Only a few MSPs have the scale, resources, and wherewithal to retain in-house legal counsel. However, all MSPs (regardless of their budget or size) should have leverage legal expertise when drafting MSA, SLAs and working with clients.
Whether you have a dozen full-time personnel, use a team of contract workers or run a one-person operation, there are several instances where you need the services of an attorney. Not using legal expertise at these points could cost you a whole lot more in the long run.
Choose an Attorney with IT and Cybersecurity Experience
When choosing an attorney for your MSP operations, you should find someone with extensive experience in the IT space, particularly a lawyer that’s in tune with the rapidly evolving cyberspace landscape. Maintaining a relationship with such an attorney comes in handy when building your core documents — MSA (Master Service Agreement) and SLAs (Service Level Agreement).
When drafting a contract, using a generalized template isn’t a good idea. Your MSA must reflect the individual needs of each respective client, address all likely scenarios, detail the requirements and responsibilities expected from all parties, and specify who is liable for what.
The latter has become even more critical in today’s shifting cybersecurity landscape and increased regulatory oversight. Presenting unscrupulous clients with vague contracts containing poorly phrased clauses gives them loopholes to use against you when something untoward happens.
Some of the major reasons why MSPs should have a lawyer in their corner include
- Staying on top of regulatory requirements
- Crafting well-thought-out MSAs/SLAs with no loopholes
- Expert legal counsel to handle disputes or litigation proceedings
Stay on Top of Regulatory Requirements
Not only do MSPs have to deal with the technologies required to ensure the security of their clients’ data and IT infrastructure but they also need to meet the legal requirements stipulated by the various regulatory bodies. Depending on your clients’ industry and vertical, you may need to comply with HIPAA, GDPR, PCI DSS, or financial services regulations. An attorney can help you examine this complicated hodgepodge of rules and break them down into understandable bits and pieces.
Attorneys who are in tune with the regulatory environment may be able to anticipate future changes and help MSPs prepare adequately. Today’s IT regulatory landscape is in a constant state of flux where sudden changes can catch MSPs off-balance, putting them in a reactive state where they are exposed to significant levels of risks.
Most SMB’s (from medical practices to start-up IT businesses) do not have the requisite resources to keep full-time IT staff on payroll. As such, they rely on MSPs to not only provide outsourced IT expertise but to secure their data and ensure that their IT infrastructure and business processes comply with the various regulatory requirements for their industry.
You may have the technical expertise to provide the former; however, you need legal counsel to keep a handle on the latter. This is because legal counsel informs and influences technical decisions. Although MSPs can build virtually impenetrable IT infrastructures, such systems are usually inflexible and may restrict clients from effectively doing business or taking advantage of new opportunities.
Attorneys can help MSPs strike the right balance. They can help you put in place both adequate and legally-mandated protections that enable your clients to do business effectively while avoiding repercussions from regulatory bodies.
Identify Exploitable Loopholes in MSAs/SLAs
If you are unwilling to take on the responsibility of securing clients’ data or complying with industry regulations (or clients are unwilling to pay for such services), attorneys can explicitly include clauses in the SLA that exculpate you from all liabilities in the event of a security breach.
Likewise, even if you do take on such responsibilities, the client may be required to take certain actions to aid you to achieve the objectives set out in the SLA. For instance, the client may require to back up production data twice a week. Your SLA should specify that the clients’ failure to do their part may render you unable to deliver on deliverables.
Further reading How Do You Limit Liability as an MSP?
Your SLA should be prepared (or at least reviewed) by an expert IT attorney who understands your service delivery model and can create an enforceable document that protects your interests. “Borrowing” contracts from other MSPs or using one found on a template-type service isn’t a good idea — it’s best to use the services of a legal expert versed in the issues you face daily.
A properly written contract is the cornerstone of any thriving MSP business and its enforceability drives revenue. Legal oversight is critical when drafting an MSA to ensure that the right amount of compensation is paid when due. SLAs also detail your availability, the level of service you can deliver and possible penalties.
Further reading Service Level Agreement for Managed IT Service Providers
In instances where clients have unrealistic expectations about the level of service you ought to deliver, an established SLA can help resolve matters quickly. When instances beyond your control affect deliverables or clients delay/fail to make payments or, a properly drafted MSA can help protect your interests.
As such, MSPs (irrespective of budget or size) should leverage legal expertise when drafting MSA, SLAs and working with clients.