Translation into languages beyond English
  • PR and earned media outreach
  • Long-form content beyond agreed monthly count
  • Influencer agreements

Out of scope examples: Construction

  • Site preparation beyond what is shown on drawings
  • Utility upgrades
  • Permitting beyond standard building permits
  • Owner-furnished equipment and installation
  • Landscaping beyond the building footprint
  • Furniture, fixtures, and equipment installation

Out of scope examples: Consulting

  • Implementation of recommendations beyond defined coaching hours
  • Travel and expenses beyond stated budget (separately invoiced)
  • Translation of deliverables beyond English
  • Stakeholder workshops beyond defined cadence
  • Software licences for any tools used during engagement
  • On-call advisory beyond the 30-day post-engagement window
Part IV / Assumptions

The Assumption Log

Every vendor proposal is built on assumptions. Most are not surfaced in the proposal because the vendor took them as obvious. When an assumption proves wrong (the data was dirtier than expected, the integration endpoint was undocumented, the SMEs were not available), the vendor pivots from delivery mode to change-order mode. The assumption log makes those triggers explicit before contract signature.

Format for the assumption log:

IDAssumptionOwnerIf wrong
A-01Client provides reviewed, sign-off-ready content by week 4ClientSchedule extension at vendor's hourly rate
A-02Source data has fewer than 5% duplicates and 10% incomplete recordsVendor + client jointlyData cleanup quoted separately based on actual condition
A-03Integration endpoint at system X is stable and documented per attached specClientVendor scopes endpoint discovery work as change request
A-04Three named SMEs available for 4 hours / week during weeks 1 to 8ClientSchedule re-baselined to actual SME availability
A-05Project hours assume EU working hours (40 / week) with no public holidaysVendorHoliday-affected weeks re-baselined
A-06Deployment target environment is provisioned and accessible by week 6Client (IT)Vendor mobilises bridging environment at client's cost

Six assumptions for a typical engagement; 10 to 15 for a large or complex one. The act of writing each assumption surfaces about half of the issues that would otherwise become disputes mid-engagement. For the upstream project framing that drives a clean scope statement, see projectchartertemplate.com and the standard requirements section structure that fills in the detail.

Part V / FAQ

Frequently Asked Questions

Q.What goes in scope of work vs requirements?+
A.Scope of work describes the broad boundary of the engagement: which deliverables, which locations, which user populations, which systems are in or out of scope. Requirements describe the detailed behaviour or specification within scope. A scope statement says the system will support timesheet entry and approval; the requirements say what fields are captured and what approval workflow applies. Scope is the boundary; requirements are the content inside the boundary.
Q.How specific should deliverables be?+
A.Specific enough that a third party reading the scope statement two years later can tell whether a given output was in or out of scope. Every deliverable should have a name, a description, an acceptance criterion (how you know it is done), and a due date or milestone tag. Vague deliverables like 'project documentation' or 'training materials' produce post-engagement disputes; specific deliverables like 'admin user guide, 30 to 50 pages, covering all admin functions, delivered in Word format before user training begins' do not.
Q.Should I list out of scope items?+
A.Yes. Explicit out-of-scope statements prevent the most common scope dispute: a feature or activity the client assumed was in scope and the vendor assumed was extra. List the high-risk exclusions clearly: data migration of legacy data, integration with system X, user training beyond a defined population, post-launch support beyond a defined warranty period, content writing, photography, hosting and infrastructure provisioning.
Q.How do I handle assumptions in scope?+
A.Maintain an assumption log in the scope section. Each assumption has a description, who owns it (client or vendor), and what happens if the assumption proves wrong (cost adjustment, scope change, risk acceptance). Common assumptions: client provides reviewed and approved content by a specified date, client makes IT resources available within a defined response window, system integration endpoints are documented and stable. Documented assumptions are the basis for a change order if they fail; undocumented assumptions become disputes.
Q.How granular should scope tables be?+
A.One row per deliverable for the major deliverables (5 to 15 rows typically). Sub-deliverables can be listed as bullets inside the parent row. Excessive granularity (50+ rows for a 6-week project) makes the scope unreadable and produces granular disputes about individual rows. Insufficient granularity (3 high-level rows for a 6-month project) means everything inside each row becomes negotiable later. Calibrate granularity to project size: roughly one major deliverable per 2 to 4 weeks of engagement.
Q.Who owns scope changes after the contract is signed?+
A.A defined change-control process owns scope changes. The process should specify: who can request a change (client and vendor), how the change is documented (a change-request form), how impact is assessed (cost, schedule, and risk impact), who approves the change (typically the project sponsor for material changes, the project manager for minor changes within a defined dollar threshold), and how the change is incorporated (signed change order added as an amendment to the master agreement). Without a documented process, changes happen informally and disputes follow.
Related Sections

Other RFP section deep-dives

RequirementsPricing FormatTerms + ConditionsVendor QualificationsSubmissionEvaluationFull Authoring GuideMaster Template