Employee Referral Software RFP Template: Checklist, Scoring Matrix & Questions

An employee referral software RFP template is your procurement toolkit: a modular requirements checklist, a weighted scoring matrix, a vendor question catalog per module, and a DACH legal check (works council, GDPR). It lets you brief 4–6 vendors in a structured way, compare them on facts instead of sales pitches, and de-risk the go-live legally.

This guide gives you the copy-ready building blocks. It is not a vendor comparison or selection-criteria theory – if you need those, the best employee referral software comparison helps you build the vendor longlist. Here, the focus is the toolkit you use once you know what you want and are ready to run a clean RFP.

What this post delivers:

A 7-module requirements checklist you can copy directly
A scoring matrix weighted by company size
A vendor question catalog per module
A DACH compliance checklist (BetrVG §87/§94, DPA, EU hosting, DPIA)
A 10–12-week RFP timeline with works council involvement

The RFP process: 10–12 weeks from kickoff to signature (DACH)

An RFP process for HR software typically runs about 7–12 weeks from requirements gathering to contract. In the DACH region, plan for 10–12 weeks because of works council involvement. The classic mistake is bringing in the works council just before go-live – involve them from week 2.

Phase	Timeframe	Activities	Involved
1. Requirements gathering	Week 1–2	Pain-point workshop, stakeholder interviews, MoSCoW prioritization	HR, IT, departments
2. Inform works council early	Week 2	Notification per §80 BetrVG, pre-talk on data protection and requirements	HR, works council, DPO
3. Create + send RFP	Week 3–4	Checklist, scoring criteria, TCO template, vendor questions to 4–6 vendors	HR, IT, procurement
4. Vendor response window	Week 5–7	3-week deadline, allow written follow-up questions	Vendors
5. Shortlist + demos	Week 8–9	Pick top 3, scenario-based demos with a standardized script	HR, IT, works council, end users
6. Due diligence + DPIA	Week 10	GDPR impact assessment, DPA review, reference calls	DPO, procurement, legal
7. Works agreement	Week 10–11	Negotiate + sign works agreement per §87(1)(6) BetrVG	HR, works council, legal
8. Contract close	Week 12	Final negotiation + signature + kickoff	Procurement, HR, legal

DACH practice note: Under §87(1)(6) BetrVG, the works council has an enforceable co-determination right for any technical system capable of monitoring employee behavior or performance – regardless of the employer's intent. Referral platforms with individual logins and referral-activity tracking almost always fall under this (§87 BetrVG). Involving the works council only in week 11 risks a conciliation board proceeding that can delay go-live by months.

Modular requirements checklist (7 modules)

Structure your requirements into seven modules. That way you compare vendors module by module and avoid letting one strong demo area mask weaknesses elsewhere. Copy the checklist into your RFP document and tag each item as a must or a should.

Module 1: Participation channels & UX

WhatsApp, SMS, email, Slack, Microsoft Teams for invites, reminders, and submissions
Mobile-first flow for frontline workers without an email login (max. 3 taps to submit)
Pre-filled messages with a job summary, shareable by link or QR code
Employee dashboard: referral status, pending rewards, leaderboard (opt-out possible)
Accessibility (WCAG 2.1 AA) and older mobile operating systems (Android 9+)
DE/AT/CH localization: German, Austrian, and Swiss UI language + privacy notices

Module 2: ATS/HRIS integration

Native connectors for your ATS (e.g. Greenhouse, SAP SuccessFactors, Personio, Workday, Rexx) or a documented REST API
Automatic job sync with configurable filters (which roles are visible?)
Bidirectional status updates: candidate status visible to employees without manual HR effort
SSO/SCIM support for user provisioning and deactivation from your HRIS
Data mapping: source tags, referral IDs, cost centers for clean reporting

Module 3: GDPR / DPA / data residency

EU data centers with a selectable region (at least Germany or EU as an option)
Standard data processing agreement (DPA) per Art. 28 GDPR, including a subprocessor list
Configurable retention and deletion periods for employee and candidate data
Granular consent request for LinkedIn network matching (opt-in, documented withdrawal)
Exportable audit logs (min. 12 months) for all access, changes, and data exports
Data protection impact assessment (DPIA) per Art. 35 GDPR: does the vendor support you in producing it?

Module 4: Works council & co-determination (DACH-specific)

Documentation: which employee data is tracked at the individual level? (§87(1)(6) BetrVG relevant)
Configurable visibility limits: admin can restrict or disable tracking features
Vendor's works-agreement experience: has it supported works-agreement negotiations in Germany?
If candidate assessment/scoring is included: is §94 BetrVG conformity documented?
The works council can verify in the audit log which data is stored (transparency right)

Module 5: Reward workflows & fraud prevention

Staged payouts (e.g. after interview, start, probation) with configurable milestones
Multi-currency with tax notes (EUR DE/AT/CH) and export for payroll
Rule set: eligibility by contract type, tenure, role, region
Duplicate check and conflict resolution (e.g. candidate already in the ATS from another source)
Finance report: open, approved, and paid rewards by cost center

Module 6: Gamification & engagement

Leaderboards filterable by location, area, and timeframe + opt-out option
Micro-rewards for actions (sharing, interview invite, hire), not just for the hire
Campaign function for hard-to-fill roles (multipliers, time-limited)
Analytics: channel performance and campaign success per segment

Module 7: Analytics & reporting

Automated dashboard: participation rate, referrals per channel, conversion rate, time-to-fill
KPI export (CSV, BI-tool ready) for your own analysis
Benchmarks: referral hire rate versus other channels
Cost report: cost-per-hire for referrals including rewards and platform share

Why these modules are worth the effort: referred hires stay markedly longer. Per Gitnux (December 2025), around 47% of referred employees stay at least three years versus roughly 33% of job-board hires; LLCBuddy (March 2025) confirms about 46%. Referrals also fill roles around 55% faster. The platform has to amplify this advantage, not waste it through poor UX.

Scoring matrix: weighted by company size

Set the weights before the demos, or the best presentation will anchor your judgment. Weighting shifts with company size: SMBs mainly need frictionless UX, while enterprises weight data residency and works-council fitness more heavily.

Criterion	SMB (≤150 staff)	Mid-market (≤500 staff)	Enterprise (500+ staff)
Participation channels & UX	30%	25%	20%
ATS/HRIS integration	20%	25%	20%
GDPR / data residency	15%	20%	25%
Works-council fitness (DACH)	10%	10%	15%
Reward workflows & fraud	10%	10%	10%
TCO / price transparency	15%	10%	10%
Total	100%	100%	100%

How to score it: rate each criterion per vendor on a 1–5 scale. The weighted score is rating × weight. Mid-market example: vendor A scores 4 on UX (4 × 0.25 = 1.0), vendor B scores 3 (3 × 0.25 = 0.75). Sum all weighted scores into a total per vendor. Document the rationale for each weight in writing – that makes the decision defensible to procurement and the works council.

Vendor question catalog per module

Precise questions expose marketing claims. Demand demos and documents, not yes/no answers. These questions belong directly in your RFP document.

Questions on channels & UX

Show us live: how many taps does a frontline worker without an email account need on Android to submit a referral?
Which channels are natively integrated (no third-party messaging gateway)?
How do we calculate WhatsApp and SMS costs transparently (cost per message per country)?

Questions on ATS/HRIS integration

Which connectors are native – for which ATS is a custom API required?
How long does a typical ATS integration take (hours of our effort + vendor hours)?
How do you handle candidates who applied via both a job board and a referral?

Questions on GDPR / data residency / DPA

In which specific countries and data centers is data stored? Is there a DE-only option?
Will you provide your standard DPA for legal review – by when?
Which subprocessors have access to personal data (list + country of establishment)?
How do you support us in producing a data protection impact assessment (Art. 35 GDPR)?
How do you handle LinkedIn network matching: show the opt-in flow, document the withdrawal process.

Questions on the works council (§87 / §94 BetrVG)

Which employee data does the system track at the individual level (clicks, referral frequency, network size)?
Have you supported works agreements with German works councils? Can you show a template?
Can tracking features be restricted or disabled at the works council's request – without losing core aggregate reporting?
Does the platform include candidate assessment or employee scoring functions? (§94 relevance)

Questions on rewards & TCO

How do we configure staged payouts by role, location, and hire type?
Which tax functions are native for DE/AT/CH (withholding tax, benefits in kind)?
How do we export reward data to our payroll system (DATEV, SAP Payroll)?
Please break down all cost components: license, implementation, ATS integration, messaging credits, support tier, training – for year 1 and from year 2.
Are WhatsApp and SMS credits included or pay-per-use? How do we calculate costs for [X] staff and [Y] campaigns per month?
What are your notice periods and data-export terms at contract end? Which SLAs apply for support in the DACH time zone?

DACH compliance checklist (legal)

In the DACH region this block is not optional. Without works-council co-determination and clean data protection, the go-live fails – no matter how good the software is. Verify each row actively in the RFP.

Requirement	Legal basis	Verification question
Data processing agreement (DPA)	Art. 28 GDPR	Standard DPA available + subprocessor list?
EU/DE hosting	GDPR Art. 44 ff.	Which countries/data centers specifically?
Data protection impact assessment	Art. 35 GDPR (LinkedIn matching)	Does the vendor support DPIA creation?
Works-council co-determination	§87(1)(6) BetrVG	Individual-level tracking: which data?
Personnel questionnaire approval	§94 BetrVG	Does the platform include employee scoring?
Works agreement	§87 BetrVG (conciliation board right)	Template + experience in Germany?
ATS integration data paths	GDPR Art. 5 (purpose limitation)	Which data flows in which direction?

Two DACH provisions are central. Under §87(1)(6) BetrVG, the works council has an enforceable co-determination right for technical systems capable of monitoring behavior or performance – which applies to virtually any referral platform with individual logins. If the platform includes candidate assessment or employee scoring, §94 BetrVG also applies (approval requirement for personnel questionnaires and assessment principles). Both are well established in the settled case law of the German Federal Labor Court (BAG). Govern the rollout through a works agreement before go-live.

Demo scenarios (compact)

Standardize the demos: every vendor runs the same five scenarios against your real use cases. That way you compare like for like instead of watching vendor-driven highlight reels.

Scenario	What it tests
Frontline referral	A frontline worker without email submits via WhatsApp/QR in ≤3 taps
White-collar flow	An office worker shares an open role via Slack/Teams with a pre-filled message
Reward payout	Staged payout after probation + finance export by cost center
GDPR flow	Demo opt-in to LinkedIn matching, withdrawal, and data export live
Works-council demo	Audit log + restricting tracking features at the works council's request

For the post-contract implementation plan – pilot, role-based training, change management – read the guide on how to make the right choice. For the strategic overview of program design and metrics, see the ultimate guide to employee referral programs.

Conclusion

A strong RFP template is four copy-ready artifacts: the 7-module checklist, the size-weighted scoring matrix, the vendor question catalog, and the DACH compliance checklist – embedded in a 10–12-week timeline with early works-council involvement. With these you brief vendors on facts and de-risk the go-live legally. Once your requirements are set, move on to the vendor shortlist in the software comparison.

FAQ

What goes into an employee referral software RFP template?

A requirements checklist across seven modules (channels/UX, ATS/HRIS, GDPR/DPA, works council, rewards, gamification, analytics), a weighted scoring matrix, a vendor question catalog per module, a DACH compliance checklist, and a TCO breakdown for year 1 and beyond.

How long does a referral software RFP process take in DACH?

Around 7–12 weeks in the market, and realistically 10–12 weeks in DACH because of works-council involvement, from requirements gathering to signature. Involve the works council from week 2, or you risk delay through a conciliation board proceeding.

What legal requirements apply in Germany when introducing referral software?

The key ones are the works council's co-determination right under §87(1)(6) BetrVG (tracking of individual activity), plus §94 BetrVG if scoring is involved, a DPA per Art. 28 GDPR, EU/DE hosting, and where applicable a data protection impact assessment per Art. 35 GDPR. The rollout is usually governed by a works agreement.

How do I build a fair scoring matrix for vendor comparison?

Define the criteria and their weights before the demos and adapt them to your company size. Rate each criterion on a 1–5 scale, multiply by the weight, and sum per vendor. Document the rationale for each weight in writing.

Jürgen Ulbrich

CEO & Co-Founder of Sprad

Jürgen Ulbrich has more than a decade of experience in developing and leading high-performing teams and companies. As an expert in employee referral programs as well as feedback and performance processes, Jürgen has helped over 100 organizations optimize their talent acquisition and development strategies.