Master Services Agreement (MSA)

Parties. This Master Services Agreement (the “Agreement”) is entered into by and between Modern Managed IT, LLC, a Delaware limited liability company with principal operations in San Antonio, Texas (“Provider”), and the customer identified on an applicable Order (“Customer”).

Structure. This Agreement governs all services provided by Provider and is supplemented by Orders, Schedules, and Policies referenced below. In the event of conflict: Order controls, then any Service-Specific Schedule, then this Agreement, then the Acceptable Use Policy.

Definitions. Capitalized terms have the meanings given in this Agreement.
“Services” means the managed services selected on an Order.
“Managed IT” and “Managed Security” have the meanings in Schedules A and B.
“AUP” means the Acceptable Use Policy posted at https://www.modernmanagedit.com/acceptable-use-policy-us/ as updated per this Agreement.
“Order” means a written or electronic order executed by both parties that identifies Services, term, quantities, and fees.
“SOC” means the human-led 24×7 security operations center engaged by Provider to monitor security telemetry for Managed Security.

1. Term and Renewal

1.1 Term. The Agreement commences on the Effective Date of the first Order and remains in effect until terminated in accordance with Section 12. Each Order has an initial term stated in the Order. If no term is stated, the initial term is one month.

1.2 Renewal. Unless either party gives notice of non-renewal at least 30 days before the end of the then-current term, each Order auto-renews for successive one-month terms.

2. Services and Schedules

2.1 Managed Services. Provider will deliver the Services described in the applicable Schedules and Orders. Current standard Schedules are attached:

  • Schedule A – Managed IT – Service Description and Service Targets
  • Schedule B – Managed Security – Service Description and Service Targets
  • Schedule C – Third-Party Software and Licensing Terms
  • Schedule D – Enhanced Billing Terms – Dispute-Managed Clients (optional by Order)
  • Schedule E – Payment Authorization and Billing Profiles
  • Schedule F – Managed BCDR – Service Description and Service Targets
  • Schedule G – Managed Compliance – Service Description and Service Targets
  • Schedule H – Managed Colocation – Service Description and Service Targets

2.2 Changes to Schedules. Provider may update Schedules to reflect product or process changes, vendor requirements, or security standards. For material adverse changes to Customer, Provider will give at least 30 days’ notice, except where a vendor mandates a change with less notice, in which case Provider will pass through the change with as much notice as reasonably possible.

For clarity, updates to online policies and Service Schedules follow Section 17.1 and are binding as of their effective date unless Customer terminates the affected Order before that date.

2.3 Professional Services. Any project, onboarding, or consulting services will be defined in a Statement of Work and billed as one-time fees unless stated as recurring.

3. Customer Responsibilities

3.1 Provide accurate information, timely decisions, and access to systems, facilities, and personnel as reasonably required.

3.2 Maintain licensed and supported operating systems and software for all in-scope assets, unless otherwise agreed in writing.

3.3 Follow Provider guidance on minimum security standards, including multi-factor authentication, supported OS, patched systems, and deployment of required security agents.

3.4 Comply with the AUP.

4. Fees, Taxes, and Fee Changes

4.1 Fees. Customer will pay the recurring and one-time fees outlined in each Order.

4.2 Billing Cycle. Unless stated otherwise on an Order, recurring fees are billed monthly in advance. Usage and non-recurring fees are billed in arrears.

4.3 Taxes. Fees are exclusive of taxes. The Customer is responsible for sales, use, VAT, GST, and similar taxes assessed on the Services, except for taxes on the Provider’s net income.

4.4 Fee Increases. Provider may increase fees for Services with at least 30 days’ advance notice.
Vendor Pass-Through Adjustments. Suppose a third-party vendor increases rates or imposes new charges with less than 30 days’ notice. In that case, the Provider may pass through such increases, effective on the vendor’s effective date, with commercially reasonable advance notice to the Customer.
Optional CPI Method. In addition, the Provider may adjust recurring fees no more than once per 12-month period by up to the annual percentage change in the U.S. Consumer Price Index for All Urban Consumers (CPI-U), not to exceed 5 percent in any 12 months, with 30 days’ advance notice.

5. Invoicing, Payment, and Late Payment

5.1 Payment Terms. Payment is due per the Order terms (Due on Receipt, Net 15, or Net 30). Customer will maintain a valid billing profile under Schedule E.

5.2 Late Amounts. Amounts not received by the due date accrue interest from the due date until paid at the lesser of 1.5 percent per month or the maximum rate permitted by applicable law. Returned or rejected payments may incur a processing fee equal to Provider’s third-party fee plus 35 USD administrative cost.

5.3 Billing Disputes. The customer must notify the Provider of any good-faith fee dispute within 15 days of receiving the invoice, providing reasonable details. Undisputed amounts are due when stated. The parties will work in good faith to resolve disputes within 10 business days.

5.4 Chargebacks and Payment Disputes. Card network rules permit lawful chargebacks. The Customer agrees not to initiate a chargeback unless the Customer has first followed Section 5.3 and provided the Provider with a reasonable opportunity to resolve the issue. Initiating a chargeback without first following Section 5.3 is a material breach. If a chargeback occurs, the Customer is responsible for the actual third-party fees and reasonable administrative costs. The Provider may suspend the Services as per Section 6. This subsection does not waive Customer rights under applicable card network rules.

6. Suspension for Risk or Nonpayment

6.1 Security or Operational Risk. The Provider may suspend Services upon notice if the use of the Services poses an imminent security, legal, or operational risk. Provider will use commercially reasonable efforts to limit the scope and duration of any suspension.

6.2 Nonpayment. If any undisputed amount is more than 5 days past due, Provider may suspend Services after at least 2 business days’ prior notice. Fees continue to accrue during suspension. Reinstatement may require payment of a reasonable reactivation fee.

7. Termination

7.1 For Convenience. Either party may terminate an Order for convenience on at least 30 days prior written notice, effective at the end of the then-current monthly term. Prepaid amounts are non-refundable unless otherwise required by law.

7.2 For Cause. Either party may terminate for material breach not cured within 5 business days after written notice. Repeated unauthorized chargebacks, repeated AUP violations, or failure to maintain minimum security standards constitute a material breach.

7.3 Effect of Termination. On termination, Customer will pay all amounts due through the effective date, including non-cancelable third-party charges. Provider will provide offboarding assistance as a paid service. Data handling is per Section 10.

8. Third-Party Services and Licensing

8.1 Provider may resell or administer third-party software and cloud services. The Customer agrees to the applicable vendor terms outlined in Schedule C. The Provider is not liable for any vendor failures or changes.

8.2 Provider may change vendors or tooling in its discretion, provided material functionality is not materially degraded.

9. Confidentiality

Each party will protect the other party’s Confidential Information and use it only to perform under this Agreement. Non-disclosure obligations survive for three years after termination and are indefinite for trade secrets.

10. Security and Data Handling

10.1 Provider will implement commercially reasonable administrative, physical, and technical safeguards appropriate for SMB managed services.

10.2 For Managed Security, telemetry and alerts may be processed by Provider’s SOC partners per Schedule B.

10.3 Customer Data retention and deletion timelines are defined in applicable Schedules and Orders.

11. Warranties and Disclaimers

11.1 Provider warrants it will perform Services in a professional and workmanlike manner by trained personnel.
11.2 EXCEPT FOR EXPRESS WARRANTIES IN THIS AGREEMENT, THE SERVICES ARE PROVIDED “AS IS” WITHOUT OTHER WARRANTIES.

12. Limitation of Liability

12.1 Cap. Provider total liability for all claims in a contract year will not exceed the amounts paid by Customer for the affected Services in the 12 months before the claim.

12.2 Exclusions. Neither party is liable for lost profits, loss of business, or indirect, special, incidental, or consequential damages. These exclusions do not apply to breaches of confidentiality, IP infringement indemnity, or Customer payment obligations.

12.3 Exclusive Credits. Any service credits stated in an applicable vendor SLA or service schedule are the sole credits available for the covered service and are not cumulative with any other credits or remedies.

13. Indemnification

13.1 Provider will defend and indemnify Customer from third-party claims alleging that the Services as provided by Provider infringe intellectual property rights, subject to standard exclusions.

13.2 Customer will defend and indemnify Provider from third-party claims arising from Customer Data, Customer misuse of the Services, or AUP violations.

13.3 Mutual Indemnity for Confidentiality and Privacy

Each party will defend and indemnify the other party and its affiliates from third-party claims and resulting damages, costs, and reasonable attorneys’ fees to the extent arising from the indemnifying party’s breach of Section 9 (Confidentiality), violation of applicable privacy or data protection laws, or violation of the AUP. The indemnified party will promptly notify the indemnifying party and provide reasonable cooperation; failure to give prompt notice relieves obligations only to the extent of actual prejudice.

14. Compliance and Industry Obligations

The Services are not designed to ensure the Customer’s compliance with specific laws. Provider will support reasonable audits and provide standard documentation. Suppose the Customer requires specific regulated services, such as HIPAA business associate obligations or CJIS handling. In that case, these must be agreed upon in writing in an Order and may require additional fees, controls, and limitations.

15. Notices

Notices will be sent to the contacts listed on the Order. An email notice is valid if the receipt is confirmed or not returned as undeliverable.

16. Governing Law and Venue

This Agreement is governed by the laws of the State of Texas and applicable federal law, without regard to conflict of laws rules. The exclusive venue is the state or federal courts in Bexar County, Texas.

Each party waives any right to a trial by jury in any action arising out of or related to this Agreement. Any claim must be brought within two years after the date the cause of action accrues.

17. Miscellaneous

No assignment by Customer without Provider consent. Provider may assign in connection with a corporate reorganization or sale. Independent contractors. No third-party beneficiaries. Severability. Waiver only in writing. The Entire Agreement consists of this Agreement, Orders, Schedules, and referenced Policies.

17.1 Updates to Online Terms.

Provider may amend online terms referenced by this Agreement, including the Acceptable Use Policy, Privacy Policy, and Service Schedules published on Provider’s site, by posting the updated version and providing at least 30 days’ prior notice by email or portal post. Each amendment is binding on the effective date stated in the notice.

If the Customer does not agree to an amendment, the Customer may terminate the affected Order by providing written notice before the effective date. Upon termination under this Section 17.1, the Provider will refund any prepaid recurring fees for the unused portion of the terminated Order. The Customer remains responsible for fees incurred through the termination date and for any non-cancelable third-party charges or commitments. Customer may not continue to use the Services under a prior version of the online terms after the effective date.

Changes required by vendor terms, security requirements, or applicable law may take effect on shorter notice as reasonably necessary. Pricing changes are governed solely by Section 4.4.

Schedule A – Managed IT

Service Description and Service Targets

Purpose. This Schedule defines precisely what is included with Managed IT, how to engage support, operating targets, and what is out of scope. These targets are not SLAs and do not include service credits.

A1. Scope of Managed IT

Managed IT provides day-to-day IT operations and user support for covered users and devices as listed on the Order. Coverage is tied to the quantities of Named Users and Managed Endpoints on the Order.

A1.1 Included Services

  1. Help Desk and Remote Support during Service Hours for supported operating systems and standard business software.
  2. Endpoint Management via Provider Agent: Inventory, Health Monitoring, Remote Control, and Policy Enforcement.
  3. Patching for supported OS and typical applications per A4 Patch Policy.
  4. Anti-malware/EDR is included in the stack, along with deployment and monitoring of Provider‑approved agents.
  5. Identity and Collaboration Admin for Microsoft 365 and Google Workspace: user lifecycle, group and license changes, mailbox and file access adjustments.
  6. Network Troubleshooting for LAN, WLAN, and ISP issues at Customer sites under management; coordination with ISPs and vendors.
  7. Onboarding and Offboarding for end users per A6, including account creation/disable, standard device setup, and access changes.
  8. Vendor Liaison for covered services; Provider opens, tracks, and escalates tickets with major SaaS and hardware vendors as needed.
  9. Security Hygiene enforcement of baseline controls in A5, including MFA enforcement guidance and local admin governance.
  10. Standards and Advisory quarterly recommendations on lifecycle, security posture, and best practices.

A1.2 Optional Add‑Ons (if shown on Order)

  • Managed Backup, MDM, Advanced Email Security, Advanced Monitoring for servers, After‑Hours Support, and Onsite Allowance. If not listed on the Order, these are not included.

A2. How to Request Service

  • Ticketing: Submit via the client portal or support email; phone support is available for P1 issues.
  • Required details: impact, affected user or asset, steps to reproduce, urgency, and business deadline.
  • Change requests: Larger changes may require a mini-SOW to be executed before work begins.

A3. Operating Targets and Priorities

Operating targets apply to tickets opened correctly with the required details. Vendor or ISP outages, major incidents, or factors outside Provider control may impact targets.

Priority Definition Initial Response Target Update Cadence Target Resolution
P1 Critical Entire site or critical system down, widespread security incident 30 minutes during Service Hours; after‑hours if included on Order As material info becomes available Work to restore service as quickly as possible; ETA varies
P2 High Multiple users impacted or a major function degraded 1 hour during Service Hours Every business day 1 business day, where feasible
P3 Standard Single user or routine issue 4 business hours Every 2 business days 2 business days, where feasible
P4 Request/Change Non‑urgent moves, adds, changes 1 business day Weekly By the scheduled window

These targets are operating goals only and do not create service credits or failure-to-perform remedies.

Service Hours: Monday to Friday, 8:00 AM to 5:00 PM Central, excluding Provider holidays. After-hours support is available only if purchased at the published rates.

A4. Patch Policy

  • Windows and macOS: Monthly patch window with critical updates expedited. Restarts are coordinated with users where possible.
  • Third-party apps: Common apps, such as browsers, Java, and productivity tools, were patched where supported by the toolset.
  • Deferrals: Servers and specialty systems may require maintenance windows or customer testing before patching.

A5. Minimum Security Baseline

Customer agrees to maintain the following as a condition of support:

  1. MFA is enabled for all admin and user accounts in Microsoft 365 or Google Workspace.
  2. Supported OS versions; end‑of‑life systems are excluded unless covered by a separate SOW.
  3. Required agents installed: RMM, EDR/AV, and any logging components the Provider specifies.
  4. Privileged access is limited; local admin access is only granted for approved roles.
  5. Email security stack is enabled where included.

A6. User Lifecycle and Device Standards

  • Onboarding: Standard user account, MFA enrollment, mailbox, collaboration access, and one managed device setup. Advanced roles, shared mailboxes, and line‑of‑business apps may require billable effort.
  • Offboarding: Account disable, mailbox handling, license adjustments, and device deprovisioning steps. Data handling follows Section 10 of the MSA and any Order‑specific directions.

A7. Onsite Support

Remote work is primary. Onsite visits are scheduled as needed. If an Onsite Allowance is not listed on the Order, onsite services are billable at published rates, with travel terms and a 1-hour minimum per visit.

A8. Exclusions

  • Custom or proprietary applications beyond best‑effort triage
  • Development, complex integrations, or data migrations, unless scoped
  • Unsupported, end‑of‑life, or non‑standard hardware and OS
  • Facilities work, including cabling, electrical, HVAC, and physical moves
  • Compliance audits, eDiscovery, or legal holds, unless separately engaged

A9. Customer Responsibilities

  • Provide timely decisions, access, and accurate asset lists
  • Maintain valid licenses and warranties
  • Follow Provider guidance on security standards
  • Designate an internal primary contact and an after‑hours contact

A10. Dependencies and Limitations

Effectiveness depends on full deployment of required agents, a reasonable network and internet connectivity, and vendor platform availability. Provider is not responsible for vendor or ISP outages, or for changes imposed by vendors.

A11. Tooling and substitutions

The provider may change tools or vendors used to deliver the service, provided that material functionality is not materially degraded. Tooling changes that require Customer action will be communicated with reasonable notice.

A12. Reporting and reviews

  • Ticket and asset reporting available via the client portal

  • Periodic service reviews on request or as listed on the Order

  • Advisory on lifecycle, risk, and improvement items

A13. Escalation path

  • Service Desk Lead

  • Service Delivery Manager

  • Account Manager

  • Operations Manager

  • Director of Operations

Contact details will be provided during onboarding and kept up to date in the client portal.

A14. Version control

This Schedule may be updated according to the change mechanism outlined in the MSA. The version and effective date will be shown in the footer or revision history.

Revision history. Version November 3, 2025. Initial Managed IT schedule aligned to simplified service catalog.

Schedule B – Managed Security – Service Description and Service Targets

Overview. Managed Security provides 24×7 monitoring by a human-led SOC of enrolled systems and cloud workloads, triage of alerts, and escalation to Customer and Provider engineers for response.

Scope Components.

  • Deployment and management of approved EDR and logging agents
  • 24/7 SOC monitoring of security telemetry
  • Alert triage and severity classification
  • Escalation to Customer contacts for containment actions
  • Assistance with containment, eradication, and recovery during service hours, with after-hours support per Order
  • Monthly security summary and recommendations

Service Targets. Operating targets, not SLAs. No service credits apply.

  • Critical alert acknowledgment target: within 15 minutes, 24×7
  • High alert acknowledgment target: within 30 minutes, 24×7
  • Ticket updates: as material information is available

Limitations. Managed Security is not insurance and does not guarantee the prevention of all incidents. Effectiveness depends on the full deployment of required sensors and Customer adherence to minimum security standards.

Customer Responsibilities. Enable required logging sources, maintain currency of assets, and execute recommended containment actions promptly. Provide an after-hours on-call contact.

Schedule C – Third-Party Software and Licensing Terms

C1. Pass-Through Terms. Customer use of Microsoft 365, Google Workspace, Barracuda, Votiro, 1Password, Kaseya components, AWS, Google Cloud, Veeam, Ahsay, and Asigra is subject to each vendor’s standard terms and acceptable use policies. Where a Customer purchases services through a Provider, the Customer agrees to those terms as updated by the vendor from time to time.

C2. Changes Imposed by Vendors. Vendors may change pricing, features, APIs, and terms. Provider may implement such changes with commercially reasonable notice. If the vendor provides less than 30 days’ notice, Provider may pass through the change on the vendor’s effective date.

C3. SLA Credits – Exclusive Remedy. For any third-party service with a vendor SLA, any credits issued by the vendor are the sole and exclusive credits available for that service and are not additive to any other credits or remedies.

C4. Restores and Customer-Controlled Encryption Keys. Unless expressly purchased as a managed restoration service in an Order or SOW, Customer is responsible for initiating and performing restores using the applicable console or client. If the Customer uses customer-controlled encryption keys, the loss of these keys may render the data permanently unrecoverable, and it is the Customer’s responsibility.

Schedule D – Enhanced Billing Terms

Dispute-Managed Clients

This Schedule applies only if referenced on an Order for a designated customer or site.

  1. Payment Method. Recurring fees must be paid via ACH autopay. Cards may be accepted for one-time payments at the Provider’s discretion.
  2. Prepayment. The first month of recurring fees, plus any one-time onboarding fees, is due at the Time of Order execution.
  3. Security Deposit. At the Provider’s discretion, the Customer will maintain a refundable deposit equal to one month of recurring fees, which will be applied to the final invoice if the account is in good standing.
  4. Short-Pay and Chargebacks. The customer agrees to follow the dispute process outlined in Section 5.3 before initiating any short-pay or chargeback. Unauthorized chargebacks constitute a material breach and may result in immediate suspension after notice.
  5. Costs. Customer is responsible for actual third-party dispute fees and reasonable administrative expenses. Any liquidated amount stated is intended as a reasonable pre-estimate of costs and not a penalty.
  6. Termination for Nonpayment. If undisputed amounts remain unpaid 10 days after suspension, the Provider may terminate the affected Order upon written notice and accelerate the unpaid amounts for the remainder of the current month.

Schedule E – Payment Authorization and Billing Profiles

The Customer authorizes the Provider to initiate ACH debits and credits and to retain and use payment credentials in accordance with the Order terms. Customer will keep billing details current. Revocation of authorization requires 10 business days’ notice, along with alternative arrangements that are acceptable to the Provider.

Schedule F – Managed BCDR – Service Description and Service Targets

Purpose. Define backup, continuity, and recovery services, objectives, and responsibilities. Targets are operating goals and do not create service credits.

F1. Scope
Managed BCDR covers backup configuration, monitoring, and recovery for covered workloads listed on the Order. Workloads may include servers, endpoints, virtual machines, selected SaaS platforms, and cloud resources where supported by tooling.

F1.1 Components
– Backup software and agents approved by Provider
– Offsite replication to Provider-approved cloud storage or vendor cloud
– Optional on-premises continuity appliance if listed on the Order
– Backup job monitoring and alerting
– Retention management per the Order
– Periodic recovery testing as described in F5

F2. Recovery Objectives
– RPO – target maximum data loss measured in time
– RTO – target time to restore service to an operational state
RPO and RTO targets are selected based on the Order per workload. If not specified, defaults are RPO 24 hours and RTO best effort during Service Hours.

F3. Retention
Default retention follows the values listed on the Order. If not specified, defaults are 30 daily restore points, 12 weekly, and 3 monthly. Long-term retention or archival can be added at an additional cost.

F4. Monitoring and Response
– Backup job failures are reviewed each business day
– Alert acknowledgment target: 2 business hours during Service Hours
– Remediation steps are initiated as soon as reasonably possible

F5. Test Restores
– Included: one documented test restore per quarter per customer tenancy covering at least one representative workload
– Additional test restores or application-specific tests are available as billable services

F6. Restores and Disaster Recovery
– Small restores under 25 GB per request during Service Hours are included
– Large data restores, bare-metal recoveries, failover to continuity appliances, or cloud DR events require a change window and may be billable per the Order or SOW
– Customer designates recovery priorities and validates application functionality after restoration

F7. Customer Responsibilities
– Maintain credentials and access required to protected systems
– Keep in-scope systems powered on and reachable during backup windows
– Provide maintenance windows for patching or agent updates
– Promptly review recovery test reports and approve follow-up actions

F8. Limitations
– Devices not enrolled or repeatedly offline are out of scope
– Encrypted data without keys, corrupted filesystems, or vendor API limits may prevent recovery

– Legal holds and eDiscovery are not included unless separately engaged

Schedule G – Managed Compliance – Service Description and Service Targets

Purpose. Assist the Customer with compliance readiness, evidence collection, and control operation. Provider is not a law firm or a certification body.

G1. Scope
– Baseline risk assessment and gap analysis against a mutually selected framework, such as CIS Controls v8 or NIST CSF
– Policy library deployment and tailoring
– Control mapping and task calendar
– Evidence collection and repository organization in the agreed tool set
– Vendor risk questionnaire templates and tracking
– Quarterly compliance review and report

G2. Deliverables
– Initial gap report with prioritized remediation plan
– Policy set tailored to the Customer environment
– Control matrix with owners and due dates
– Evidence bundle for audits or customer questionnaires

G3. Service Targets
– Questionnaire triage within 2 business days
– Standard evidence requests fulfilled within 5 business days when the required data is available
– Monthly status summary available on request

G4. Customer Responsibilities
– Designate a compliance owner and executive sponsor
– Provide accurate information, timely access, and decision-making
– Complete remediation actions by agreed-upon due dates
– Engage legal counsel as needed for regulatory interpretation and contracts

G5. Limitations
– No guarantee of certification, audit pass, or regulator acceptance
– Third-party audit fees, penetration tests, and specialized legal documents are out of scope unless stated in an SOW

Schedule H – Managed Colocation – Service Description and Service Targets

Purpose. Provide managed services for Customer-owned equipment hosted in a third-party or Provider-managed data center.

H1. Scope
– Rack space allocation and inventory tracking
– Power and network provisioning coordination with the facility
– Remote hands coordination and onsite access scheduling
– Optional monitoring, OS patching, and hardware maintenance if listed on the Order
– Cross-connect requests and vendor coordination

H2. Service Targets
– Remote hands dispatch request submitted to the facility within 2 business hours during Service Hours
– Cross-connect orders submitted within 1 business day after receipt of complete information

H3. Customer Responsibilities
– Comply with facility security and access rules
– Maintain required insurance and provide an approved visitor list
– Supply rails, PDUs, and cabling that meet facility specifications
– Maintain warranties and spares for Customer-owned hardware

H4. Limitations
– Facility power, cooling, and carrier outages are the responsibility of the data center operator or carriers
– Provider is not responsible for data loss or corruption and recommends Managed BCDR coverage
– Bandwidth commits, burst billing, and cross-connect fees are pass-through items unless otherwise noted in the Order
 

Policy References

Assumptions

  • Governing law is Texas, with venue in Bexar County.
  • Standard response and acknowledgment targets are operating goals and not SLAs.
  • Managed Security relies on Provider-approved EDR and logging agents.
  • Vendor price increases or mandatory changes may occur without 30 days’ notice.

Revision History

  • Version: November 11, 2025 – Added Schedule F Managed BCDR, Schedule G Managed Compliance, and Schedule H Managed Colocation. Replaced Schedule C with explicit vendor pass-through terms, exclusive vendor SLA credits, and restores/customer-key clarity. Updated Section 4.4 to include an optional CPI adjustment method while retaining 30-day notice and vendor pass-through. Added Section 12.3 Exclusive Credits. Added Section 13.3 Mutual Indemnity for Confidentiality and Privacy. Appended jury-trial waiver and two-year claim limitation to Section 16. Added Section 17.1 Updates to Online Terms. Completed and expanded Schedule A. Formatting fixes and completion of Schedule A Managed IT service description, and targets.
  • Version: November 3, 2025 – Initial MSA draft aligning pricing notice, late payment, and dispute-managed terms; consolidates services to Managed IT and introduces Managed Security schedule.