What Are Managed IT Services?
Managed IT services are defined as a set of outsourced IT functions designed to provide organizations with a wide range of network-based services, including system monitoring, administration and maintenance, data storage, security, and support. Managed IT service providers (MSPs) typically offer scalability for their services, such that certain functions can be added or modified as businesses grow and their needs change. The expertise of managed IT service providers can benefit organizations by delivering high-quality services at a cost-effective price, particularly if the organization does not have the budget or resources to maintain its own in-house IT department .
The benefits of establishing agreements for managed IT services include establishing a single point of contact for IT needs, streamlining management and maintenance of systems, increasing the availability of technical support and administrative functions, preventing issues from affecting business operations, and increasing efficiencies in IT spending. Services may include but are not limited to data migration, monitoring cloud-based services, network/system security, patch management of enterprise applications, application hosting, and storage.
Key Provisions of a Managed IT Services Contract
When entering or reviewing an IT services contract, whether it is the initial or a renewal, the terms of the contract should be carefully reviewed and compared to the previous contract to make sure that critical terms are included in the agreement. There are several key components that should always be included in an IT services agreement.
First, a description of the services. This should include a detailed written description of the scope of services. Relying on verbal or written descriptions in an RFI or RFP is not sufficient because a vague description will lead to problems down the road. Further, the description must be specific to the service being provided. For example, if the service provider is going to provide help desk services, there are several ways to structure the service. For example, the help desk could be a dedicated slot, jointly operated or a centralized help desk. Each option has pros and cons and the agreed upon method should be specifically described in the contract. Additionally, the agreement should describe the manner and availability of support. For example, is the support via phone, email or both? Is it available on business days, every day or 24/7? Finally, the description of services should specify when, where and how the services will be delivered. For example, is the service being provided at the service provider’s site, remotely or at the Licensor’s site? Will the service provider be providing the services during standard business hours, weekdays or 24/7?
The second critical component of any services agreement is a description of the service levels. For example, the parties should agree to the scope of the service, availability and uptime. The parties should also include a clear understanding of the customer reporting obligations. The parties should also include a detailed description of the performance standards such as what timeframe is required to respond to a customer request, what is the expected resolution time and what is the minimum level of availability that the service must meet. Further, the parties should include a clear, process for addressing missed targets. To the greatest extent possible, the parties should define the root cause analysis process as well as the parties’ roles and responsibilities before and after a service level is missed.
The contract should also describe the compensation terms, including the fees and payment requirements. While many contracts require regular and/or upfront payments, the contract should include a clear description of the fees, including any one-time fees (e.g., setup fees, onboarding fees, training fees, etc.). If the fees are tiered or based on actual consumption, the contract should provide a clear formula describing how the fees will be calculated.
Finally, the contract should include the terms of its termination. For example, what is the term and the renewal basis? Is the term automatic, and if so how can the parties get out of the contract? How can the parties terminate the contract for convenience or at-will? Additionally, the contract should identify scenarios when the parties can terminate the contract for cause.
Critical Nature of Service Level Agreements
Service Level Agreements are a fundamental part of any managed IT services contract. They provide the outsource provider with defined standards to adhere to and give the customer the assurance that they will actually receive value for the fees they are paying. Since you expect your managed services provider to deliver services which meet the SLAs, the terms of these requirements should be carefully negotiated when you sign the initial agreement. Typically, SLAs set a schedule for certain outcomes and specify penalties if the service provider fails to meet their deadlines. These provisions can relate to response times, system availability and performance and can include possible financial penalties as well as incentives or rewards for the service provider in cases of success. Our clients often ask us to review the SLAs set forth in the managed services agreement to determine what can actually be enforced, such as key metrics and how these metrics will be measured. Examples of common SLAs include:
Service Availability This SLA obligates the service provider to make available the systems, websites and networks used in the performance of their managed services to the customer. Often, the terms will require the availability 24/7, 99.9% of the time. Defining exactly what is meant by "the system" can sometimes be unclear. As can be the definition of "downtime." More complex systems may include availability requirements for each region, based on the time zone and business hours of the customer, or by server or application. This serves to ensure that the customer will have use of the services for the basket of hours that their business operates. Examples of common SLAs include: The agreement may allow for outages, but the SLAs will usually define the allowable amount and duration of these outages. The agreement may allow for unavailability to be scheduled and unscheduled, as well as maintenance windows, etc. However, in cases where the unavailability is substantial, the SLAs may provide for financial penalties. If the SLAs are met, they may provide for financial incentives or credits off the fees due to the service provider.
Incident Response Time This SLA governs how quickly the service provider must respond to a data incident, such as a virus, corruption or breach. In some cases, the SLAs may require the service provider to respond to the incident within a very short time after notice of the incident has been sent. The terms may also specifically contemplate tiered levels of support, response time and personnel, depending on the severity of the issue. Critical incidents such as data breaches will usually require phone as well as written notice. The SLAs will also usually designate the persons authorized to send and receive notices of incidents.
Performance This SLA usually governs the speed of the services provided. The agreement will consist of key metrics related to performance, such as upload or download times, the speed of sending files, loading website pages, etc. The agreement often sets forth the level of performance that is expected and that there should be no variance from these expectations. If the SLAs are not met, the service provider may be liable for penalties. On the other hand, SLAs are sometimes drafted by service providers to set a minimum standard below which they do not provide any services if that standard is not met.
Common Problem Areas in Managed IT Services Contracts
One of the most common issues for businesses engaging managed IT service providers is dealing with contractual ‘gotcha’s’ that can put the client at unnecessary risk. Here are some of the most common ones we see and how to avoid them:
Termination
The term length for the service agreement is important , but so is the termination clause. What are the terms for early termination? What penalties are there for termination? Can the Agreement be terminated for convenience? It is not uncommon for IT services providers to try to lock a client in. Be sure to review the termination terms carefully.
Service Level Agreements
Every provider has an acceptable level of service they can perform with their resources. Make sure you understand what services will be provided and when. What are the standards for completion? How quickly will issues be addressed? When should the client be notified of problems and what notice will be given if issues are not resolved satisfactorily?
Ownership of Intellectual Property
What happens if you develop intellectual property while working with your provider? Or who owns the IT you developed before you were working with the IT services company?
Procedures for Changes
Make sure all changes are documented and implemented per requirements. Be clear about the level of formality required in the change process and which party to approach for requested changes.
Compliance with Laws
What are the laws and regulations affecting your business and its operations? Ensure that your IT service provider understands which laws you have to comply with and that they provide the appropriate services and software to help you comply.
Negotiating A Reasonable IT Services Contract
Negotiating a Fair IT Services Agreement involves an understanding of the terms that are "standard" in the industry and the trends that may be adverse to the client. A managed services contract can be a lengthy document with several twenty-five to over forty pages of detail, which contains many terms that need to be reviewed carefully to avoid undesired results – usually adverse to the client. Some of the negotiating strategies depend on the size of the client. A large company can afford to insist on specific terms that it wants in its managed services contract. A small company may see multiple providers make specific demands that they will not budge on, which can cause the small company to simply accept those terms which may be adverse to its interest.
An issue that is most common to every size client, is what may appear to be "standard terms". There are several provisions that are common in managed services contract. The client must read them carefully, since they are common, they can be overlooked by the client. Some of these include:
- Provider may be allowed full access to the client’s premises, systems, networks; seeing the client’s confidential data.
- Provider may have the right to disclose the client’s confidential information to its affiliates or contractors for purposes of performing the services where the client’s documents are kept.
- All client data should be returned to the client at the end of the term.
- Provider must insure that its employees, affiliates, or contractors are governed by obligations of confidentiality.
- Purchase of hardware is a "turnkey" arrangement, where the client may be stuck with no ownership of the hardware.
- Provider retains the right to charge for all travel time.
- Client is responsible for obtaining all consents and licenses related to any third-party software or hardware.
- Client is required to pay for an upgrade to a new operating system.
- Services for the new operating system "upgrade" will be billed at the same contract rate.
- Provider may limit its liability to the fees paid during a certain period.
- Provider may include unreasonable limitations on liability for its services.
- Acceptance of a "no-fault" provision.
- Acceptance of a provision that provider is exempt from liability for managing the network.
- Acceptance of automatic renewals that renew for a long term.
- Acceptance of automatic renewals for indefinite terms.
- Acceptance of exemptions from termination for "uncured material breach".
Because there are so many of these issues, the client should look at these terms as a compromise that should result in a provision that is more favorable to the client than a typical managed services contract. While it is significant that the client have an attorney review the managed services agreement before signing it, there are other best practices that help the client achieve a favorable result. The relevant "best practices" to follow while negotiating the terms in the managed service contract are:
- Keep the competition going until the contract is signed.
- Work with a knowledgeable vendor that has a strong reputation to protect.
- Adding competition among the "finalists".
- Seek favorable vendor references that can assist in negotiating favorable terms to the client.
- Negotiate with senior executives of the company.
- Request the company to include the executive in the contract negotiations with the client.
- Investigate the provider’s previous relationships with previous customers.
- Insist on building the relationship, rather than replacing the company’s existing relationship.
- Be ready to walk away if the managed services provider refuses to compromise on the most important terms.
- Push to get the most out of the provider – extra services or lower fees.
- Understand your own leverage before entering into negotiations.
Managing and Renewing IT Services Contracts
Determining whether to renew your IT services agreement should be a process of thoughtful consideration. This means undertaking a review of your goals, budgetary considerations and potential new options. As a starting point, ask yourself the questions below and use your gut instincts. Then, dig deeper.
- Are you still accomplishing your business objectives?
- Is your current service provider upholding their end of the agreement?
- Are you able to meet your budgetary goals with your current provider?
- Have you experienced any issues with your current provider that lead you to suspect that they are not being fully honest with you or with their other clients?
Now, dig into the details of your contract and all the services provided by the service provider.
- Are all of your IT and related services being provided satisfactorily?
- Are there services no longer needed? Were you receiving IT services above and beyond your needs?
- Are you in a long-term agreement with your current IT provider that places your IT goals in jeopardy if you decide to move on?
- Has your IT spend grown significantly with your current provider without an increase in value in services? It is a good idea to benchmark your services and costs against those offered by other local providers every year or two.
- Has your business changed substantially in the last couple of years and you are now using services from your provider that you didn’t need previously? For example, has your business expanded in size or different locations?
- Did you make significant updates or improvements in your IT services with your current provider , resulting in your current costs being higher than what is typical for businesses of your size? You may want to research the costs of services offered by other local providers just to be sure that your pricing is in line.
- Have there been significant changes in IT services and products since your current contract was formed? For example, have there been major updates to the products and services you are now using or others that are now available that may better serve your business needs? Consider what’s new and improved.
Over the course of a contract, some of the services that you received may no longer be necessary. It is important to look at your provider’s contracted services and their respective value periodically. You may be paying for services that you no longer use and are not fully utilizing the IT package. You may be able to renegotiate a lower price if your provider is reaping more reward than there is commensurate value.
Generally, you are under no obligation to renew your contract with your current IT service provider once the term is up. If you do not intend to renew your contract, you should notify your provider of your intentions and formally discontinue the contract. You should also consider a reasonable transition period. If you fail to provide notice or discontinue your contract, you may be bound to the terms of the agreement beyond the term.
If your current IT services provider chooses to discontinue your contract, you should receive adequate notice as set forth in the terms of your contract. Not receiving adequate notice may create problems for your business.