Background.
As explained in my previous article, a Master Services Agreement (“MSA”) is “an agreement between at least two parties (normally just two parties) dealing with the terms and conditions that will apply to future transactions between the parties. It is likely used when the parties contemplate more than one service or offering between them.” It is, essentially, an umbrella over the entire relationship and is to be applied to all services or offerings to the client. These services or offerings are generally adopted by an addendum or Statement of Work. Understanding this structure – MSA first followed by a Statement of Work or Addendum- is necessary when determining the business approach you will use when constructing your MSA.
There is not just one MSA template that will work for all MSPs. Be wary of adopting an “off the shelf” template that embodies all terms that anyone could conceive of. Templates rarely reflect the culture of your company or of the relationship that you wish to perpetuate with your clients.
For example, some MSPs want to make sure that all clients are on the same MSA and refuse to negotiate any terms. Others are willing to negotiate a few terms with their clients and still other MSPs are fully willing to negotiate most terms with their clients.
If you are an MSP that is unwilling to negotiate terms, you will want to have an MSA that addresses the most basic of terms and which will likely not lead to any disagreements with your prospective clients. As a result, your MSA will likely not be as comprehensive as it could (or perhaps should) be. It will likely be necessary to bolster your Statement of Work or Addendum with language that is negotiable in order to fully address your defense. This is may create an impression with the client that the MSP competes based upon the quality of their services, leaving the details and specifications of each engagement in the Statement of Work.
To the other extreme, if you are an MSP that wants to have the first document govern the relationship primarily and only have skeletal Statement of Works or Addendum, it is likely that you will have a more comprehensive MSA to start with. The client is more likely to perceive you as more client oriented, since you are setting comprehensive guidelines at the onset and you are listening to their desired contractual modifications.
Some MSPs will insist on the comprehensive MSA with little to no modifications with their clients. With this “take it or leave it” approach, the client is more likely to perceive this MSP as competing on price.
As a result, at the onset, you have to determine the impression that you want to create with your prospective clients and clients. Once you have determined which approach you want to adopt, you next have to create a list of the terms that you want to include in the umbrella agreement. Depending upon your business strategy (see above), this may be a comprehensive list of all terms that could possibly be addressed or it may be a short list of basic “must have” terms.
The critical terms.
While largely a matter of my opinion, I think the most critical terms include: cybersecurity, client obligations, confidentiality, indemnification, limitation of liability, disclaimer of warranties, assignment, venue selection, term and termination.
In today’s ever-changing technology environment, it is absolutely critical to address cybersecurity in the relationship between the MSP and the client. It is naïve to believe that an attempt to exclude security of information from services will be upheld by a court. Courts sometimes ignore language in contracts that the court deems as unfair, using many different common law legal doctrines. A party’s recourse is to appeal, which is expensive and appellate courts are reluctant to reverse the trial court’s decisions. It is far better to address cybersecurity efforts of the MSP in the MSA and have an acknowledgement by the client that the efforts are limited to the services being offered and that there is no guarantee that there will not be an actual breach of the security measures or precautions implemented by the MSP for the client. The MSA should focus on the efforts to prevent the breach of security rather than purporting to prevent all breaches of security. While the cybersecurity issue should also be included in relevant Statements of Work, in today’s environment, this issue should also be broadly addressed in the MSA
Client obligations addresses the MSP’s expectations of the client. For instance, I believe it is critical that the client is required to cooperate, including providing the MSP with liberal physical and virtual access to their system and environment so that the MSP can perform its obligations. I also believe it is critical that they provide you with one point person to take direction from so that the MSP is not having to address multiple and sometimes conflicting directions from different client representatives.
There is certain to be access to confidential information during the course of the relationship. In fact, it is likely that each party will supply some confidential or proprietary information to the other. This should be addressed in the MSA as the information will likely be supplied in advance of the Statement of Work or Addendum being completed. For those adopting a minimalist approach to the MSA, they may want to start with a blanket non-disclosure agreement so as to declutter the MSA.
Indemnification means to stand in the shoes of another party for a wrong that you have committed. I believe it is important that the client protect the MSP from the client’s wrong doing. The client should have to defend and pay for its own transgressions, even when a third party implicates the MSP.
The limitation of liability provision addresses the total liability exposure that an MSP will have in the relationship. While tempting to limit liability to $1, such aggressive positions will likely not be upheld. Additionally, most MSPs have insurance coverage applicable for certain claims, like negligence. It is far more reasonable to allow the client to pursue the insurance coverage that you have procured and paid for rather than trying to explain to a court why the MSP procured insurance coverage beyond the limits of liability and thereby contemplating that the limitation of liability would not be enforced by the court.
Clients may argue that the promotional literature or negotiations between the parties constitute warranties. Courts try to give meaning to the understandings and expectations of the parties to the contract. As a result, it is critical to disclaim any of these potential warranties.
If the MSP is to have real value in the subscription services being provided to its clients, it needs to have the ability to unquestionably assign the contract. Without an assignment provision in favor of the MSP, an exit for the owners of the MSP is significantly more complicated and may entail the suitor acquiring consents from every client in order to realize full value for the MSP. To protect the value of the business, the MSP should be able to point to language in the MSA allowing it to assign its rights and obligations. The absence of an assignment clause generally means that the contract is assignable but, when trying to protect the value of your business, why allow a buyer to discount (whether justifiable or not) for failure to have an assignment provision?
“Term” deals with the duration of the MSA. MSPs should strive to have the MSA be in force as long as any services are being rendered and for a period thereafter. If you have a date certain end to the term of the MSA, you will be forced to renegotiate the terms of the MSA at the conclusion of the term. This may lead to undesirable modifications that would not have been requested or proposed if the MSA was indefinite or tied to the provision of services.
Venue selection and governing law deal with the selection of the state laws which will apply to the relationship and the in which jurisdiction disputes will be litigated in. Be wary of selecting states and venues that are not close to home as there is increased expense and uncertainty associated with such litigation.
Termination deals with when the parties can conclude the relationship and how the parties will treat each other, and their information, when services are no longer being provided. For example, if the client fails to pay, the MSP will want to be able to point to language in the MSA dealing with how the services will cease.
Important terms.
Again, this is a matter of my opinion, but I think a relatively comprehensive MSA should also address these additional terms: payment, non-solicitation or hire of MSP employees and liquidated damages, limitation of remedy, governing law, waiver.
Payment timing and terms are important to the operation of the MSP’s business. If the payment issue is not addressed in the MSA, the MSP is left with negotiating these terms in the Statement of Work.
The MSP’s most valuable asset is likely the technical team that it employs. Tens of thousands of dollars are invested in securing and training these individuals. If a client determines that it is less expensive to employ a technician than to continue with the MSP, it will likely try to hire your technician away from you. Having a provision prohibiting this practice is likely, in my opinion, not going to be enforced by a court. It is far better to anticipate that this practice may occur and define the value of the training with a provision requiring the client to pay the MSP when it hires employees of the MSP.
A limitation of remedy clause sets forth the requirements that a Client must take prior to engaging in efforts to mitigate alleged breaches by the MSP. Without such a clause, the client can simply retain outside expertise to cure supposed breaches by the MSP and send the bill to the MSP (or deducting it from the amounts owing). Requiring the client to follow steps prior to seeking assistance from others ensures that the MSP is provided with notice of the issue and an opportunity to cure it within a defined time period.