
A structured MSP agreement is an operational control, not a legal formality. Whether you call it an MSP agreement or a managed services agreement, the document defends gross margin by standardizing scope, security, and pricing across every account you sign in 2026.
Legal Disclaimer: The sample clauses in this guide are illustrative examples for educational purposes only. They are NOT legal advice and do NOT create an attorney-client relationship. Contract enforceability depends on your jurisdiction, client type, and specific circumstances. Always have a qualified attorney review and adapt any agreement language before using it with clients.
It defends gross margin and stops churn by standardizing scope, security, and pricing. This guide provides clause-level blocks to adapt with counsel, plus a packaging map to align service tiers. This is informational only, not legal advice. All sample clauses are illustrative. They are NOT a substitute for advice from a qualified attorney. Have a licensed lawyer review and adapt any language to your jurisdiction and circumstances before using it.
Start by locking scope to what you can actually deliver at each package.
Key Takeaways
- A managed services agreement is an operational control, not a legal formality. It defends gross margin by standardizing scope, security, and pricing.
- Vague scope is the root cause of margin leakage: every package must reference a Schedule of Services that defines inclusions, exclusions, and supported environments.
- Mandate a security baseline in every contract. Clients who refuse MFA and patching requirements represent your highest liability and churn risks.
- Cap total liability to recurring fees paid in the prior 6 to 12 months and require clients to carry active cyber insurance.
- Auto-renewing 12-month terms with 60-day notice windows and a formal suspension ladder protect cash flow and recover onboarding costs.
A managed services agreement (MSA) is a contract that defines the scope, pricing, SLAs, security baseline, and liability limits for an ongoing IT support relationship between an MSP and its clients.
1. Standardize Scope to Prevent Margin Leakage
Vague scope is the root cause of service disputes, margin leakage, and client churn. Your managed services agreement must define deliverables through operational reality, not sales brochure promises that delivery teams cannot meet.
Define your offering via a Schedule of Services incorporated by reference. This schedule details inclusions, exclusions, dependencies, and supported environments, controlling if conflicts with sales proposals arise. Every package should reference this section, customized only by package-specific addenda. Run a quarterly review to keep these services aligned with reality.
```text
Scope of Services. Services are limited to the Schedule of Services (the "Schedule") incorporated by reference. The Schedule controls over sales materials. MSP may update the Schedule with 30 days' notice. Material reductions trigger a customer termination right; otherwise, continued use constitutes acceptance.
```

Managed Services Agreement vs SLA vs SOW: What Each Document Controls
Most MSP owners collapse three separate documents into one, and that is where scope disputes start. A managed services agreement, a Service Level Agreement, and a Statement of Work each govern a different layer of the relationship. Keep them distinct so a single ambiguous line does not undercut your margin.
- Managed Services Agreement (MSA): the master contract. It sets the commercial and legal terms that govern the whole relationship: liability caps, payment mechanics, the security baseline, renewal and termination, and the Schedule of Services that everything else references. Sign this once per client.
- Service Level Agreement (SLA): the performance layer inside or attached to the MSA. It defines response and resolution targets by severity, coverage hours per tier, what starts and pauses the clock, and the service-credit remedy when a target slips. It answers how fast, not what is included.
- Statement of Work (SOW): the project layer. Every out-of-scope engagement, a server migration, an office move, a security assessment, gets its own signed SOW with fixed deliverables, timeline, and price. The SOW is where transformation work lives so it never leaks into your recurring fee.
Vendors like NinjaOne and Kaseya publish MSA templates, but a template only protects you when these three layers stay separated. When a client asks for something the MSA does not list, the answer is a new SOW, not a favor. Treat the MSA as the constitution, the SLA as the operating standard, and the SOW as the exception process.
2. Draw Hard Lines Between Remote Support and Projects
Vague remote support definitions in your managed services contract kill gross margins. When clients expect migrations under a flat fee, engineering capacity collapses and write-offs pile up. Clear boundaries protect your capacity.
In-Scope (Steady-State):
- Per-user remote helpdesk troubleshooting
- Workstation OS patching and updates
- Basic firewall rule modifications
- Antivirus and backup status monitoring
- Standard onboarding and offboarding
Out-of-Scope (Projects):
- Physical office moves and site buildouts
- Post-merger infrastructure integrations
- Server migrations to cloud hosts
- Major application upgrades
- Custom scripting and database development
The "No Implied Projects" Rule: Recurring fees cover steady-state maintenance, not transformations.
```text
Out-of-Scope Work: Services not explicitly listed require a signed Statement of Work (SOW). Urgent out-of-scope work is billed at standard emergency rates ($250/hr).
```
3. Operationalize Out-of-Scope Work to Capture Extra Margin
Unapproved quick fixes trigger billing disputes and erode margins. To protect your gross-profit payback, the managed IT agreement must define authorized contacts and channels like ticket portals or purchase orders. Reference your rate card to handle after-hours multipliers, emergency responses, and onsite minimums, turning out-of-scope requests into predictable revenue.
```text
Authorization of Extra Work. MSP has no obligation to perform out-of-scope work without approval from an Authorized Contact. Time is billed in 15-minute increments. Estimates are non-binding unless included in a signed Statement of Work.
```
Link these rules to your packaging. For tiers with included hours, specify how overages bill automatically. This stops your delivery team from improvising margin-destroying exceptions.
4. Protect Your Margins with a Defensible Price Adjustment Clause
To prevent margin erosion and avoid the trap of locked-in rates, your managed services agreement must include simple, enforceable pricing terms.
Ensure your agreement outlines two key mechanisms:
- An annual adjustment capped at 5% or CPI, applied on the anniversary with 60 days' notice.
- A pass-through provision to adjust for material vendor cost increases.
```text
Price Adjustments. MSP may increase fees annually by up to 5% or CPI change, upon 60 days’ notice. If Client rejects the increase, they may terminate at renewal. Vendor licensing increases pass through directly with 30 days’ notice.
```
Caps and clear notice windows protect retention by avoiding surprise hikes. Use this clause alongside our defensible pricing and visibility system to secure your margins.
5. Mandate a Security Baseline to Eliminate Toxic Liability
Clients who refuse critical cybersecurity controls represent your highest liability and churn risks. A modern managed IT contract must treat cybersecurity as a strict contractual requirement, not a negotiable upsell.
Every agreement must mandate a minimum security baseline:
- Multi-factor authentication (MFA) and strict admin access rules
- Patched operating systems and immutable backups
- Standardized incident notification obligations
If a client declines these terms, they must sign a formal waiver, or face scope limitations and contract termination.
```text
Security Baseline and Waiver. Client must maintain MSP's minimum security baseline. Refusal may significantly limit MSP liability for related incidents (subject to applicable law), reduces service obligations, and may constitute grounds for termination. Review enforceability with your attorney. Outcomes vary by jurisdiction.
```
This baseline protects your delivery capacity and makes premium, security-first packages commercially credible.
6. Limit Liability to Secure Your Balance Sheet
A managed services agreement is not an insurance policy, and aggressive liability posturing only stalls deals. Protect your business by capping total liability to fees paid in the prior 6 to 12 months. Explicitly exclude consequential damages like lost profits and business interruption, alongside third-party criminal acts. Note that this sample is not legal advice.
```text
Limitation of Liability. MSP’s total liability is capped at recurring fees paid by Client in the 12 months preceding the event. Neither party is liable for indirect, consequential, or business interruption damages. This cap excludes damages from MSP’s willful misconduct or third-party criminal acts.
```
Pair this cap with a customer requirement to maintain active cyber insurance. Your role is system recovery, not underwriting their operational downtime.
7. Align Your SLAs with Packaging and Enforceability
An unmeasurable SLA destroys your margins. Your MSP agreement must define what starts the clock, what pauses it, and how response times map to your packaging tiers.
Map your delivery capabilities directly to a three-tier model:
- Core: Next business day response, 8x5 coverage.
- Plus: 4-hour high-severity response, 8x5 coverage.
- Secure: 1-hour critical response, 24x7 coverage.
The SLA clock must only start upon receipt of a valid ticket. It must pause while waiting on client response, vendor action, or credential access.
```text
SLA targets vary by package tier. Remedies are limited to service credits capped at 10% of the monthly fee. The clock begins upon receipt of a valid ticket and pauses while awaiting Client response, vendor action, or administrative access.
```
8. Define Clear Renewal, Termination, and Suspension Mechanics
An operational managed services agreement protects your delivery margins and cash flow. To recover onboarding costs, align your minimum contract term with your upfront setup expenses. Lock in accounts using auto-renewing 12-month terms with a 60-day notice window.
Set a clear enforcement ladder for non-payment. Mandate payment on undisputed invoice portions, and establish a strict notice, cure, and suspension sequence.
```text
Term & Suspension. This Agreement auto-renews for 12-month terms unless written notice is given 60 days before term end. MSP may suspend services on 5 days' notice if undisputed fees remain unpaid 15 days past due. Re-onboarding requires a $500 fee. MSP may suspend services with reasonable notice upon detecting a security compromise. Review the scope of any suspension right with counsel, as enforceability varies by jurisdiction.
```
Managed Services Agreement Checklist: Clauses Every Contract Needs
Before you send a managed services agreement to a client, run it against this checklist. These are the clauses that decide whether the contract defends your margin or leaks it. There is no download to grab here: the value is in adapting each line with your attorney to your own tiers and jurisdiction.
- Schedule of Services: inclusions, exclusions, dependencies, and supported environments, incorporated by reference and controlling over sales materials.
- Out-of-scope authorization: named Authorized Contacts, ticket-or-PO channels, and a rate card for after-hours, emergency, and onsite work.
- Price adjustment: an annual cap tied to a percentage or CPI with notice, plus a vendor pass-through provision.
- Security baseline: MFA, patched systems, immutable backups, and incident notification, with a signed waiver when a client declines.
- Limitation of liability: a cap tied to recent recurring fees, exclusion of consequential damages, and a client cyber-insurance requirement.
- SLA mechanics: response targets mapped to tiers, clear clock start and pause conditions, and capped service-credit remedies.
- Renewal and termination: auto-renewing 12-month terms, a 60-day notice window, and a notice-cure-suspension ladder for non-payment.
- Offboarding: documented credential handover, separated from billable transition work, conditioned on paid invoices where enforceable.
Work top to bottom. A gap in any one of these is a margin leak waiting to happen.
How to Design a Service Plan for Your Managed IT Company
Service packages fail when sales, operations, and the contract describe three different services. Align your delivery with your managed IT agreement using this six-step execution workflow.
How Do I Inventory Services and Group My Packaging Tiers?
- Step 1: Inventory what you actually do today. Create a complete service catalog by documenting every task your engineering team performs. Exclude any task you cannot track inside your PSA ticketing system.
- Step 2: Group services into three defined tiers. Categorize deliverables into Core, Plus, and Secure packages based on cost-to-serve and client risk profiles.
What Inclusions and SLA Rules Must Each Tier Contain?
- Step 3: Define SLAs, coverage hours, and exclusions. Detail specific response thresholds and explicit out-of-scope limitations for each tier to prevent scope creep.
- Step 4: Map tiers to the schedule of services. Insert these standard packages directly into your contract as fixed templates. Append package addenda and reject custom, one-off arrangements.
How Do I Align Sales Quoting Rules with Contract Terms?
- Step 5: Build matching quoting rules. Force your sales cycle to reflect your contract clauses regarding authorized contacts, change control, and the formal project scoping process.
- Step 6: Set a quarterly review cadence. Schedule recurring operational audits to adjust pricing for vendor cost increases and to update your cybersecurity baseline.
If you want your packaging and managed services agreement to support pipeline growth, visibility, and price integrity, book a diagnostic session with NUOPTIMA.