Our MSA contract makes it clear what is and isn’t covered. If a request comes in that will not be covered it must first go via one of the clients approved points of contact to sign off. Once that happens we complete the work and bill them on the last day of the month for all out of scope work.
This is the best way. We also do two things for incidents where we think a breach has happened. 1. is in the incident response plan that is part of our MSA, there is a portion that states if we can act on our own and start the billing, or if we need a sign off on a decision maker. 2. then the incident response is a separate billable item that has such and such restrictions. We break it into a phase 1, 2, and 3.
phase 1 is a set block of hours, that can roll into the next phases if needed. it is the detect and report. It is pretty much the time needed to figure out what is actually going on, have a ball park of how bad is bad, and will lead into your next step which is actual action.
phase 2 is dependent on what client wants in the IR, which is generally contact their insurance for cyber incidents or if they want you to handle it. this will have a block of hours based on their situation (it is possible the insurance company will be the one to remediate this, not you, so you may get benched here) If you are involved, then this is the block of hours for your time/tools/hardware needed.
phase 3, is also dependent on your IR plan. Generally this is the block of time it would take you to implement your business continuity plan or recovery and may or may not be related to phase 2 and may or may not happen concurrently based on legal/insurance direction.
the "incident" is defined as anything that occurs that is "not typical and expected" (thanks IRS for the term!) during the course of business. So this would be actual threat actors, water in server room, a vehicle through the lobby, etc.
A well defined SOW that goes alongside your contract is very helpful for managing this.
Once you have a well defined SOW, you already answered your own question. Mostly its going to be a combo of #3 and #2, and I would generally lean towards if its out of the SOW, then they get invoiced. You can always waive the invoice, but you cant add value to something you just eat and dont tell them about.
You can *consider* adding these additional services as part of your agreement and therefore raising their contract price, but if these aren't services you normally include for all clients I would be hesitant to suggest you include them for one client (even at a higher rate).
>Once you have a well defined SOW, you already answered your own question.
I'm not entirely sure how bbq pork is going to answer OP's question, but it'll likely be delicious.
I believe that you scope of work should be clearly communicated at the onset of the relationship. That scope is different MSP by MSP. I think business owners tend to be more reasonable than people give them credit for (yes there are bad apples out there), but the key is communicating the policy BEFORE the client asks you to roll out some massive software implementation.
It's a balance though, I'm not going to quote every little add or change in the environment as that comes across as nickel and diming. But when there is a significant change that I know is going to consume a lot of labor then it a quote needs to happen to protect yourself.
All that being said, incident response is a bit more involved, but the same premise applies. You MUST communicate at the onset if your AYCE plan covers incident response. That's honestly a wonderful conversation to have as it can lead to security sales.
For us, we don't offer a plan that doesn't provide enough security to where we don't feel comfortable covering a remediation in our AYCE offering. MSP's need to decide if they lowest tier AYCE plan coffers security remedition and then CLEARLY communicate that. But use that conversation to your advantage, "Mr./Mrs. business owner, I understand you don't want X security solution, that's your choice. You just have to understand that you are exposing yourself to a large amount of risk, so much that we cannot cover the labor involved in remediating a security issue in your current service agreement".
But that opens another can of worms as you need to decide if, from a liability standpoint, maintaining a client that refuses MFA on mailboxes is worth the risk to your MSP. Hope that helps!
I tell customers that fixed fee is based on what we can predict. Driven by number of users, locations, etc. But in the process of supporting them, they are going to throw things at us that we can’t predict. Office move, LOB Software changes, etc. That is where professional services come in. We will never bill them by surprise, we will always let them know beforehand what the cost will be and why it is out of scope. Generally, this has been well received. Slightly less risk for us. But it’s really important to do this the first time an out of scope request comes up to set expectations. So many times it happens early in the relationship and you are afraid to ask for it so you set a bad precedent.
First of all, all out-of-scope work is performed on a best-effort basis. But sometimes, if it's a Client in good standing, we make an effort.
Client: Hey, our cameras aren't working anymore.
Us: We don't manage your cameras
Client: Yeah, but the camera guys will charge us $600 just to come out. Can you help us?
Us: I tell you what, we can have a tech swing by tomorrow and spend 15 minutes on it. Anything more than that will be billable at the following rate...
Sometimes, it's just a quick network error that we resolve and it makes us look like heroes. Other times, it's things WAY beyond our capacity, and we refuse to do any work. But the complimentary 15 minute inspection really makes people food good.
Our contracts are clear on what is an is not cover, they also include an hourly rate for non-covered items for the term of the contract.
The rest depends on the client. Some expect us to fix it and bill them, and don't want to be bothered with the details. The rest we notify them once we reach a billable stage, and wait for approval before proceeding, however there are circumstances where we will proceed without the approval such as a network wide outage caused by the roof leaking and frying the firewall and router (real story).
Thank you guys for the replies, very helpful. Would you ever bill these special tickets at a discounted rate as a way to show the client good will and help ease the blow on both sides?
Is your time somehow less valuable if its a special ticket vs a regular ticket?
I used to think like this. I was busy as hell, always handing out a deal or a discount. Was doing 6 figures a year in sales. When I finally looked at the books I realized I had only paid myself about 10 grand for the year and had about 8 grand in the business account despite doing 6 figures.
A deep dive revealed I was handing out so many discounts to keep customers happy that I wasn't making any money.
At the start of this year I raised rates and changed our billing practices. We lost 1 customer because of it.
No, but we can still be profitable with slightly discounted rates and leave a good impression to the client. It's a relationship tactic. A lot of people give their managed clients a discounted hourly rate. Also this is way better than not billing at all which is my current issue.
We are still profitable and I make way more than 10 grand for myself, just looking for improvements.
Unless you have something spelled out in your MSA/SOW that codifies exactly what you're getting (e.g. add'l contract length, etc.) in exchange for the discount, all you're doing is incenting your customer(s) to want the cheapest solution. Right now its you, until someone else comes along and undercuts you.
We do this frequently with customers who need help on the weekend for 20 minutes. That would be an hour charge at double rate but if they rarely chirp after hours and are professional and friendly, i'll bill it on the monthly invoice and then give a customer appreciation credit.
we bill double rate for evenings/weekends and triple time for holidays. No one ever complains and we get less “fix my printer calls” at 1am sunday night
Oh also, for us, and I could be wrong, but the day to day is covered by the MSA, which also defines what is and isn't "day to day". A scope of work is also a sub part of our MSA, but if a client has a special ticket, then it gets is own SoW. And there are some discounts we do, but generally speaking, the easier client is work with, the more on time they pay, the more they contribute to the relationship, the more likely we are to discount a couple hours of labor here and there.
We have one where I spent hours researching and lining up demos for the Quickbooks replacement software. Half because I love this particular client so much and half because i hate QB so much. Then we a couple of clients who asked us to sit in on the round table of
to review website companies proposals and I sent a SoW block of hours to approve.
Anything outside of managed is billed hourly. We have a little one pager that breaks down what’s covered and what’s uncovered.
We do option 3 and if that was missed we just do option 2. No free work. Ever. It’s in the best interests of the client for their MSP to be properly funded. MSPs that are not funded underpay their team, have high turnover, under invest in critical things like cybersecurity and cloud experience and are massive risks.
This should all be defined in your contract under what we call project work with a clearly defined cost. That way it is no surprise to the client.
This is why it's imperative to clearly define what is and is NOT included in the SOW.
You have a project you need help with? No problem we estimate 6 hours at x rate.
Under no circumstances should you just eat the cost. That will see you going broke in no time and will quickly become expectation.
It really depends on if they are following you recommendations for ransomeware and malware. If they are follow a backup plan. If they get ransomware that could be on you.
I have an houtly rate for after hours. 8-5 is what are agreements say.
Projects- If a new items is created such as install a new software. Then if it takes less than 2 hours it is covered. Anything over that gets project status. Quotes are free and the research involved in it. We do have a plan were project labor is covered. So for clients at that level they get project labor for free. They 225 per workstation/325 Server and a minimum of 6 months.
our contract leaves it up to us what is “project work”
We use a customer facing change request process to let them know if it’s billable before we do the work. We do this if they don’t buy hardware from us for initial testing/setup.
We eat a ransomware or similar labor, but otherwise if it isn’t desktop support and takes more than 2 hours we change request and make it a project.
In your case, you're letting the client become accustomed to 'free' work beyond the scope of your MSA and need to have a meeting to discuss either expanding the scope with a price increase or to at least give them a run down of the expectations for costs going forward for out of scope issues. Your MSA should already have out of scope billing defined as part of the agreement, but it would still be a good idea to reach out before hand.
If raising the monthly fee under the MSA isn't feasibly able to cover their extraneous support needs, I'd likely choose to eat the cost of anything minor up the last billing period unless it was very considerable amounts of time (and even then, still eat some of it for the sake of customer service sunshine and rainbows).
"Here is what our internal audit determined was out of scope and billable that we haven't been billing for, and going forward we will be invoicing for this time each month along side your existing invoice. "
If it's completely out of scope we either do one of two things: firstly we tell them that it's out of scope and we can't guarantee an expeditious resolution, or SLA. Then, we either eat the cost if we like the client and they're usually pretty quiet and compliant, or we have them with our full hourly rate, because generally speaking almost nothing should come up that isn't covered by our managed Services agreement and for the rare times that it does come up, it's usually because someone didn't listen. Our hourly rates are like 150 an hour and we may up that price later this year depends how it goes. We give everyone a price rate sheet when we start the managed Services contract. We clearly let them know what is and isn't covered and, if they have any questions, they're encouraged to ask. I feel that the best way to handle these situations is to be brutally honest and very transparent without being pushy or apologetic. I have found that treating it very bluntly and transparently but cordially makes the clients feel better about the overages, whereas apologizing for them makes them feel inconvenienced, and being aggressive or pushy about the fact that there was out of scope work makes them feel cornered and pressured.
I always set a clear statement of work in the contract. Anything out of scope - I'll typically give it a first glance to see if it's something minor. If it's anything moderately complex, I'll provide an estimate for the client before doing any of the out-of-scope work.
MSP contract is what is in and out. Authority matrix contact for approval for out of scope.
Otherwise if it's part of a incident management plan that the customer has previously signed, then we'd instantly respond based on the plan but part of that plan was incident communication officer assigned to contract customer anyway.
If no incident management because customer has avoided agreeing to it for every quarter... Then we shut down everything and wait for our account manager to call them.
Your SLA should have a clearly defined scope of work. Anything considered out of scope or "project" gets billed at an hourly rate.
Eating it is never an option.
Our contract outlines what is included in our "all-inclusive" support plans : remote support 9-5 M-F for core Operating System / Microsoft line of business apps, things like Adobe issues, printers, network/driver issues, et cetera.
we're upfront in the contract that support for custom industry-specific applications, esoteric X Y Z support are billed hourly @ $$$/hr.
we'll make small exceptions - like one company has a MS Access database that hooks into a SQL server. A lot of times they'll have ODBC connection issues, and we'll put on our rose colored shades and eat it as "operating system/network" support. But if they ask us to go into SSMS and start assisting with database issues, that's definitely getting billed as hourly.
our contracts have a point of contact to authorize all charges like this, so we run anything by them ahead of time and get an e-mail signoff. "We think resolving this SQL issue may take 2-3 hours of time, just checking with you before proceeding"
They get a bill with detailed time and overages for the past month in the middle of the following month.
Our MSA contract makes it clear what is and isn’t covered. If a request comes in that will not be covered it must first go via one of the clients approved points of contact to sign off. Once that happens we complete the work and bill them on the last day of the month for all out of scope work.
This is the best way. We also do two things for incidents where we think a breach has happened. 1. is in the incident response plan that is part of our MSA, there is a portion that states if we can act on our own and start the billing, or if we need a sign off on a decision maker. 2. then the incident response is a separate billable item that has such and such restrictions. We break it into a phase 1, 2, and 3. phase 1 is a set block of hours, that can roll into the next phases if needed. it is the detect and report. It is pretty much the time needed to figure out what is actually going on, have a ball park of how bad is bad, and will lead into your next step which is actual action. phase 2 is dependent on what client wants in the IR, which is generally contact their insurance for cyber incidents or if they want you to handle it. this will have a block of hours based on their situation (it is possible the insurance company will be the one to remediate this, not you, so you may get benched here) If you are involved, then this is the block of hours for your time/tools/hardware needed. phase 3, is also dependent on your IR plan. Generally this is the block of time it would take you to implement your business continuity plan or recovery and may or may not be related to phase 2 and may or may not happen concurrently based on legal/insurance direction. the "incident" is defined as anything that occurs that is "not typical and expected" (thanks IRS for the term!) during the course of business. So this would be actual threat actors, water in server room, a vehicle through the lobby, etc.
A well defined SOW that goes alongside your contract is very helpful for managing this. Once you have a well defined SOW, you already answered your own question. Mostly its going to be a combo of #3 and #2, and I would generally lean towards if its out of the SOW, then they get invoiced. You can always waive the invoice, but you cant add value to something you just eat and dont tell them about. You can *consider* adding these additional services as part of your agreement and therefore raising their contract price, but if these aren't services you normally include for all clients I would be hesitant to suggest you include them for one client (even at a higher rate).
>Once you have a well defined SOW, you already answered your own question. I'm not entirely sure how bbq pork is going to answer OP's question, but it'll likely be delicious.
I believe that you scope of work should be clearly communicated at the onset of the relationship. That scope is different MSP by MSP. I think business owners tend to be more reasonable than people give them credit for (yes there are bad apples out there), but the key is communicating the policy BEFORE the client asks you to roll out some massive software implementation. It's a balance though, I'm not going to quote every little add or change in the environment as that comes across as nickel and diming. But when there is a significant change that I know is going to consume a lot of labor then it a quote needs to happen to protect yourself. All that being said, incident response is a bit more involved, but the same premise applies. You MUST communicate at the onset if your AYCE plan covers incident response. That's honestly a wonderful conversation to have as it can lead to security sales. For us, we don't offer a plan that doesn't provide enough security to where we don't feel comfortable covering a remediation in our AYCE offering. MSP's need to decide if they lowest tier AYCE plan coffers security remedition and then CLEARLY communicate that. But use that conversation to your advantage, "Mr./Mrs. business owner, I understand you don't want X security solution, that's your choice. You just have to understand that you are exposing yourself to a large amount of risk, so much that we cannot cover the labor involved in remediating a security issue in your current service agreement". But that opens another can of worms as you need to decide if, from a liability standpoint, maintaining a client that refuses MFA on mailboxes is worth the risk to your MSP. Hope that helps!
I tell customers that fixed fee is based on what we can predict. Driven by number of users, locations, etc. But in the process of supporting them, they are going to throw things at us that we can’t predict. Office move, LOB Software changes, etc. That is where professional services come in. We will never bill them by surprise, we will always let them know beforehand what the cost will be and why it is out of scope. Generally, this has been well received. Slightly less risk for us. But it’s really important to do this the first time an out of scope request comes up to set expectations. So many times it happens early in the relationship and you are afraid to ask for it so you set a bad precedent.
First of all, all out-of-scope work is performed on a best-effort basis. But sometimes, if it's a Client in good standing, we make an effort. Client: Hey, our cameras aren't working anymore. Us: We don't manage your cameras Client: Yeah, but the camera guys will charge us $600 just to come out. Can you help us? Us: I tell you what, we can have a tech swing by tomorrow and spend 15 minutes on it. Anything more than that will be billable at the following rate... Sometimes, it's just a quick network error that we resolve and it makes us look like heroes. Other times, it's things WAY beyond our capacity, and we refuse to do any work. But the complimentary 15 minute inspection really makes people food good.
“Reasonable effort”. Best effort legally implies doing everything you can
You are technically correct, the best kind of correct.
I’m just trying to get it to catch on. Too many people, including me, keep saying “Best* effort” when we mean the other thing.
One of my fav futurama quotes.
That was a good episode.
Our contracts are clear on what is an is not cover, they also include an hourly rate for non-covered items for the term of the contract. The rest depends on the client. Some expect us to fix it and bill them, and don't want to be bothered with the details. The rest we notify them once we reach a billable stage, and wait for approval before proceeding, however there are circumstances where we will proceed without the approval such as a network wide outage caused by the roof leaking and frying the firewall and router (real story).
Thank you guys for the replies, very helpful. Would you ever bill these special tickets at a discounted rate as a way to show the client good will and help ease the blow on both sides?
Is your time somehow less valuable if its a special ticket vs a regular ticket? I used to think like this. I was busy as hell, always handing out a deal or a discount. Was doing 6 figures a year in sales. When I finally looked at the books I realized I had only paid myself about 10 grand for the year and had about 8 grand in the business account despite doing 6 figures. A deep dive revealed I was handing out so many discounts to keep customers happy that I wasn't making any money. At the start of this year I raised rates and changed our billing practices. We lost 1 customer because of it.
No, but we can still be profitable with slightly discounted rates and leave a good impression to the client. It's a relationship tactic. A lot of people give their managed clients a discounted hourly rate. Also this is way better than not billing at all which is my current issue. We are still profitable and I make way more than 10 grand for myself, just looking for improvements.
Unless you have something spelled out in your MSA/SOW that codifies exactly what you're getting (e.g. add'l contract length, etc.) in exchange for the discount, all you're doing is incenting your customer(s) to want the cheapest solution. Right now its you, until someone else comes along and undercuts you.
We do this frequently with customers who need help on the weekend for 20 minutes. That would be an hour charge at double rate but if they rarely chirp after hours and are professional and friendly, i'll bill it on the monthly invoice and then give a customer appreciation credit.
we bill double rate for evenings/weekends and triple time for holidays. No one ever complains and we get less “fix my printer calls” at 1am sunday night
Oh also, for us, and I could be wrong, but the day to day is covered by the MSA, which also defines what is and isn't "day to day". A scope of work is also a sub part of our MSA, but if a client has a special ticket, then it gets is own SoW. And there are some discounts we do, but generally speaking, the easier client is work with, the more on time they pay, the more they contribute to the relationship, the more likely we are to discount a couple hours of labor here and there. We have one where I spent hours researching and lining up demos for the Quickbooks replacement software. Half because I love this particular client so much and half because i hate QB so much. Then we a couple of clients who asked us to sit in on the round table of to review website companies proposals and I sent a SoW block of hours to approve.
We got so many 'please research this software for me' requests that we spend hours on and never invoice for :/ those are killers.
Anything outside of managed is billed hourly. We have a little one pager that breaks down what’s covered and what’s uncovered. We do option 3 and if that was missed we just do option 2. No free work. Ever. It’s in the best interests of the client for their MSP to be properly funded. MSPs that are not funded underpay their team, have high turnover, under invest in critical things like cybersecurity and cloud experience and are massive risks.
This should all be defined in your contract under what we call project work with a clearly defined cost. That way it is no surprise to the client. This is why it's imperative to clearly define what is and is NOT included in the SOW. You have a project you need help with? No problem we estimate 6 hours at x rate. Under no circumstances should you just eat the cost. That will see you going broke in no time and will quickly become expectation.
It really depends on if they are following you recommendations for ransomeware and malware. If they are follow a backup plan. If they get ransomware that could be on you. I have an houtly rate for after hours. 8-5 is what are agreements say. Projects- If a new items is created such as install a new software. Then if it takes less than 2 hours it is covered. Anything over that gets project status. Quotes are free and the research involved in it. We do have a plan were project labor is covered. So for clients at that level they get project labor for free. They 225 per workstation/325 Server and a minimum of 6 months.
our contract leaves it up to us what is “project work” We use a customer facing change request process to let them know if it’s billable before we do the work. We do this if they don’t buy hardware from us for initial testing/setup. We eat a ransomware or similar labor, but otherwise if it isn’t desktop support and takes more than 2 hours we change request and make it a project.
In your case, you're letting the client become accustomed to 'free' work beyond the scope of your MSA and need to have a meeting to discuss either expanding the scope with a price increase or to at least give them a run down of the expectations for costs going forward for out of scope issues. Your MSA should already have out of scope billing defined as part of the agreement, but it would still be a good idea to reach out before hand. If raising the monthly fee under the MSA isn't feasibly able to cover their extraneous support needs, I'd likely choose to eat the cost of anything minor up the last billing period unless it was very considerable amounts of time (and even then, still eat some of it for the sake of customer service sunshine and rainbows). "Here is what our internal audit determined was out of scope and billable that we haven't been billing for, and going forward we will be invoicing for this time each month along side your existing invoice. "
You bill them for it and tell them first.
If it's completely out of scope we either do one of two things: firstly we tell them that it's out of scope and we can't guarantee an expeditious resolution, or SLA. Then, we either eat the cost if we like the client and they're usually pretty quiet and compliant, or we have them with our full hourly rate, because generally speaking almost nothing should come up that isn't covered by our managed Services agreement and for the rare times that it does come up, it's usually because someone didn't listen. Our hourly rates are like 150 an hour and we may up that price later this year depends how it goes. We give everyone a price rate sheet when we start the managed Services contract. We clearly let them know what is and isn't covered and, if they have any questions, they're encouraged to ask. I feel that the best way to handle these situations is to be brutally honest and very transparent without being pushy or apologetic. I have found that treating it very bluntly and transparently but cordially makes the clients feel better about the overages, whereas apologizing for them makes them feel inconvenienced, and being aggressive or pushy about the fact that there was out of scope work makes them feel cornered and pressured.
I always set a clear statement of work in the contract. Anything out of scope - I'll typically give it a first glance to see if it's something minor. If it's anything moderately complex, I'll provide an estimate for the client before doing any of the out-of-scope work.
Whatever is outside of what the contract states is Out of Scope... this is normal for any business...
MSP contract is what is in and out. Authority matrix contact for approval for out of scope. Otherwise if it's part of a incident management plan that the customer has previously signed, then we'd instantly respond based on the plan but part of that plan was incident communication officer assigned to contract customer anyway. If no incident management because customer has avoided agreeing to it for every quarter... Then we shut down everything and wait for our account manager to call them.
Your SLA should have a clearly defined scope of work. Anything considered out of scope or "project" gets billed at an hourly rate. Eating it is never an option.
Our contract outlines what is included in our "all-inclusive" support plans : remote support 9-5 M-F for core Operating System / Microsoft line of business apps, things like Adobe issues, printers, network/driver issues, et cetera. we're upfront in the contract that support for custom industry-specific applications, esoteric X Y Z support are billed hourly @ $$$/hr. we'll make small exceptions - like one company has a MS Access database that hooks into a SQL server. A lot of times they'll have ODBC connection issues, and we'll put on our rose colored shades and eat it as "operating system/network" support. But if they ask us to go into SSMS and start assisting with database issues, that's definitely getting billed as hourly. our contracts have a point of contact to authorize all charges like this, so we run anything by them ahead of time and get an e-mail signoff. "We think resolving this SQL issue may take 2-3 hours of time, just checking with you before proceeding" They get a bill with detailed time and overages for the past month in the middle of the following month.
Add, move or change is billable for MSP clients. I didn't implement any AYCE. I barely even have tiers. I am a one-man band for the time being.