5 Legal Requirements Every MSP Must Address

5.11.2015, Written by Annie Wang
Attribution: ITLA image
Attribution: ITLA image

Written by guest blogger Dan Liutikas, Chief Legal Officer at CompTIA and Managing Attorney at ITLA

Launching a managed services practice takes more than just knowing the technology and understanding the recurring revenue model. To stay successful, managed services providers (MSPs) must have an executable growth plan and a strong foundation that includes the right leadership, the right salespeople, the right services, and of course the right legal structures and documentation to build and protect the business.

Like it or not, successful businesses operate within a defined legal framework. Failure to understand that can lead to ugly disputes with co-owners and customers, financial distress, or even bankruptcy. To avoid any such outcomes, MSPs must work with an attorney to draw up contracts that address everything from the responsibilities of co-ownership to the details of service delivery, invoicing and collections.

Here are five legal requirements every MSP must stay on top of in order to be successful long term:

  1. General Services Agreement. Handshake agreements might have worked in the IT channel’s early days, but as providers have matured their businesses and increased their focus on services, handshakes aren’t good enough. MSPs must have detailed service level agreements (SLAs) specifying obligations to each client. SLAs set expectations by clearly stating how and what services you deliver, and how you support your clients when problems occur — and they will. Everything about the agreement must be in writing — including pricing and collections — and fully executed by both parties.
  2. Liability. If you are providing services such as cloud-based applications and data backup and recovery, be sure you understand the liability associated with these services and never sign a business associates agreement without proper due diligence. MSPs need to work with an attorney to accurately detail their role and responsibilities versus the role and obligations of the vendor partners involved. This, of course, requires that you understand the vendor’s services and protocols so that SLA requirements, indemnities, regulation compliance, and representation of warranties are all clearly detailed. In some scenarios, as many as five parties touch the customer’s data, but it is the services provider that’s always perceived as the responsible party and allocated a disproportionate amount of risk in the customer contracts.
  3. NDAs. Non-disclosure agreements (NDAs), also known as confidentiality agreements, protect proprietary business information and intellectual property. They are such a basic requirement for any business to implement with employees, partners and customers, yet very few IT channel companies have them. NDAs should clearly specify each party’s responsibilities in protecting confidential information. These documents can be as complex or as simple as your business warrants. You don’t want to — or need to — go overboard, but whatever you do, make sure you have one.
  4. Contract Management. It is one thing to have contracts in place, but a completely other scenario to manage them properly. Some business owners file their agreements away and never to look at them again. Many wouldn’t be able to tell you where they are located. You must implement a contract management system to organize all your legal documents and keep them accessible for easy reference. Managing your contracts can be as simple as maintaining a spreadsheet, but there are contract management applications available in the market. Managing contracts ensures all are up to date, so you don’t end up delivering services you haven’t agreed to or that are under an expired agreement.
  5. Partnership Agreement. A growing number of MSPs are co-owned and operated, but many lack a clear partnership agreement. That’s a huge and potentially costly mistake. Every business needs an agreement vetted by an attorney that addresses the fundamental aspects of running a company — funding, owner obligations, management, structure, operations, and what happens during a buyout. If disputes arise, this document spells out how to handle them. Otherwise, in the event of a sale, stock purchase, change of ownership, bankruptcy, or even a dispute with other partners, everything is up for grabs — leaving you with nothing to show for your efforts.

To hear Dan talk more in-depth about managed service providers’ legal and regulatory requirements and an exclusive Field Nation offer for supporting your requirements’ needs, register for the “CompTIA Legal Services Program with Field Nation” webinar on Thursday, May 14th, from 1:00-2:00pm CDT.