THE HANDSHAKE may seal the deal, but the master service agreement (MSA) defines the relationship between you and your new client. Before signing your next customer, make sure your MSA and accompanying service level agreement (SLA) are complete, error-free, and limit your liability while providing flexibility to grow the customer partnership as technology changes.
“Your MSA has one purpose,” says Marc Bodner, COO of Cohere Cypher, a New York-based security and IT management firm focused on financial services and other regulated industries. “It provides a framework for a fair and equitable working relationship for a long-term partnership.” The fair part is important to Bodner.
“In football, the rules are the same for home and visiting teams, and the MSA is the referee that applies them,” he explains. Just like a referee’s call, the MSA is nonnegotiable for Bodner, and is stored on Cohere Cypher’s website for access by the customer. Every other agreement, such as the SLA, statement of work, or change request falls under the MSA.
Bradley Gross, a former programmer and principal of the business technology law firm Bradley Gross PA, believes an MSA’s primary purpose is to protect the service provider. “It must limit the service provider’s liabilities,” he says. At the same time, “it must also educate the customer about certain situational realities inherent in the managed IT service industry and discuss how those realities will be handled.”
What to Include in Your MSA
Standard areas of responsibility contained in virtually all business agreements must be spelled out in your MSA, Gross explains. Examples include:
- How services will be agreed upon to prevent misunderstandings
- How scope creep will be managed
- How payment-related matters will be handled
- When and how services can begin and end
- How disputes will be addressed
“The MSA should address everything from payment terms, ownership of intellectual rights, nondisclosure arrangements and renewal intervals, termination provisions, and even specifying a fee if the client hires one of your employees,” says Thomas Fafinski, co-founder of Virtus Law, which has a large MSP client base.
Rob Scott, managing partner and chief disruption officer of tech law firm Scott & Scott LLP, says his firm’s MSAs, offered as a service to MSPs for a monthly subscription, include a data processing agreement before working with any regulated documents. This covers XYZ, because ”what if I make a security request the client doesn’t follow?”