As Seen In
Attention IT Service Providers
As an MSP, your client contract (MSA) is one of the most important documents in your business
Control scope, manage client expectations AND LIMIT YOUR LEGAL LIABILITY with
All the essential legal documents and training that you need to get started, at a fraction of the price of working with an expensive law firm.
With hackers actively targeting MSPs, a cyber attack happening to a network under your management is almost guaranteed – and multi-million dollar damages being the “new normal”, you can’t afford not to implement a basic set of legal documents to limit your liability.
implementing a STRONG MSA in your business is your #1 tool to set boundaries WITH CLIENTS WHILE MANAGING YOUR LEGAL RISKS.
Not only does a well-written MSA help you reduce legal disputes by keeping clients happy, it also serves the purpose of organizing, defining and presenting your services in a structured and automated way that allows you to increase profitability while protecting yourself from the astronomical legal liabilities that can result from a cybersecurity breach.
Here are just some of the specific risks facing MSPs that make putting a rock solid MSA in place an absolute must in 2022:
EVOLVING CYBERSECURITY THREATS
Hacking is a $300+ Billion-dollar industry and is projected to cost the world over $10.5 Trillion dollars annually by 2025. Cybercrime is evolving at an alarming rate, and with these numbers it is almost a guarantee that one or more of your clients are going to get hacked at some point while their network is under your management.
HACKERS ACTIVELY TARGET SUPPLY CHAIN AND MSPs
MSPs experienced a boom with the pandemic, and this fact is not lost on hackers. Cybercriminals know that you have clients, legal responsibilities, and insurance coverage. They also know you’ll make every effort to pay a ransom in order to save your business, your clients, and your reputation. As a result, hackers are actively targeting and demanding higher ransoms from MSPs managing multiple client accounts than they do from individual businesses.
As far as the average small business client is concerned, everything IT-related is the responsibility of the MSP. Because they see you as the vendor “in charge” of “all IT,” it is a common belief among clients that everything that ever goes wrong is your fault. MSPs are frequently blamed (and sued) for problems whether the actual issue falls within the scope discussed the outset of the relationship, and even when the damages are a result of your client’s actions – or nobody’s fault at all, such as when faced with a new tool that there’s no existing defense against. Your MSA is the first, and often the only defense against taking full financial responsibility for these situations.
LAWSUITS AGAINST MSPs
Because MSPs are often perceived as responsible for everything in relation to the IT networks they manage, they can easily become defendants in lawsuits filed by clients, end users/data subjects, and insurance companies. Even if you work with clients you’ve known for decades, the trust and mutual respect in those relationships doesn’t transfer to end users seeking compensation for privacy violations, or your client’s insurance company that may want to come after you, as a potential party at fault, for the compensation they paid out on behalf of your client after a data breach. In these situations, it is critically important to have an MSA that is absolutely clear on your role and responsibilities, along with limitations on your legal liability to which the client agreed in writing.
The current cybersecurity landscape is almost a perfect storm for unprepared MSPs: the likelihood that none of your clients will ever have a cybersecurity incident is close to zero… clients expecting you to bear most of the risk and liability when something goes wrong … the ease with which clients, end users and insurers can file and hold you hostage in a lawsuit. Coupled with the astronomical damages and ransomware demands we’re seeing (often in the high six figures, millions, or even tens of millions), it is more important than ever to have a robust risk management strategy, with a solid MSA at the core.
Many insurers will request proof that you’re working with a written client contract – and some will even evaluate the quality your MSA – in order to factor this protection (or lack thereof) into the premiums you pay, and in some cases, even whether or not you are able to obtain insurance at all. Insurers know that not having an MSA (or working with a terrible contract) means less protection from legal liabilities, which means a higher risk to the insurance company, which results in higher premiums to account for the higher risk. For many MSPs, a well-written MSA can pay for itself just by the decrease in insurance premiums that otherwise would’ve been charged.
Though cybercrime has been around for many decades, the risks have increased exponentially in recent years.
It is time for every MSP to implement contracts and policies to allocate those risks and provide for quick, easy and favorable resolution of any disputes.
The MSP Legal Starter Pack was created because we realize that when risks and potential liabilities evolve, businesses need an agreement that evolves with the times to manage those risks and allocate / limit those liabilities while allowing MSPs to control scope and manage client expectations in a mostly automated way.
What’s Included In
MASTER SERVICE AGREEMENT (MSA)
The MSA (Master Service Agreement) is the core document that contains your general business terms and conditions that will apply to ALL clients. This is the foundational contract that sets out basic rules such as:
- the term of the engagement;
- grounds for termination;
- your general policies on payments and refunds; client responsibilities (ex: providing access, communication, no changes to the network without your approval, etc);
Think of the above as your general policies and legal protections that don’t change from client to client / project to project. After initial customization, you should only have a small number of variable fields for client-specific info, such as Client Name, Address, E-Mail, etc. Otherwise, you will NOT be changing the terms of this core contract for every single client (unless it’s a large account that merits deviation from your standard policies).
SCHEDULES: PRICING, SERVICES, LIABILITY WAIVER
Attached to the core MSA are a number of Schedules (Appendices). In order to avoid the administrative nightmare of having to edit your entire core MSA for each and every client and every project / service modification, the bulk of the client- and/or project-specific customization should be done in your Service and Pricing Schedules. This will leave your core MSA with your unchanging terms intact, making individual services and amendments easier to manage, and will cut down the number of pages you have to review and edit every time you sign on a new client.
The Schedules that come with your MSA are:
- A Service Schedule with descriptions of the specific services you will provide each client;
- A Pricing Schedule with detailed pricing provisions (recurring charges as well as hourly rates, emergency fees, travel, etc) for each client based on the services they selected; and
- A separate Liability Waiver and Release to provide you with added protection should you be asked to take responsibility for issues not caused by you, or which have been specifically disclaimed.
MSP CLIENT HANDBOOK
The Client Handbook included with the MSP Legal Starter Pack is designed to work together with your MSA to provide your clients with additional essential information, policies and procedures that must be followed in order for you to successfully perform your job.
- your hardware and software requirements/recommendations
- issue priorities and target response times
- your process for lodging and escalating service requests
These provisions are better suited for a Client Handbook for several reasons, including:
- you want to be able to modify your processes by simply e-mailing your clients an updated Handbook, rather than having to amend your MSA or its Schedules for each client every time you update a process or policy;
- including all of this information in Schedules will make for an incredibly long contract (which is not unusual for the industry, but burdensome nonetheless)
MSP SERVICE ELECTION & ACKNOWLEDGEMENT TEMPLATE
The purpose of this form is to allow you to manage your risk and minimize your liability for potential damages resulting from clients refusing to implement basic security recommendations on account of cost, inconvenience, or any other reason.
This letter specifically lays out:
- the exact recommendations you made to your clients
the reason for the recommendations (and specific risks associated with refusal)
- the costs associated with the recommended service/solution
- a liability waiver stating that if your client elects not to implement the solution, you will not be responsible for any damages which may result
IT POLICY MANUAL
This Policy Manual contains a set of starter policies that you can use as an example of how to communicate to your clients the policies they must implement in their organization in order for you to do your job of protecting their network/data.
The starter policies include basics such as:
- Password Policy
- Email Policy
- BYOD Policy
- Incident Reporting Policy
- and more
MSA, SCHEDULES + CLIENT HANDBOOK WALKTHROUGH VIDEO TRAINING
Understanding what the different clauses mean, the legal terminology being used, and the general structure/layout of your contract package is essential to customizing your documents.
To take the guessing and confusion out of the process and ensure that everything is done correctly, the Ultimate MSA Contract Kit includes detailed video walk-through trainings that explain and help you customize each document, section by section, with guidance provided in clear and plain English.
These explanation videos are provided for the Core MSA, MSA Schedules, and Client Handbook. Videos may be added for other documents if requested.
RISK ASSESSMENT AGREEMENT TEMPLATE + BONUS TRAINING
Many MSPs offer an Initial Cybersecurity Risk Assessment service as part of their marketing and sales strategy. It is a great way to start the conversation about cybersecurity and demonstrate to the client why they need your services by showing them the concrete, tangible evidence of the current vulnerabilities in their IT network.
This template was designed to help MSPs define the scope, pricing and liability limitations for Initial Risk Assessments without having to ask the client to sign a full MSA with all your service details and other clauses that don’t apply to this limited service.
BUSINESS ASSOCIATE AGREEMENT TEMPLATE
HIPAA Rules require that all entities involved in the transmission of Protected Health Information enter into written agreements with all business associates with access to PHI.
These contracts must include specific information relating to the use and disclosure of PHI, as well as requirements imposed on the business associate to implement appropriate safeguards to protect PHI, report breaches, respond to requests for copies, make records available for inspection, and more.
MSPs may use this template as a starting point for creating their own Business Associate Agreements when servicing an entity to which HIPAA applies.
This template was just added due to popular demand – video customization training coming soon.
ONE MONTHLY Q&A CALL WITH LIZ
To help with customizing your documents, all MSP Legal Starter Pack clients will have an opportunity to submit questions at the end of each month, to be addressed in a monthly MSA-focused Q&A call held during the first or second week of the following month.
ACCESS TO THE FACEBOOK® GROUP
Upon purchase, you will be granted access to the Ultimate MSA Kit Facebook® Group, where Liz Pifko, Esq., creator of the MSP Legal Starter Pack and industry expert Chris Wiser and the 7 Figure MSP Team will make announcements, host trainings and answer questions regarding your templates.
LIFETIME ACCESS TO ALL RESOURCES, UPDATES, AND ADDITIONAL DOCUMENTS / TRAININGS ADDED
Lifetime access to everything in the program, now and in the future, at no additional cost – even when we increase our prices as the value of the program grows.
Master Service Agreement With Pricing & Service Schedules + Liability Waiver (Value $5,000)
MSP Client Handbook (Value $1,750)
MSP Service Election & Acknowledgement Template (Value ($1,500)
IT Policy Manual (Value $1,750)
Access to Private Facebook Group (Value $1,500)
MSA, Schedules + Client Handbook Walkthrough Video Training (Value $5,000)
One Monthly Q&A Call with Liz (Value $4,200)
Risk Assessment Agreement Template + Bonus Training (Value $2,500)
Business Associate Agreement Template (Value $1,500)
Lifetime Access to All Resources, Updates, and Additional Documents / Trainings Added (Value $10,000)
Frequently Asked Questions
Does this work in every state? Do I need my contract reviewed by a local attorney?
Once you finish customizing your MSA template, taking the final product to a local attorney for review is always highly recommended.
Templates are a cost-effective way to implement a legal stack that would normally cost you $10K+ if you hired a law firm, but they should not be considered a full substitute for custom 1:1 legal advice by an experienced corporate attorney familiar with your business.
That being said, many MSPs do have the problem of not being able to find competent legal counsel to draft their contract packages – not because you’re difficult, but because most general business attorneys don’t have any experience with the IT industry and have no idea what needs to be included in these very nuanced and complex agreements in order to appropriately define your services, processes, boundaries and protections.
The MSP Legal Starter Pack can help with this situation, as it provides all the forms and guidance needed to get you about 98% of the way to a complete, state-of-the art MSA. As for the other 2%, it is always our recommendation to have a local attorney review your drafts.
If you limit the scope of the engagement to “review for state law compliance only,” they will not need to bill 30+ hours crafting your core provisions and service descriptions, or deep diving into your business model and policies to ensure that the document actually reflects how you do business. You already did that work. Instead, they will spend a few hours verifying that the boilerplate meets state law requirements and limitations, and will likely give you the green light after making a few edits, if any at all.
By purchasing the MSP Legal Starter Pack, you can skip wasting $10K+ on a substandard MSA that doesn’t address half of your concerns, and simply spend the cost of the package plus a few hours of local attorney time to ensure that your MSA is not only one of the best that money can buy, but is also fully compliant with all applicable laws.
I should also note that there are very few laws that significantly differ from state to state. If you need any edits to comply with state law, there is a good chance they will be few and minor. We’ve gotten feedback from various MSPs where the reviewing attorney changed very little, and in some instances, nothing at all.
Can I just buy one document at a time?
We do not sell the documents in the MSP Legal Starter Pack separately, for two primary reasons.
One, I personally believe in offering complete solutions, rather than fixing just part of the problem. In the legal world, you either cover all your bases or you might as well have no protection at all.
This is why the MSA, Handbook and Policy Manual can’t be separated. Both the Handbook and the Policy Manual are referenced throughout the MSA, and the Handbook references the Policies, so a lot of your MSA will not make sense if you don’t have these other documents for your clients. Of course, you may do the extra work of removing those references and not using the Handbook or the Policies, but in this case you will leave huge gaps in liability protection and expectation management, and the package will not work to provide you with the level of protection is was designed to accomplish.
The whole package is designed to work together as a set, which is what all serious MSPs want to get to as far as documentation – everything having its proper place and purpose, working together, consistently and without contradicting each other or missing key protections.
Are electronic signatures valid?
Yes, as long as they comply with UETA and the ESIGN Act, electronic signatures are valid in all U.S. states and other industrialized countries, and carry the same legal weight as handwritten signatures. To ensure compliance, make sure to include language in your agreement stating that the parties agree to proceed electronically, and use one of the larger, more reputable e-sign companies like DocuSign, PandaDoc (our favorite), HelloSign, or one of the many others!
Can I just put up some online terms with a checkbox and not go through the hassle of signing?
I never recommend this to my MSP clients, and the templates in the MSP Legal Starter Pack are not structured this way. Though they can be converted to a “check the consent box” type Terms and Conditions, I am personally not a fan of this for two reasons:
One, many jurisdictions require that certain types of clauses be “negotiated,” meaning that there must be an opportunity for the parties to separately and specifically consider, discuss and bargain with regard to the subject matter of the clause. One example of this is the limitation of liability clause – arguably one of the most important clauses in your MSA, designed to limit your liability to a certain (affordable) sum should something go wrong. Including this type of language in a check-the-box agreement presented to clients on a “take it or leave it” basis increases the risk that a court will refuse to enforce it due to the lack of negotiation or opportunity of the parties to bargain on that point.
Two, part of growing your MSP business is working with larger and more sophisticated clients who can afford to pay premium rates for your services. Working with a higher-level clientele has its obvious benefits, but it also comes with additional work – including in the legal/administrative department. Large clients will typically want to negotiate terms and redline your contract to conform to their company’s legal policies. Closing the deal almost always results in some concessions on the MSP’s part; however, this only works if you have a separate set of terms with each client. It’s impossible to create a uniform Online Terms & Conditions style MSA to reflect all the different (often conflicting) changes and modifications made for different clients. Keeping track of the edits you made for various clients will require a separate document amending the contract for each, i.e. a separate signed agreement. Having to do this defeats the purpose of having an Online T&C instead of a proper MSA in the first place.
With that, my advice is: put a simple system in place to have each client actually sign an MSA. Yes, it’s slightly more effort than a checkbox – but the potentially millions of dollars’ worth of added protection is more than worth the 5 minutes of extra time added to the work your team is already doing to customize each individual client’s specific service plan and pricing schedules.
Does my purchase make Liz my attorney? Do I get personalized legal advice with my purchase?
While these templates were drafted by an attorney who is familiar with the IT industry and understands your business, purchasing the MSP Legal Starter Pack does not create an attorney-client relationship. Questions and concerns about the templates will be answered in the monthly Q&A sessions; however, this will be limited to general information about the documents, how to use them, what the different clauses mean, and some general options when it comes to customization.
In compliance with the strict ethical and professional rules that apply to all attorneys, Liz will not be customizing clauses for you and no specific legal advice custom-tailored to any particular business circumstance will be given unless her firm is separately engaged for this purpose in a formal retainer agreement.
Customizing so many forms sounds like too much work.
While we strive to make the process as easy as possible by including detailed video trainings and monthly Q&A calls to answer any questions you may have, the reality is that yes, at this price point, you’ll still have to do some work. It sucks, but so does going to court… and being found liable for $1M+ in damages because you didn’t have an agreement in place managing and properly allocating the very real risks of doing business as an MSP/MSSP in today’s cybersecurity landscape. If you don’t believe that you can make the time to customize your documents, we recommend hiring an attorney to create a legal package for your business.
How much money can I save with these templates?
Starting your MSA drafting process with our templates will most definitely save you a lot of money. As we all know, lawyers are expensive. Lawyers who serve high-risk, highly technical niches with complex legal needs such as MSPs are not only rare but also much more expensive than your average business attorney.
For context, having a package that includes everything in the MSP Legal Starter Pack custom-drafted for you by an attorney familiar with the legal and business needs of MSPs can easily cost you well over $10K.
In fact, some firms will charge $10K just for the MSA + Schedules – without the Handbook, the Policy Manual, the included waivers, letters, Business Associate Agreement, Risk Assessment Agreement, or the recorded video trainings that you can re-visit any time you need to change something or answer a question for a client (rather than having to schedule a paid consult with an attorney every time you need a refresher on a clause). Not to mention the beautiful, brandable, client-friendly design, which is also not included in the “ugly wall of text” style agreements that $10K+ will get you at a typical business law firm.
For most MSPs, the alternatives to paying a month’s salary for a custom legal package are either:
a) not having a contract at all (best of luck with that);
b) “borrowing” a form from a colleague without knowing where it came from, or downloading something that “looks legal enough” from the internet (only to find out after SHTF that it was actually a client-friendly MSA with clauses that throw you under the bus and ensure that you lose every argument and pay out the maximum amount possible); or
c) hiring your friendly neighborhood general business attorney who’s a great guy, but has no idea what MSPs even do, or the very specific internal and external risks and liability traps that need to be addressed in the document, or how a complex MSA package is even supposed to be structured.
The MSP Legal Starter Pack was created to serve as an additional option for MSPs to have as much protection as possible until the budget permits hiring an experienced IT law firm for a fully custom legal package.
Hi! I’m Liz
Multi-award-winning business attorney, IP strategist, serial entrepreneur, lifelong nonconformist, CEO of Renegade Legal.
As a lawyer, I’m all about risk management and liability protection. As an entrepreneur, there are few things I’m more passionate about than freedom, ease, and the systems that can make it possible for any business to support a lifestyle where we have time for all the things that are important to us.
I created Renegade Legal to support entrepreneurs with contracts, policies and effective implementation systems designed with the goal of preventing lawsuits, scope creep, payment issues and other issues caused by mismanaged expectations and the lack of bulletproof documentation.
My clients are living proof that if you build an infrastructure that minimizes avoidable client/legal drama and frees up your focus and creativity to do what you love, you’ll never have to settle for anything less than your grand vision. And it is my mission to show every entrepreneur that protecting your profits, time and energy from avoidable legal issues, so that you can focus on being the CEO (and scaling your enterprise to 7 figures and beyond), is easier than you think. All it requires is a few easy tweaks to your business backend and a solid set of documents implemented at the right stages of your workflow.
Please note that while these templates were drafted by an attorney, purchasing the MSP Legal Starter Pack does not make Liz your attorney. There is no attorney-client relationship until a retainer agreement is mutually executed and any fees due up front are paid in full.