I'm trying to figure out how to handle vulnerability fixes on our network with our MSP. It's not entirely clear if these fixes fall within our service level agreement (SLA), but it seems reasonable to think that if they're responsible for setting up and securing our network, they should handle any vulnerabilities they find. How do other organizations manage this with their MSPs? Any insights would be appreciated!
4 Answers
Honestly, make sure to thoroughly review your contracts. I've seen issues where the MSPs were not effective and left clients with unresolved vulnerabilities. It’s critical to stay informed about the latest vulnerabilities (CVE) and ensure your MSP is following best practices. If they’re not, you might need to consider whether they’re the right fit for your security needs.
In some cases, minor fixes like software updates might be included, but a deeper issue caused by misconfigurations might require billable work. It's best to discuss openly with your account manager if you're unsure about what's covered. If it’s something you can fix on your own that’s not highly specialized, sometimes it's more cost-effective to handle it internally if that's feasible for your team.
Got it! I’ll try to understand what can be handled internally versus what needs to be done by them.
It all comes down to how your contract is worded. Every MSP has different terms, so it’s essential to check your specific agreement to see what’s included regarding vulnerability fixes. If the contract allows for optional services, you might need to authorize those fixes, otherwise, they might be considered extra work.
From my experience, it’s crucial to read your service contract carefully. Vulnerability remediation isn’t always just a quick fix like applying a patch; sometimes it involves detailed discovery or analysis. If the scope isn’t clear, have your team bring this up in the next meeting with your MSP. It's important to clarify during those discussions what’s included and what could incur additional costs.
Thanks for the advice! I’ll definitely make sure to bring this up in our next meeting.
I second that! Clear communication with your MSP can save you from unexpected costs.
Definitely agree! It’s about knowing what falls under your managed services.