A managed IT contract is a legal agreement that controls your technology for the next 12 to 36 months. Most small business owners spend less than 20 minutes reading it before they sign. We know this because we used to audit those contracts for a living.

The proposals look professional. The sales calls go well. The pricing seems fair. Then six months in, you get an invoice for $1,200 in “project fees” for something you thought was included. Or you try to cancel and discover there’s a 90-day notice requirement you missed. Or your server goes down and you find out your SLA only guarantees a response in 8 business hours, not 8 hours.

This is a checklist of what to look for, what to question, and what to insist on before you sign a managed IT agreement. It comes from years of sitting across the table from business owners who signed contracts that didn’t protect them.

The Service Level Agreement (SLA)

The SLA is the most important section of your contract. It defines what the provider promises to do and how fast they promise to do it. Everything else in the agreement is secondary to this.

Response Time vs. Resolution Time

These are two different things and most providers only commit to one.

Response time is how long it takes the provider to acknowledge your request. If the SLA says “4-hour response time,” that means someone will reply to your ticket within 4 hours. It does not mean your problem will be fixed in 4 hours. Resolution time is how long it takes to actually solve the problem. Very few MSP contracts guarantee resolution times because some issues take days to fix. That’s understandable. But the contract should at least define escalation procedures: what happens if a ticket isn’t resolved in 24 hours? 48 hours? A week?

A managed IT service level agreement should clearly distinguish between response time and resolution time and should define both. Response time is how quickly the provider acknowledges your support request. Resolution time is how quickly the problem is actually fixed. Most contracts only commit to response times because resolution depends on the complexity of the issue. That is reasonable, but the contract should still define what happens when a problem is not resolved within a specified window. Look for escalation procedures that describe how issues move from frontline support to senior engineers, what the timeline is for that escalation, and whether you are notified when it happens. If the SLA only contains a response time guarantee and says nothing about escalation, resolution targets, or what happens when they miss their own deadlines, the agreement is incomplete.

Priority Levels

Most SLAs define priority levels. Something like:

  • Critical: Entire office down. Response within 1 hour.
  • High: Multiple users affected. Response within 2 hours.
  • Medium: Single user affected, can still work. Response within 4 hours.
  • Low: Minor request, no impact. Response within 8 hours.

Who decides the priority? If the provider assigns priority levels, they control how fast they respond. If you can set the priority, you have more control. The best setup is a clear definition for each level so neither side is guessing.

Business Hours vs. Clock Hours

A “4-hour response time” means something very different depending on whether it’s measured in business hours or clock hours. If you submit a ticket at 4 PM on Friday and the SLA measures business hours (9 AM to 5 PM, Monday to Friday), the provider has until 12 PM Monday to respond. That’s technically 4 business hours. But it’s 68 real hours.

Ask: does the response time clock run 24/7, or only during business hours? What happens to tickets submitted on weekends or holidays?

Scope of Services

The contract should contain a clear list of everything that’s included in your monthly fee. Not a vague paragraph. A list.

What Should Always Be Included

  • 24/7 monitoring of all managed devices
  • Operating system patching (at least monthly)
  • Third-party application patching
  • Antivirus or endpoint security management
  • Backup management (if your plan includes backup)
  • Helpdesk support for day-to-day issues
  • New user setup (adding a new employee to your systems)
  • Basic network troubleshooting
  • Monthly or quarterly reporting

What’s Often Excluded (and Shouldn’t Be a Surprise)

  • Server migrations
  • Office moves involving network reconfiguration
  • New hardware deployment beyond simple workstation setup
  • Major software platform migrations (e.g., switching email providers)
  • Compliance audits and documentation for specific regulations

Exclusions are normal. Every contract has them. The problem is when exclusions are vague or when the line between “included support” and “billable project” is left to the provider’s judgment. If the contract says “standard support requests are included” without defining what “standard” means, that’s a clause the provider will use to bill you for anything inconvenient.

Scope Creep and the “Billable Project” Trap

Scope creep in managed IT contracts happens when work that should be part of ongoing maintenance gets reclassified as a billable project. The provider’s sales team told you everything was included. The contract’s fine print says otherwise. You find out the difference when you get an invoice for work you thought was covered.

The most common scope creep issues in managed IT contracts involve the boundary between included support and billable projects. Setting up a new employee’s workstation, installing approved software, configuring a new printer, and replacing a failed hard drive are tasks that many business owners assume fall under their monthly agreement. But contracts with vague scope definitions allow the provider to classify these as projects and bill separately. The fix is straightforward: the contract should include a specific list of tasks that are always covered by the monthly fee, a specific list of tasks that are always billed separately, and a clear process for determining which category a new type of request falls into. If the contract doesn’t have these lists, ask for them before you sign. If the provider can’t or won’t provide them, consider that a warning sign about how they operate once the contract is active.

Gray Area Tasks

These are the tasks that cause the most billing disputes:

  • Setting up a new employee’s computer, email, and access
  • Replacing a failed hard drive or component
  • Installing new business software on existing machines
  • Configuring a new printer or scanner
  • Troubleshooting a persistent software issue
  • Setting up a VPN for a remote worker

For each of these, your contract should say whether it’s included or billable. If it’s silent, ask before you sign.

Per-Incident Fees

Some contracts include a monthly fee plus per-incident charges for certain types of support. This is not inherently bad, but you need to know exactly what triggers a per-incident fee.

Common per-incident charges:

  • On-site visits: $150–$300 per visit
  • After-hours emergency support: $200–$500 per incident
  • Server-related issues: $150–$400 per incident
  • Hardware installation: $100–$250 per device

If the contract includes per-incident fees, ask for a 12-month estimate based on typical usage for a business your size. A good provider will be able to give you a realistic range. If they can’t or won’t, the per-incident model is probably a significant part of their revenue and your eventual bill.

Termination Clauses

How you get out of the contract matters as much as what’s in it.

Notice Period

Most contracts require 30 to 90 days written notice before cancellation. Some require notice only at specific points (e.g., 90 days before the annual renewal date). If you miss the window, the contract auto-renews for another year.

Early Termination Fees

If you want to leave before the contract term ends, expect to pay. Common early termination fees:

  • Remaining months’ fees at full rate
  • A percentage of remaining contract value (typically 50–75%)
  • A flat early termination fee ($1,000–$5,000)

Read this section carefully. Some contracts make it financially impossible to leave even if the service is terrible.

Data and Access After Termination

When the contract ends, what happens to your data, your passwords, your documentation, and your tool access? The contract should specify:

  • How long the provider retains your data after termination
  • Whether you get all passwords and credentials back
  • Whether network documentation is provided to you or your next provider
  • Who owns the backup data and how it’s transferred
  • Whether there’s a transition assistance period and what it costs

Transition assistance is a big one. If the provider will not hand over documentation and credentials within a reasonable window after termination, they are using your data as a retention tool. We have audited contracts where the outgoing provider held passwords and network diagrams hostage for weeks during a transition, causing extended downtime for the client. Your contract should guarantee a complete handoff within a specific number of business days after termination, with all credentials, documentation, and backup data transferred to you or your designated successor provider. If the contract does not address data ownership and transition procedures, add it before you sign. This is not a minor detail. It determines whether you can leave cleanly or whether switching providers becomes a crisis.

Auto-Renewal Terms

Most managed IT contracts auto-renew. This is industry standard and not necessarily a problem. But the terms of auto-renewal matter:

  • When does the renewal window open? (Usually 60–90 days before the end of the current term.)
  • How much notice must you give to cancel? (Usually 30–90 days.)
  • Can the provider increase prices at renewal? (Often yes, sometimes without limit.)
  • Are you notified before auto-renewal, or does it happen silently?

The worst auto-renewal clauses we’ve seen in audits are the ones that auto-renew for a full additional year with a 90-day notice requirement, and the provider can increase the rate by up to 10% without negotiation. If you miss the notice window by a day, you’re locked in for another 12 months at a higher price.

Set a calendar reminder 120 days before your renewal date. That gives you time to evaluate, shop around, and give notice if needed.

Insurance and Liability

Your IT provider has access to your network, your data, and your business-critical systems. If they make a mistake that causes data loss, a security breach, or extended downtime, who pays?

What to Look For

  • Errors and omissions (E&O) insurance: Covers the provider for mistakes in their professional services.
  • Cyber liability insurance: Covers costs related to data breaches.
  • Liability caps: Most contracts cap the provider’s liability at the total fees you’ve paid in the previous 12 months. This means if you pay $12,000/year and a provider error causes $100,000 in losses, their liability is limited to $12,000.

You can’t always negotiate the liability cap, but you should know it exists. And you should verify the provider carries current E&O and cyber liability policies.

Reporting and Accountability

If your provider is doing their job, they should be able to prove it. The contract should specify what reports you receive and how often.

Minimum Reporting

  • Monthly summary of all support tickets (opened, resolved, outstanding)
  • Patch compliance report (what percentage of devices are current)
  • Security events and resolutions
  • Backup status (successful, failed, untested)
  • Device inventory and health status

If the contract doesn’t mention reporting, ask for it in writing. A provider who resists reporting is a provider who doesn’t want you looking too closely at their work.

Your Pre-Signature Checklist

Before you sign any managed IT contract, confirm the following:

  • Response time SLAs are defined in clock hours, not just business hours
  • Priority levels are clearly defined with specific response times for each
  • Escalation procedures exist for unresolved issues
  • The scope of included services is a specific list, not a vague paragraph
  • Excluded services are listed and the “included vs. billable” line is clear
  • Per-incident fees, if any, are defined with specific triggers and rates
  • Termination requires reasonable notice (30–60 days, not 90+)
  • Early termination fees are capped and clearly stated
  • Data ownership and transition assistance are addressed
  • Auto-renewal terms include advance notification and a reasonable rate increase cap
  • The provider carries current E&O and cyber liability insurance
  • Monthly or quarterly reporting is specified with a defined report format
  • The contract has been reviewed by someone other than the person who sold you the deal

That last point matters. The sales rep’s job is to close the deal. The contract’s job is to protect both sides. Have someone who wasn’t in the sales meeting read the full agreement. If you don’t have an attorney who reviews vendor contracts, at minimum have your accountant or office manager read it with fresh eyes.

Frequently Asked Questions

What is the most important section of a managed IT contract?

The service level agreement (SLA) section. It defines response times, priority levels, escalation procedures, and what happens when the provider fails to meet their own commitments. Everything else in the contract describes what you’re buying. The SLA describes the standard you’re buying it at. A contract with a great service list and a weak SLA will disappoint you. Focus on how the SLA measures response time, whether it uses business hours or clock hours, and whether there are escalation procedures for issues that aren’t resolved quickly.

What should always be included in a managed IT services contract?

At minimum, the contract should include 24/7 monitoring of all managed devices, operating system and application patching, antivirus or endpoint security management, helpdesk support for day-to-day issues, new user setup, basic network troubleshooting, and regular reporting. If backup is part of your plan, the contract should specify backup frequency, retention periods, and how often restores are tested. Any service the provider mentioned during the sales process should appear in the written agreement. If it was promised verbally but is not in the contract, it does not exist.

How much notice should I have to give to cancel a managed IT contract?

Thirty to sixty days is reasonable. Ninety days or more is aggressive and limits your ability to switch providers quickly if the service is poor. Also check whether notice must be given during a specific window before the renewal date, or whether you can give notice at any time. Contracts that only allow cancellation during a narrow window and auto-renew for another full year if you miss it are designed to retain customers, not serve them. If you can negotiate this clause before signing, push for 30-day notice with the ability to cancel at any time after the initial term.

What happens to my data if I cancel my managed IT contract?

The contract should specify this explicitly. At termination, you should receive all passwords and credentials, all network documentation, all backup data or a clear transition plan for transferring it, and a defined period of transition assistance. If the contract is silent on data ownership and transition, add it before you sign. Some providers use data and credential retention as a way to prevent clients from leaving, which creates real business risk for you if the relationship deteriorates and you need to switch providers quickly.

Should I have a lawyer review my managed IT contract?

If you can, yes. But at minimum, have someone who was not in the sales meeting read the entire agreement. The sales presentation and the contract often describe different things. A fresh set of eyes will catch discrepancies between what was promised verbally and what is written in the agreement. Pay particular attention to scope exclusions, per-incident fee triggers, termination clauses, auto-renewal terms, and liability caps. These are the sections where small businesses most commonly get surprised.

Share: