Should Vulnerability Fixes Be Part of My MSP’s SLA?

Contracts are crucial here. My previous MSP included routine patching, but other enhancements were considered additional services. It’s all about understanding what’s in your managed services agreement and being proactive in those discussions with your account manager to clarify expectations.

Hi there! This should definitely be detailed in your service contract. Remediation can get complex, so be ready for some additional costs if analysis or significant fixes are necessary. If it's vague, make sure your contact in your organization discusses it with the MSP directly to clarify what's expected in future meetings.

As an MSP myself, I always refer back to the contract for what's included. If there's an optional service that covers vulnerability fixes, you'll need to authorize that. Otherwise, we usually find a way to include it under the current scope, or the scope may need to be expanded. Just keep in mind that while some issues might be quick fixes, others can take time and might involve extra costs depending on the situation.

It really comes down to how your contract is written. Each MSP might handle this differently.

From my experience, the arrangement varies. Most MSPs will include essential updates under the contract, but things like major hardware changes or third-party issues might be billable. It's best to assess the nature of the vulnerability and discuss with your MSP. Just remember, constant communication is key to avoiding surprise charges!