You signed a managed services agreement with your IT provider months ago. Maybe years ago. Since then, it’s probably lived in a filing cabinet or a forgotten folder on your desktop, collecting digital dust. But that contract is actively shaping the quality of IT service you receive every single day, and most business owners have no idea what it actually says.
Understanding the Service Level Agreement (SLA)
The SLA is the heart of your MSP contract. It defines what your provider promises to deliver and, ideally, what happens when they fail to meet those promises. Many SLAs are written to sound impressive while committing to very little.
What to Look For
Uptime guarantees should be specific and measurable. A promise of “99.9% uptime” sounds excellent, but that still allows for approximately 8.7 hours of downtime per year. More importantly, check what’s actually covered. Does the uptime guarantee apply to your servers, your network, your cloud services, or all of the above? Many MSPs guarantee uptime only for infrastructure they directly manage while excluding third-party services you depend on daily.
Response time versus resolution time is a critical distinction most business owners miss. Your MSP might promise to “respond” to critical issues within 15 minutes, but responding simply means acknowledging the ticket exists. Resolution, actually fixing the problem, could take days with no contractual penalty. Look for contracts that define both response and resolution targets for different severity levels.
Questions to Ask
- What qualifies as “downtime” under this agreement?
- Are planned maintenance windows excluded from uptime calculations?
- What’s the difference between your response time commitment and your resolution time commitment?
- How are severity levels defined, and who decides the classification?
Red Flag Language
Watch out for phrases like “commercially reasonable efforts” or “best efforts to resolve.” These sound reassuring but are legally meaningless. They give your MSP unlimited flexibility to take as long as they need without consequence. A strong SLA uses specific timeframes and measurable commitments.
Scope of Services: What’s Actually Included?
The scope of services section defines exactly what your monthly fee covers and, more importantly, what it doesn’t. This is where businesses paying $8,000/month discover that on-site visits, employee onboarding, and security incidents all bill at extra hourly rates.
Included versus excluded services should be explicitly listed. Read the exclusions first — that’s where the surprises are. Common ones: network hardware replacement, after-hours support, new employee onboarding, software license management, and cybersecurity incident response. If these cost extra, you need to know before an emergency hits, not during one.
User and device counts matter more than you might think. Many MSPs price their contracts per user or per device, with specific limits written into the agreement. Adding three new employees might trigger a contract amendment with significantly higher fees. Understand exactly how your pricing is calculated and what triggers additional charges.
Hardware and software boundaries define who is responsible for what. Does your MSP manage just your servers, or also your workstations, printers, and mobile devices? Are they responsible for software updates across all applications or only the operating system? These boundaries directly impact your day-to-day IT experience.
Be wary of contracts that describe services in broad, general terms without specifics. Phrases like “general IT support” or “standard monitoring” leave too much room for interpretation. When something breaks and you need help, you don’t want to argue about whether it falls under “general support.”
Response Times and Priority Classification
How quickly your MSP responds to problems can mean the difference between a minor inconvenience and a business-crippling crisis. Response time commitments need to be clearly defined and tied to meaningful priority levels.
“Response times are targets, not guarantees” is a phrase that should concern you. Similarly, watch for language allowing the MSP to reclassify issue priorities at their discretion. You need committed timeframes, not aspirational goals.
Most MSPs use a tiered priority system (Critical, High, Medium, Low), but the definitions vary wildly. If “critical” requires your entire network to be down, you might wait hours when your email server crashes — even though email downtime is costing you money by the minute. Check how severity levels are defined and, critically, who gets to make that call: you or them.
Business hours versus 24/7 support is often buried in fine print. A four-hour response time sounds impressive until you realize it only applies Monday through Friday, 8 AM to 5 PM. Submit a ticket Friday at 4 PM, and you might not hear back until Monday afternoon. Also look for escalation procedures: who gets involved when standard support can’t solve your problem, and how quickly?
Penalties and Service Credits
This is where contracts separate providers who stand behind their work from those who just want your monthly check. Penalties and service credits create accountability when your MSP fails to deliver.
What to Look For
Automatic service credits should apply whenever SLA targets are missed, without requiring you to file a claim or prove damages. The credit amount should be meaningful. A 5% credit for a day of downtime that cost you thousands in lost productivity is insulting, not compensatory.
Credit caps and limitations often undermine the entire SLA. Many contracts limit total service credits to 10% or 20% of your monthly fee, regardless of how badly the MSP performs. If they have a catastrophic month, the most you’ll receive is a small discount on your bill.
Performance tracking and reporting should be your MSP’s responsibility, not yours. Look for commitments to provide regular SLA performance reports. If they’re not tracking their own performance, they’re probably not hitting their targets.
Questions to Ask
- Do service credits apply automatically, or must we request them?
- What’s the maximum credit we can receive in any given month?
- How do you track and report on SLA performance?
- Are credits applied to our next invoice or refunded?
Red Flag Language
“Service credits constitute your sole and exclusive remedy” means that no matter how much damage downtime causes your business, all you’ll ever receive is a small credit. This language protects the MSP from any meaningful consequences for poor performance.
Termination Clauses and Exit Strategy
Every business relationship eventually ends. When yours does, you need to know exactly what it takes to walk away and what happens to your data and systems when you leave.
What to Look For
Termination notice periods vary dramatically. Some contracts require 30 days notice; others demand 90 or even 180 days. During this period, you’re typically still paying full price, even if you’ve already hired a replacement provider.
Early termination fees can be substantial. Some MSPs charge the remaining balance of your contract term; others charge a flat penalty. Either way, these fees can make leaving an underperforming provider prohibitively expensive.
Data ownership and transition assistance deserve careful attention. Your data is your data, but some contracts make it difficult or expensive to retrieve. Look for clear language about data export formats, transition support, and the timeline for returning your information.
Questions to Ask
- What’s the required notice period for termination?
- Are there any fees for early termination, and how are they calculated?
- What assistance do you provide during transition to a new provider?
- How and when will our data be returned to us?
Red Flag Language
“Termination for convenience” clauses that only benefit the MSP should concern you. If they can cancel your contract with 30 days notice but you need 90 days, the relationship isn’t balanced. Similarly, watch for language requiring you to pay for transition assistance that should be included.
Auto-Renewal and Contract Duration
Auto-renewal clauses catch more businesses off guard than any other contract provision. One missed deadline can lock you into another year with a provider you wanted to leave.
“Contract will automatically renew for successive one-year terms” combined with short notice windows creates a trap. Most contracts require written opt-out notice 30 to 60 days before expiration. Miss that window, and you’re committed for another full term at whatever rate they’ve set. Check whether email counts as valid notice or whether the contract requires certified mail — and then put the deadline on your calendar the day you sign.
Rate increase provisions often accompany renewals. Some contracts allow unlimited annual increases; others cap them at a percentage. Know what you’re agreeing to pay in year two and beyond before you sign year one.
Liability Limits and Indemnification
This section determines who pays when something goes seriously wrong. Liability limits protect your MSP from the full consequences of their failures, sometimes to an unreasonable degree.
What to Look For
Damage caps typically limit the MSP’s liability to the fees you’ve paid over some period, often just 12 months. If a security breach they could have prevented costs you $500,000 in damages, but your annual contract is only $60,000, that’s all you can recover.
Consequential damages exclusions prevent you from recovering indirect losses like lost profits, lost customers, or damage to your reputation. These are often your most significant losses in a serious IT failure.
Indemnification clauses should be mutual. If your MSP wants protection from claims arising from their services, they should also protect you from claims arising from their negligence.
Questions to Ask
- What’s the maximum liability you accept under this contract?
- Are there any circumstances where those limits don’t apply?
- Do indemnification obligations run both ways?
- How does cyber insurance factor into our arrangement?
Red Flag Language
“In no event shall Provider be liable for any indirect, incidental, special, or consequential damages” essentially means your MSP is only responsible for their invoice, not the real-world impact of their failures. Combined with a low damage cap, this language leaves you exposed.
What Happens If You Don’t Review It
Your MSP contract isn’t just a formality. It’s the foundation of your IT support relationship. A well-written agreement protects your business, creates accountability, and ensures you receive the services you’re paying for. A poorly written one protects your MSP at your expense.
Take time to review your current agreement against the criteria in this guide. Highlight anything that concerns you. Make a list of questions for your provider. And if you find vague language, one-sided terms, or missing accountability measures, don’t be afraid to negotiate. A provider confident in their service delivery will have no problem putting their commitments in writing.
At Mr. Fix IT Geeks, we’ve reviewed hundreds of MSP contracts for businesses across every industry. What we consistently find is troubling: vague language that benefits the provider, missing accountability measures, and fine print that makes it nearly impossible to hold anyone responsible when things go wrong. If reviewing contracts isn’t your idea of a good time, or if you want an expert eye on whether your agreement actually protects your interests, we’re here to help — we specialize in MSP contract audits and can identify the gaps, risks, and negotiation opportunities that most business owners miss.
Ready to find out what your MSP contract is really saying? Schedule a free consultation with our team. We’ll review your agreement, explain what we find in plain English, and help you understand exactly what you’re paying for and what you should be getting in return.