Master Services Agreement (MSA)

Parties. This Master Services Agreement (the “Agreement”) is entered into by and between Modern Managed IT, LLC, a Delaware limited liability company with principal operations in San Antonio, Texas (“Provider”), and the customer identified on an applicable Order (“Customer”).

Structure. This Agreement governs all services provided by Provider and is supplemented by Orders, Schedules, and Policies referenced below. In the event of conflict: Order controls, then any Service-Specific Schedule, then this Agreement, then the Acceptable Use Policy.

Definitions. Capitalized terms have the meanings given in this Agreement.
“Services” means the managed services selected on an Order.
“Managed IT” and “Managed Security” have the meanings in Schedules A and B.
“AUP” means the Acceptable Use Policy posted at https://www.modernmanagedit.com/aup as updated per this Agreement.
“Order” means a written or electronic order executed by both parties that identifies Services, term, quantities, and fees.
“SOC” means the human-led 24×7 security operations center engaged by Provider to monitor security telemetry for Managed Security.

1. Term and Renewal

1.1 Term. The Agreement begins on the Effective Date of the first Order and continues until terminated under Section 12. Each Order has an initial term stated in the Order. If no term is stated, the initial term is one month.
1.2 Renewal. Unless either party gives notice of non-renewal at least 30 days before the end of the then-current term, each Order auto-renews for successive one-month terms.

2. Services and Schedules

2.1 Managed Services. Provider will deliver the Services described in the applicable Schedules and Orders. Current standard Schedules are attached:

  • Schedule A – Managed IT – Service Description and Service Targets
  • Schedule B – Managed Security – Service Description and Service Targets
  • Schedule C – Third-Party Software and Licensing Terms
  • Schedule D – Enhanced Billing Terms – Dispute-Managed Clients (optional by Order)
  • Schedule E – Payment Authorization and Billing Profiles
    2.2 Changes to Schedules. Provider may update Schedules to reflect product or process changes, vendor requirements, or security standards. For material adverse changes to Customer, Provider will give at least 30 days notice, except where a vendor mandates a change with less notice, in which case Provider will pass through the change with as much notice as reasonably possible.
    2.3 Professional Services. Any project, onboarding, or consulting services will be defined in a Statement of Work and billed as one-time fees unless stated as recurring.

3. Customer Responsibilities

3.1 Provide accurate information, timely decisions, and access to systems, facilities, and personnel as reasonably required.
3.2 Maintain licensed and supported operating systems and software for all in-scope assets, unless otherwise agreed in writing.
3.3 Follow Provider guidance on minimum security standards, including multi-factor authentication, supported OS, patched systems, and deployment of required security agents.
3.4 Comply with the AUP.

4. Fees, Taxes, and Fee Changes

4.1 Fees. Customer will pay the recurring and one-time fees set forth in each Order.
4.2 Billing Cycle. Unless stated otherwise on an Order, recurring fees are billed monthly in advance. Usage and non-recurring fees are billed in arrears.
4.3 Taxes. Fees are exclusive of taxes. Customer is responsible for sales, use, VAT, GST, and similar taxes assessed on the Services, other than taxes on Provider net income.
4.4 Fee Increases. Provider may increase fees for Services with at least 30 days advance notice. Vendor Pass-Through Adjustments. If a third-party vendor increases rates or imposes new charges with less than 30 days notice, Provider may pass through such increases effective on the vendor effective date with commercially reasonable advance notice to Customer. Optional CPI Method. In addition, Provider may adjust recurring fees no more than once per 12-month period by up to the annual percentage change in the U.S. Consumer Price Index for All Urban Consumers (CPI-U), not to exceed 5 percent in any 12-month period, with 30 days advance notice.

5. Invoicing, Payment, and Late Payment

5.1 Payment Terms. Payment is due per the Order terms (Due on Receipt, Net 15, or Net 30). Customer will maintain a valid billing profile under Schedule E.
5.2 Late Amounts. Amounts not received by the due date accrue interest from the due date until paid at the lesser of 1.5 percent per month or the maximum rate permitted by applicable law. Returned or rejected payments may incur a processing fee equal to Provider’s third-party fee plus 35 USD administrative cost.
5.3 Billing Disputes. Customer must notify Provider of any good faith fee dispute within 15 days of invoice receipt with reasonable detail. Undisputed amounts are due when stated. The parties will work in good faith to resolve disputes within 10 business days.
5.4 Chargebacks and Payment Disputes. Card network rules permit lawful chargebacks. Customer agrees not to initiate a chargeback unless Customer has first followed Section 5.3 and provided Provider a reasonable opportunity to resolve. Initiating a chargeback without first following Section 5.3 is a material breach. If a chargeback occurs, Customer is responsible for the actual third-party fees and reasonable administrative costs, and Provider may suspend Services per Section 6. This subsection does not waive Customer rights under applicable card network rules.

6. Suspension for Risk or Nonpayment

6.1 Security or Operational Risk. Provider may suspend Services on notice if use of the Services poses an imminent security, legal, or operational risk. Provider will use commercially reasonable efforts to limit the scope and duration of any suspension.
6.2 Nonpayment. If any undisputed amount is more than 5 days past due, Provider may suspend Services after at least 2 business days prior notice. Fees continue to accrue during suspension. Reinstatement may require payment of a reasonable reactivation fee.

7. Termination

7.1 For Convenience. Either party may terminate an Order for convenience on at least 30 days prior written notice, effective at the end of the then-current monthly term. Prepaid amounts are non-refundable unless otherwise required by law.
7.2 For Cause. Either party may terminate for material breach not cured within 5 business days after written notice. Repeated unauthorized chargebacks, repeated AUP violations, or failure to maintain minimum security standards constitute material breach.
7.3 Effect of Termination. On termination, Customer will pay all amounts due through the effective date, including non-cancelable third-party charges. Provider will provide offboarding assistance as a paid service. Data handling is per Section 10.

8. Third-Party Services and Licensing

8.1 Provider may resell or administer third-party software and cloud services. Customer agrees to applicable vendor terms in Schedule C. Provider is not liable for vendor failures or changes.
8.2 Provider may change vendors or tooling in its discretion provided material functionality is not materially degraded.

9. Confidentiality

Each party will protect the other party’s Confidential Information and use it only to perform under this Agreement. Non-disclosure obligations survive for 3 years after termination, and indefinitely for trade secrets.

10. Security and Data Handling

10.1 Provider will implement commercially reasonable administrative, physical, and technical safeguards appropriate for SMB managed services.
10.2 For Managed Security, telemetry and alerts may be processed by Provider’s SOC partners per Schedule B.
10.3 Customer Data retention and deletion timelines are defined in applicable Schedules and Orders.

11. Warranties and Disclaimers

11.1 Provider warrants it will perform Services in a professional and workmanlike manner by trained personnel.
11.2 EXCEPT FOR EXPRESS WARRANTIES IN THIS AGREEMENT, THE SERVICES ARE PROVIDED “AS IS” WITHOUT OTHER WARRANTIES.

12. Limitation of Liability

12.1 Cap. Provider total liability for all claims in a contract year will not exceed the amounts paid by Customer for the affected Services in the 12 months before the claim.
12.2 Exclusions. Neither party is liable for lost profits, loss of business, or indirect, special, incidental, or consequential damages. These exclusions do not apply to breaches of confidentiality, IP infringement indemnity, or Customer payment obligations.
12.3 Exclusive Credits. Any service credits stated in an applicable vendor SLA or service schedule are the sole credits available for the covered service and are not cumulative with any other credits or remedies.

13. Indemnification

13.1 Provider will defend and indemnify Customer from third-party claims alleging that the Services as provided by Provider infringe intellectual property rights, subject to standard exclusions.
13.2 Customer will defend and indemnify Provider from third-party claims arising from Customer Data, Customer misuse of the Services, or AUP violations.
13.3 Mutual Indemnity for Confidentiality and Privacy. Each party will defend and indemnify the other party and its affiliates from third-party claims and resulting damages, costs, and reasonable attorneys’ fees to the extent arising from the indemnifying party’s breach of its confidentiality obligations under Section 9, violation of applicable privacy or data protection laws, or violation of the AUP. The indemnified party will promptly notify the indemnifying party and provide reasonable cooperation; failure to give prompt notice relieves obligations only to the extent of actual prejudice.

14. Compliance and Industry Obligations

The Services are not designed to make Customer compliant with specific laws. Provider will support reasonable audits and provide standard documentation. If Customer requires specific regulated services such as HIPAA business associate obligations or CJIS handling, those must be agreed in writing in an Order and may require additional fees, controls, and limitations.

15. Notices

Notices will be sent to the contacts listed on the Order. Email notice is valid if receipt is confirmed or not returned as undeliverable.

16. Governing Law and Venue

This Agreement is governed by the laws of the State of Texas and applicable federal law, without regard to conflicts rules. Exclusive venue is state or federal courts in Bexar County, Texas.

Each party waives any right to a trial by jury in any action arising out of or related to this Agreement. Any claim must be brought within two years after the date the cause of action accrues.

17. Miscellaneous

No assignment by Customer without Provider consent. Provider may assign in connection with corporate reorganization or sale. Independent contractors. No third-party beneficiaries. Severability. Waiver only in writing. Entire Agreement consists of this Agreement, Orders, Schedules, and referenced Policies.

17.1 Updates to Online Terms. Provider may amend online forms referenced by this Agreement (including the AUP, Privacy Policy, and service Schedules published on Provider’s site) on 30 days advance notice by email or portal post. If Customer objects in writing within the 30-day period, the amendment will not apply to the then-current term of any Order and Provider may, at its option, (a) allow the prior version to remain in effect until renewal, or (b) terminate the affected Order and refund any prepaid fees for unused Services. Updates required by vendor terms or law may take effect on shorter notice as reasonably necessary.

Schedule A – Managed IT

Service Description and Service Targets

Purpose. This Schedule defines exactly what is included with Managed IT, how to engage support, operating targets, and what is out of scope. These targets are not SLAs and do not include service credits.

A1. Scope of Managed IT

Managed IT provides day-to-day IT operations and user support for covered users and devices as listed on the Order. Coverage is tied to the quantities of Named Users and Managed Endpoints on the Order.

A1.1 Included Services
  1. Help Desk and Remote Support during Service Hours for supported operating systems and standard business software.
  2. Endpoint Management via Provider agent: inventory, health monitoring, remote control, policy enforcement.
  3. Patching for supported OS and common applications per A4 Patch Policy.
  4. Anti‑malware/EDR where included in the stack; deployment and monitoring of Provider‑approved agents.
  5. Identity and Collaboration Admin for Microsoft 365 and Google Workspace: user lifecycle, group and license changes, mailbox and file access adjustments.
  6. Network Troubleshooting for LAN, WLAN, ISP issues at Customer sites under management; coordination with ISPs and vendors.
  7. Onboarding and Offboarding for end users per A6, including account creation/disable, standard device setup, and access changes.
  8. Vendor Liaison for covered services; Provider opens, tracks, and escalates tickets with major SaaS and hardware vendors as needed.
  9. Security Hygiene enforcement of baseline controls in A5, including MFA enforcement guidance and local admin governance.
  10. Standards and Advisory quarterly recommendations on lifecycle, security posture, and best practices.
A1.2 Optional Add‑Ons (if shown on Order)
  • Managed Backup, MDM, Advanced Email Security, Advanced Monitoring for servers, After‑Hours Support, and Onsite Allowance. If not listed on the Order, these are not included.

A2. How to Request Service

  • Ticketing: Submit via client portal or support email; phone available for P1 issues.
  • Required details: impact, affected user or asset, steps to reproduce, urgency, and business deadline.
  • Change requests: Larger changes may require a mini‑SOW before work begins.

A3. Operating Targets and Priorities

Operating targets apply to tickets opened correctly with required details. Targets may be impacted by vendor or ISP outages, major incidents, or factors outside Provider control.

PriorityDefinitionInitial Response TargetUpdate CadenceTarget Resolution
P1 CriticalEntire site or critical system down, widespread security incident30 minutes during Service Hours; after‑hours if included on OrderAs material info becomes availableWork to restore service as quickly as possible; ETA varies
P2 HighMultiple users impacted or a major function degraded1 hour during Service HoursEvery business day1 business day where feasible
P3 StandardSingle user or routine issue4 business hoursEvery 2 business days2 business days where feasible
P4 Request/ChangeNon‑urgent moves, adds, changes1 business dayWeeklyBy scheduled window

These targets are operating goals only and do not create service credits or failure-to-perform remedies.

Service Hours: Monday to Friday, 8:00 AM to 5:00 PM Central, excluding Provider holidays. After‑Hours Support is available only if purchased on the Order or at published rates.

A4. Patch Policy

  • Windows and macOS: Monthly patch window with critical updates expedited. Restarts coordinated with users where possible.
  • Third‑party apps: Common apps such as browsers, Java, and productivity tools patched where supported by the toolset.
  • Deferrals: Servers and specialty systems may require maintenance windows or customer testing prior to patching.

A5. Minimum Security Baseline

Customer agrees to maintain the following as a condition of support:

  1. MFA enabled for all admin and user accounts in Microsoft 365 or Google Workspace.
  2. Supported OS versions; end‑of‑life systems are excluded unless covered by a separate SOW.
  3. Required agents installed: RMM, EDR/AV, and any logging components Provider specifies.
  4. Privileged access limited; local admin only for approved roles.
  5. Email security stack enabled where included.

A6. User Lifecycle and Device Standards

  • Onboarding: Standard user account, MFA enrollment, mailbox, collaboration access, and one managed device setup. Advanced roles, shared mailboxes, and line‑of‑business apps may require billable effort.
  • Offboarding: Account disable, mailbox handling, license adjustments, and device deprovisioning steps. Data handling follows Section 10 of the MSA and any Order‑specific directions.

A7. Onsite Support

Remote work is primary. Onsite visits are scheduled as needed. If an Onsite Allowance is not listed on the Order, onsite is billable at published rates with travel terms and a 1‑hour minimum per visit.

A8. Exclusions

  • Custom or proprietary applications beyond best‑effort triage
  • Development, complex integrations, or data migrations unless scoped
  • Unsupported, end‑of‑life, or non‑standard hardware and OS
  • Facilities work including cabling, electrical, HVAC, and physical moves
  • Compliance audits, eDiscovery, or legal holds unless separately engaged

A9. Customer Responsibilities

  • Provide timely decisions, access, and accurate asset lists
  • Maintain valid licenses and warranties
  • Follow Provider guidance on security standards
  • Designate an internal primary contact and after‑hours contact

A10. Dependencies and Limitations

Effectiveness depends on full deployment of required agents, reasonable network and internet connectivity, and vendor platform availability. Provider is not responsible for vendor or ISP outages, or for changes imposed by vendors.

A11. Tooling and substitutions

Provider may change tools or vendors used to deliver the service if material functionality is not materially degraded. Tooling changes that require Customer action will be communicated with reasonable notice.

A12. Reporting and reviews

  • Ticket and asset reporting available via the client portal

  • Periodic service reviews on request or as listed on the Order

  • Advisory on lifecycle, risk, and improvement items

A13. Escalation path

  • Service Desk Lead

  • Service Delivery Manager

  • Account Manager

  • Operations Manager

  • Director of Operations

Contact details will be provided on onboarding and kept current in the client portal.

A14. Version control

This Schedule may be updated per the change mechanism in the MSA. The version and effective date will be shown in the footer or revision history.

Revision history. Version November 3, 2025. Initial Managed IT schedule aligned to simplified service catalog.

Schedule B – Managed Security – Service Description and Service Targets

Overview. Managed Security provides 24×7 monitoring by a human-led SOC of enrolled systems and cloud workloads, triage of alerts, and escalation to Customer and Provider engineers for response.

Scope Components.

  • Deployment and management of approved EDR and logging agents
  • 24×7 SOC monitoring of security telemetry
  • Alert triage and severity classification
  • Escalation to Customer contacts for containment actions
  • Assistance with containment, eradication, and recovery during service hours, with after-hours support per Order
  • Monthly security summary and recommendations

Service Targets. Operating targets, not SLAs. No service credits apply.

  • Critical alert acknowledgment target: within 15 minutes, 24×7
  • High alert acknowledgment target: within 30 minutes, 24×7
  • Ticket updates: as material information is available

Limitations. Managed Security is not insurance and does not guarantee prevention of all incidents. Effectiveness depends on full deployment of required sensors and Customer adherence to minimum-security standards.

Customer Responsibilities. Enable required logging sources, maintain currency of assets, and execute recommended containment actions promptly. Provide an after-hours on-call contact.

Schedule C – Third-Party Software and Licensing Terms

C1. Pass-Through Terms. Customer use of Microsoft 365, Google Workspace, Barracuda, Votiro, 1Password, Kaseya components, AWS, Google Cloud, Veeam, Ahsay, and Asigra is subject to each vendor’s standard terms and acceptable use policies. Where Customer purchases such services through Provider, Customer agrees to those terms as updated by the vendor from time to time.

C2. Changes Imposed by Vendors. Vendors may change pricing, features, APIs, and terms. Provider may implement such changes with commercially reasonable notice; if the vendor provides less than 30 days notice, Provider may pass through the change on the vendor’s effective date.

C3. SLA Credits – Exclusive Remedy. For any third-party service with a vendor SLA, any credits issued by the vendor are the sole and exclusive credits available for that service and are not additive to any other credits or remedies.

C4. Restores and Customer-Controlled Encryption Keys. Unless expressly purchased as a managed restoration service in an Order or SOW, Customer is responsible for initiating and performing restores using the applicable console or client. If Customer uses customer-controlled encryption keys, loss of keys may render data permanently unrecoverable and is Customer’s responsibility.

Schedule D – Enhanced Billing Terms

Dispute-Managed Clients

This Schedule applies only if referenced on an Order for a designated customer or site.

  1. Payment Method. Recurring fees must be paid via ACH autopay. Cards may be accepted for one-time payments at Provider discretion.
  2. Prepayment. First month of recurring fees plus any one-time onboarding fees are due at Order execution.
  3. Security Deposit. At Provider discretion, Customer will maintain a refundable deposit equal to one month of recurring fees, applied to the final invoice if account is in good standing.
  4. Short-Pay and Chargebacks. Customer agrees to follow the dispute process in Section 5.3 prior to any short-pay or chargeback. Unauthorized chargebacks constitute a material breach and may result in immediate suspension after notice.
  5. Costs. Customer is responsible for actual third-party dispute fees and reasonable administrative costs. Any liquidated amount stated is intended as a reasonable pre-estimate of costs and not a penalty.
  6. Termination for Nonpayment. If undisputed amounts remain unpaid 10 days after suspension, Provider may terminate the affected Order on written notice and accelerate unpaid amounts for the remainder of the current month.

Schedule E – Payment Authorization and Billing Profiles

Customer authorizes Provider to initiate ACH debits and credits and to retain and use payment credentials per Order terms. Customer will keep billing details current. Revocation of authorization requires 10 business days notice and alternative arrangements acceptable to Provider.

Policy References

Assumptions

  • Governing law is Texas with venue in Bexar County.
  • Standard response and acknowledgment targets are operating goals and not SLAs.
  • Managed Security relies on Provider-approved EDR and logging agents.
  • Vendor price increases or mandatory changes may occur without 30 days notice.

Revision History

  • Version: November 3, 2025 – Initial MSA draft aligning pricing notice, late payment, and dispute-managed terms; consolidates services to Managed IT and introduces Managed Security schedule.