Best Practices ForIT Managed Service Agreements

From someone who has been there, done that  ... (and assuming you are just starting up) ... this is only my opinion after reviewing your website, so please don't take *any* of this personal ...

If you are a single person business and listing all of those services ... unless you have significant depth in all of the services listed, I would look at the list you have:
1. IT Managed Service
2. Real time system monitoring
3. Web Development & Design
4. Remote Desktop Support
5. Backups and Disaster Recovery
6. Security Auditing

... and choose one to three areas for focus. You don't want to focus on too much or  you will potentially fail at all. Not because you personally don't know how, but because you will be spread too thin and won't be able to realistically keep up ... you will eventually wear out and burn out. Not knowing you and reading between the lines, my list for you would be:
4. Remote Desktop Support - Necessary / requirement for anything you do. Pick a tool that works and go! ConnectWise Control seems to be a good product (I knew of it when it was called ScreenConnect)
1-2. IT Managed Service and Real time system monitoring - I see this as one offering. Decide on your target (i.e. Windows only, include Apple, include AS/400's, printers, etcetera) then decide on the MSP software (N-able by SolarWinds, etcetera).
3. Backups and Disaster Recovery - Look at your decision for an MSP software and keeping in mind what it can monitor *VERY WELL*, decide on a software (or two) and remember virtualization and disk-to-disk / cloud backups are the future. Personally, I would look at Veeam and someone like Barracuda (who offers Intronis along with some other options like appliances, etcetera)

*** Once you decide on an MSP software, start small and add features, bill per device and *ALWAYS, ALWAYS*, as addendums to the signed contract, show samples of what they will receive, when they will receive it and how much it costs. DO NOT offer everything then think you will figure out how to deliver it. Deliver the basics, develop the deliverables, incorporate them (and their frequency) into the contract(s) and grow from there. This will set expectation and give the customer reassurance you know what you can do. DO NOT use glossies / samples from the MSP software's manual. Do it yourself, so you understand what you can do, how long and what it takes and what is a fair price based on reality.

I would drop (but grow into):
3. Web Development & Design
If this is something you love then choose this first then grow into the ones above. However, successful web designers *used to be gearheads*. Now they are business-savvy designers who are after look, feel and features but contract to good gearheads to get it done right.
6. Security Auditing
Personally, I would drop Security Auditing because it can be a liability. Unless this is your biggest area of expertise, it can become a huge liability because they will perceive "fully secure" and potentially sue if something happens. You could do it but be ready for the liability side of it to become reality. If you are simply going to give a disclaimer of "best effort" and this isn't a "certified security audit"" then draw up your contract and your sign-off documents, let legal review and go for it.

With regard to *any* contract, always have legal review anything you write (yes, it costs but it will cost more if you don't and something is wrong).

Finally, I cannot stress enough, for you, your sanity, family and future employees' sakes, start small, prove yourself to the community and justify growth. Anything else will typically lead to failure in at least one of these areas if not more.

(I hope this helps ... based on my experience)

With regard to labor, do you want to go hourly on support or "buffet-style" / all-you-can-eat? What about on-call? Are you wanting that to be unavailable, included or available for a fee?

My colleague and I (separate businesses) have been doing this for a long time (me: 15 years, he: 10 years).  I focus now mainly on accounting support, whereas he focuses on technology support. I did technology support for about 10 years.


We do 1, 4 and 5 in the list above. including workstation purchasing, setup, and support, server purchasing and support. We usually get server experts to install server operating systems. We monitor backups, server systems, patch management, Anti Virus support, and support calls  (we get a LOT of these).  We also provide LAN, VPN and remote access support, but we use a consultant to set up IPsec VPN.

We do not do 3. in the list. Web development and hosting is a separate skill.
We contract out security auditing for the reasons provided above.

We have clients from several workstations and a server to 60 or so workstations and a couple of servers.

We do not work flat rate - we bill hourly. This is more fair to everyone, and there is never a shortage of work.

To do this work, you need to be capable, fairly intelligent, work hard, have high quality of work (few errors), be good with all kinds of people (your client is often not good with computers but very good at their business work). You need to be honest and have a very high work and business ethic. References are often word of mouth.

We work in our client premises for the most part as much of our work requires people contact. Remote support is a good skill for work that can be done that way.

I hope this helps.

There's a mailing list you should probably join - SMB Managed Services:
https://groups.yahoo.com/neo/groups/SMBManagedServices/info

Been on it for years and can provide a lot of good information.

SOCIALIZE.  I don't know what IT support services are like in your location, but in NYC, we have a group of IT consultants that meet monthly and discuss business, technology, and present to each other on the tools we use and like.

I don't know what the laws are like in your area, but I agree with the comment on IT Security.  Drop it.  Unless you're a CISSP or have other security credentials.  If you want, consider advertising security services with a disclaimer... or indicate that you provide BASIC security reviews/analysis intended to better prepare you for a full security review by an IT security firm.

DO MAKE SURE you have appropriate insurance - Errors and Omissions and Liability.

I prefer to bill flat rate - it's usually an easier sell.  Clients know what the bill will be each month.  You are incentivized to provide the client with a SOLID, RELIABLE network (If you do, you can do a minimal amount of work and make a LOT per hour while the client has minimal technology disruptions meaning they can focus on their work).  You're doing preventative work so little things don't become emergencies and big things.  Billing hourly (for new clients, especially for the paranoid ones) is a trust issue.  "How do I know I really have a problem or are you just trying to bill me because you're having a slow month?"

That doesn't mean all work is covered in a flat rate.  My flat agreements spell out what's covered and what's not.  And MOST clients don't abuse things.  Those that do, get a big rate increase in 6 months or I drop them.  For example, I'll replace one PC a month at no additional charge.  You want to refresh all the PCs for the business, then it's a project and separate project fee is required.  But maintenance, Fixing malware, the failed hard drive, etc, is all covered.  And RARELY needed.

The flat rate provides me with a stable income and the client with a budgetable expense while incentivizing me (not that I need it, but it's technically true) to keep their systems running smoothly with preventative maintenance.

These are all great replies and great advise from you all. I have taken down the security page btw. You're all correct, I don't need the burden of liability it carries by default. I appreciate you all advising on that. I do a fare bit of web design so I would hate to remove that.

Please feel free to give me any new starter tips that might help. Your help is greatly appreciated. I want to be able to provide for my family and live a happy life by working for myself and so your assistance means the world to me.

Please let me know what you think of the website rates. For anyone who does web design.

Some points to consider

1. Known your customer's computing needs, goals, and various levels for each service.
2. Plan and build the proper infrastructure (logging, testing,... Etc.).
3. Provide solutions not blockages.
4. Follow good security policies.
5. Run QOS (Quality of Service) for different use cases.
6. Services and SLAs include: notified and escalations, compliance Monitoring, vulnerability assessments etc.
7. Establish a robust ticketing process.


    https://www.alienvault.com/forms/ebook-thank-you/how-to-build-a-security-operations-center-on-a-budget
    https://arcticwolf.com/
    https://securityintelligence.com/best-practices-for-designing-a-security-operations-center/

Thanks so much Madunix. I really appreciate the advise and I will definitely consider everything you mentioned. I appreciate the links too.

This is all very helpful.

Check this document, to see how customer evaluates MSP
http://www.visionsolutions.com/docs/default-source/white-papers/wp_managed-services_171003_e.pdf
http://www.visionsolutions.com/Resources/Resource/Details/the-managed-service-provider-an-invaluable-ally-in-the-quest-to-improve-resilience

• How MSPs differ from outsourced services
• Factors to consider when choosing an MSP
• Weighing your options for the right MSP
• Maintaining a productive relationship with your MSP