When it comes to the long-term health of your MSP, few things are more important than properly managing your liability. While protections like cyber insurance are certainly important, your first line of defense should always be your master service agreement (MSA).
A strong MSA offers an essential layer of protection that keeps you safe from liability and further bolsters the effectiveness of your insurance coverage. In fact, insurance providers will often require that your MSP have a strong MSA in place before they’re willing to insure your business.
With that in mind, here are four best practices for developing (and using) an MSA that works.
1. Separate Your MSA from Your Services
First, your MSA should be a standalone document, something that can be equally applied to every client you do business with. Ideally, you should only have to create one MSA, and it should serve your MSP well for many years.
“An MSA should be service agnostic. It should be cost agnostic, price agnostic, client agnostic. Doesn’t matter what the service is,” advises Brad Gross, founding partner of the Law Office of Bradley Gross PA. “The MSA is that guiding principle foundational document that governs services. Services themselves should be in a different document: a quote, a statement of work, a proposal, whatever the MSP wants to call it.”
If you put all the specifics about your services into a quote or proposal, you can easily adjust the details based on the needs of the client. But the same MSA can then be attached to each quote or proposal, regardless of how the quotes might differ.
2. Address Situational Realities
Strong MSAs must also be able to address what Gross calls the “situational realities” of running an MSP. This doesn’t just include mistakes, poorly implemented work, or misunderstandings that are your fault — they must also address situations where there’s “the appearance of a mistake.”
Gross offers this example: “An MSP tells a customer that it has to implement the service. The customer declines the service, and then the thing that the MSP feared would happen actually happens. … The customer points its finger at the MSP and says, ‘This was your mistake, you did this.'”
He notes, “Attorneys will argue at hundreds and hundreds and hundreds of dollars an hour, slowly, about who’s right, when the truth is that if that situational reality—the reality of customers decline services—if that was just addressed in the MSA, they wouldn’t be in that situation.”
It can be hard to come up with the dozens of situational realities that could affect your MSP, but thinking through the various situations where a client could try to hold you liable is a must for ensuring your MSA has an answer for every possible scenario.
For example, you might encounter a situation where you need to fire a client. If your MSA doesn’t cover this type of situation, you could find yourself stuck with a bad client who’s more trouble than they’re worth.
3. Address the Presence of Other Parties
One aspect of your situational realities as an MSP is the fact that there are certain issues that involve additional parties beyond you and the client.
As Gross explains, “Obviously, you want to make sure that from a legal perspective, your liabilities are limited, that you’re not warranting upstream provider services, that you’re not guaranteeing that if you’re acting as a VAR, for example, and purchasing hardware, that the hardware will be functional or operational under all circumstances. You want to make the relationship between you and your customer very clear and in doing that, you have to describe the fact that there are other parties involved, upstream providers, whomever they may be, and that there are things you’re going to take responsibility for and there are things you won’t take responsibility for.”
Clearly explaining the separation between your MSP and these third parties will ensure you’re only legally responsible for things you can control.
4. Make Document Acceptance Easy
Finally, make sure your MSA is readily accessible for clients and prospects. Ensuring that they had the opportunity to read it—regardless of whether they actually do or not—is key to ensuring you’re fully protected.
“I would recommend that those MSAs get posted on an MSP’s website,” Gross says. “And then they are clearly, unequivocally, and unquestionably referenced at the beginning of the quote. ‘This quote is governed under the terms of our MSA located here. By accepting this quote, you accept our MSA and if you cannot access it or do not agree, do not sign this quote.'”
Gross also recommends that MSPs provide a separate services guide—similar to a user manual—that explains in detail what services your MSP provides and how it goes about offering them. The idea is that links to these documents are made available when you provide a quote. This way, the customer doesn’t have to read through them before diving into the specifics of their quote. At the same time, the information needed to legally protect your MSP has been provided.
Regardless of whether a customer reads the MSA, providing the link along with the quote means they agree to it if they accept the quote. Keeping this information on a non-public, non-indexable page allows you to send prospective clients to a specific URL without making your MSA easily accessible to competitors.
Protect Your MSP with a High-Quality MSA
You can’t control everything that might affect your operations. But by putting in the work to develop a comprehensive MSA, you can protect your financial and legal standing, and that’s something that should help you sleep well at night.
JENNIFER TRIBE is host of the Workflow for MSPs podcast. She serves as director of content at Syncro, an all-in all-in-one RMM, PSA, and remote access tool that helps managed service providers run more profitable businesses.
Image: iStock