By Yuval Shavit, Features Writer
Our Channel Explained series provides targeted articles that flesh out detail on channel terminology but avoid information overload. This week we examine the question, What is a managed services contract?
A managed services contract is a service level agreement (SLA) between a managed services provider (MSP) and its client that outlines both parties' responsibilities, including which services the MSP will provide, minimum response time and liability protection for the MSP. The contract also specifies the payment structure. Many MSPs, although not all, offer their services on a flat-fee basis, charging a flat fee per month for each desktop or server, for example.
Many MSPs start off as value-added resellers (VARs) and do not need a managed services contract as part of that arrangement. If a product or service does require an SLA, or any other kind of contract, it's often between the client and vendor, with the VAR acting as a broker between them. With the managed services model, however, the channel is taking more direct responsibility for the customer's systems, since MSPs are hired to monitor and proactively fix the network themselves.
Another clause commonly included in a managed services contract is one that limits the MSP's liabilities to the cost of its services. This protects the MSP from expensive lawsuits in case the client's system does go down and can't be repaired within the parameters set by the contract. The MSP can be sued for the amount it charged the client, but not for any other expenses the client may have incurred due to the outage.
If an MSP hires subcontractors for any of its services, the managed services contract should also state what client information can be passed to them. Although every business is careful about protecting important information, some clients may be legally required to ensure data they store is kept safe. For instance, medical offices are required by HIPAA to protect patient information, and any business that handles credit cards electronically needs to abide by PCI-DSS.
This was first published in March 2008