Security is an obvious consideration which needs to be addressed up front. Data is a very valuable commodity and only people with appropriate access should be allowed to see it. What steps are going to be employed to ensure that happens? How much administration is going to be required to implement it? These questions need to be answered up front.
I want to extend special thanks to Ginger for putting security as the top item on the list. Also, this seems like a pretty good set of criteria for most projects, so definitely check it out.