MSP Service Agreement Template

Service Agreement

1. Introduction

1.1 Overview of Agreement

This Master Service Agreement (“Agreement”) is entered into as of December 19, 2024 by and between Bonelli Systems (“Service Provider”), a leading provider of Managed IT Services and Cybersecurity Solutions, and [Client Name] (“Client”). The purpose of this Agreement is to establish the terms and conditions under which the Service Provider will deliver the defined services to the Client, ensuring the highest levels of performance, security, and operational efficiency.

1.2 Parties to the Agreement

• Bonelli Systems (Service Provider): A Microsoft Gold Partner specializing in infrastructure management, cybersecurity, and business automation services.
• [Client Name]: The recipient of the services outlined in this Agreement, represented by authorized personnel responsible for fulfilling client obligations under this Agreement.

1.3 Intent of Agreement

This Agreement is designed to:
• Define the scope of services provided by Bonelli Systems.
• Outline the responsibilities and obligations of both parties.
• Establish key performance indicators and service levels.
• Ensure mutual understanding and clear communication throughout the term of the Agreement.

1.4 Definitions and Key Terms

For clarity and consistency, the following terms shall have the meanings assigned below:
• “Services”: The managed IT, cybersecurity, and related solutions described in this Agreement and its schedules.
• “Client”: The individual or organization receiving the services provided by Bonelli Systems.
• “Service Level Agreement (SLA)”: A formal commitment to service quality, uptime, and resolution times as detailed in Section 4.
• “Runbook”: A standardized set of instructions provided by the Client, detailing specific IT processes that Bonelli Systems agrees to follow.
• “Authorized Personnel”: Individuals designated by the Client to request and receive services under this Agreement.
• “Service Order”: A formal document specifying particular services to be provided, timelines, and associated fees.

1.5 Agreement Structure

This Agreement consists of the main body and the following attachments and schedules:
• Service Descriptions and Deliverables (Appendix A)
• SLA Metrics and Standards (Appendix B)
• Pricing Schedule (Appendix C)
• Exclusions and Limitations (Appendix D)

1.6 Duration of Agreement

The Agreement shall commence on the Effective Date and remain in effect for a period of [Initial Term, e.g., 12 months]. It will automatically renew for successive terms of equal duration unless terminated as outlined in Section 10.

1.7 Governing Principles

Both parties agree to uphold the principles of integrity, confidentiality, and professionalism throughout the duration of this Agreement. Bonelli Systems commits to providing services in alignment with industry best practices, leveraging expertise in Microsoft technologies, cybersecurity frameworks, and IT automation.

2. Scope of Services

2.1 General Scope

Bonelli Systems will provide the Client with managed IT and cybersecurity services, as detailed below. These services are designed to optimize the Client’s IT environment, enhance operational efficiency, and ensure robust cybersecurity measures. The exact nature, deliverables, and boundaries of these services are defined in the respective subsections.

2.2 Managed IT Services

• Remote Monitoring & Management (RMM): Continuous monitoring of servers, workstations, and network devices to ensure optimal performance and uptime.
• Patch Management: Proactive updates for operating systems and supported third-party applications to address vulnerabilities and improve system stability.
• Endpoint Detection & Response (EDR): Advanced threat detection and incident response capabilities for endpoints, leveraging behavior analytics and AI-powered tools.
• Backup and Recovery: Regularly scheduled backups of critical data and restoration support in case of data loss.

2.3 Cybersecurity Services

• Managed Detection & Response (MDR): Real-time threat monitoring, analysis, and mitigation across the Client’s IT environment.
• Dark Web Monitoring: Continuous scanning of the dark web to detect potential breaches or compromised Client data.
• Email Security: AI-powered tools to filter and prevent phishing, malware, and other email-based threats.
• Security Awareness Training: Regular training sessions to educate the Client’s staff on identifying and mitigating cyber threats.

2.4 Network Operations Center (NOC) Services

• Alert Monitoring and Remediation: 24/7 monitoring of network and system alerts, with remediation or escalation as required.
• Custom Patch Policies: Implementation of tailored patch management policies for security-critical updates.
• Monthly Executive Reporting: Comprehensive reports detailing ticket volumes, resolution times, and system performance trends.

2.5 Help Desk Services

• Level 1 Support: Resolution of basic IT issues, including password resets, application troubleshooting, and connectivity issues.
• Level 2 Support: Advanced troubleshooting of complex hardware, software, and network issues that require specialized expertise.
• Support Channels: Assistance via phone, email, or remote session tools, 24/7/365.

2.6 Backup Monitoring and Management

• Unitrends Backup Monitoring: Proactive monitoring and alerting on backup job statuses to ensure successful data protection.
• Escalation Support: Engaging the Client for unresolved backup issues during business and after-hours.

2.7 Patch Management

• Scheduled Updates: Deployment of critical security and software updates during agreed maintenance windows.
• Compliance Reporting: Detailed monthly reports to verify patch compliance and identify potential gaps.

2.8 Exclusions and Limitations

The scope of services is subject to the limitations outlined in Section 3. Certain tasks or requirements may fall outside the defined scope and will require separate agreements or addendums.

2.9 Customization and Onboarding

Bonelli Systems will work with the Client to tailor services during onboarding to meet specific business needs. Customizations may include:
• Integration with Client workflows and third-party tools.
• Configuration of monitoring thresholds and alerting protocols.
• Development of Client-specific escalation paths and notification procedures.

2.10 Service Delivery Approach

All services will be delivered in accordance with Bonelli Systems’ best practices, utilizing a combination of automated tools, remote management platforms, and highly skilled engineers. Service updates and progress will be communicated regularly through agreed-upon channels.

3. Exclusions and Limitations

3.1 General Exclusions

Bonelli Systems will provide services as defined in Section 2, but certain activities, tasks, and scenarios fall outside the scope of this Agreement. These exclusions are critical for ensuring a clear understanding of responsibilities and boundaries between the Service Provider and Client. Services not explicitly included are considered excluded.

3.2 Network Operations Center (NOC) Exclusions

• Unsupported Monitoring: NOC services do not include monitoring or alerts from unsupported third-party backup, anti-virus, or patch applications unless configured within Kaseya VSA.
• Custom or Complex Monitoring: Additional or third-party application-based monitoring (e.g., beyond standard thresholds or parameters) must be discussed and scoped separately.
• Unsupported Environments: Systems not maintained at a supported version level, or operating systems and devices not listed in Appendix A, are excluded from coverage.
• Direct Vendor Communication: The NOC team will not contact third-party hardware, software vendors, or ISPs for support without prior agreement.

3.3 Help Desk Exclusions

• Onsite Support: Help Desk services are limited to remote assistance. Physical intervention with devices or systems is excluded.
• Projects and Bulk Actions: Support for projects impacting multiple users, such as major software rollouts, hardware deployments, or system migrations, are outside the scope.
• Unclear or Undefined Issues: Tasks requiring more than 60 minutes of combined Level 1 and Level 2 support without clear resolution paths will be escalated back to the Client.
• Unsupported Software and Devices: Systems, applications, or devices that have reached End of Life (EOL) or End of Support (EOS) are not covered unless explicitly documented in a signed Runbook.

3.4 Patch Management Exclusions

• Feature Upgrades: Upgrades to new software versions or major feature releases are excluded.
• Unsupported Operating Systems: Linux and Mac OS patching beyond Kaseya-supported capabilities is not provided.
• Zero-Day Patches Without Notice: Emergency patching for zero-day vulnerabilities requires 24-hour advance notice for scheduling.
• Custom Testing: Patch testing, whitelisting, or environment-specific validation are excluded unless agreed upon during onboarding.

3.5 Backup and Recovery Exclusions

• Unsupported Backup Solutions: Monitoring and troubleshooting of backup applications outside the supported list (e.g., Unitrends) are excluded.
• Restoration Scenarios: Data recovery requiring physical intervention or restoration involving unverified backups falls outside the scope.

3.6 Client Responsibility Exclusions

• Incomplete Information: Services cannot proceed if the Client fails to provide required credentials, documentation, or access permissions.
• Unauthorized Changes: The Client is responsible for addressing incidents caused by unauthorized changes to the IT environment.

3.7 Device and System Exclusions

The following device types and systems are excluded unless explicitly agreed:
• Dumb terminals, headless devices, telephony systems, and network storage appliances.
• Non-company-issued mobile devices or personal equipment.
• Devices or applications with limited manufacturer or vendor support.

3.8 Customization and Out-of-Scope Work

Requests for customization, changes, or work outside the defined scope (e.g., additional monitoring configurations, workflows, or third-party integrations) may be accommodated under a separate agreement or statement of work (SOW).

3.9 General Service Limitations

• Force Majeure: Events outside of Bonelli Systems’ control (e.g., natural disasters, cyberattacks) that impact service delivery are excluded from liability.
• Resolution Time Limits: While best efforts will be made to resolve issues within SLA timeframes, not all issues can be resolved without Client involvement or escalation.

3.10 Communication of Exclusions

Bonelli Systems will inform the Client in a timely manner if a requested service falls outside the defined scope, providing alternative solutions or recommendations where possible.

4. Service Level Agreements (SLAs)

4.1 Purpose of the SLA

The Service Level Agreement (SLA) establishes measurable performance standards and ensures alignment between Bonelli Systems and the Client regarding service expectations. These SLAs apply to all services under this Agreement unless otherwise stated in specific service orders.

4.2 Availability and Uptime Guarantees

Bonelli Systems will ensure the following availability targets for its services:
• Managed IT Services: 99.9% uptime for remote monitoring and management systems, excluding scheduled maintenance.
• Help Desk Services: 24/7/365 availability for Level 1 and Level 2 support via phone, email, or ticketing system.
Exceptions:
The uptime guarantees exclude downtime caused by:
• Scheduled maintenance, with at least 48 hours prior notice.
• Force majeure events.
• Client-controlled changes impacting system availability.

4.3 Response and Resolution Times

Bonelli Systems will adhere to the following response and resolution times based on incident severity:

Incident Priority	Definition	Response Time	Resolution Time
Critical	System-wide outages, security breaches, or major operational impacts.	Within 30 minutes	4 hours or escalation
High	System-wide outages, security breaches, or major operational impacts.	Within 1 hour	8 hours or escalation
Medium	Non-critical issues affecting individual users or applications.	Within 4 hours	24 hours or escalation
Low	General inquiries or non-urgent requests.	Within 8 hours	Best effort within 72 hours
Note: Resolution times may vary for complex issues requiring vendor assistance or client input.

4.4 Escalation Procedures

Issues that cannot be resolved within the specified timeframe will be escalated as follows:
1. Initial Tier Escalation: Escalation from Level 1 to Level 2 support or NOC engineers within 30 minutes for unresolved Critical or High-priority incidents.
2. Client Notification: Bonelli Systems will notify designated Client contacts for unresolved issues, providing status updates and resolution plans.
3. Vendor Escalation: Where applicable, third-party vendor support will be engaged for issues outside Bonelli Systems’ direct control.

4.5 Proactive Monitoring and Incident Management

• Alert Monitoring: 24/7 monitoring of system alerts, categorized by severity (Critical, High, Medium, Low).
• Incident Documentation: All incidents will be logged, including details of actions taken, root cause analysis, and recommended preventive measures.
• Monthly Reporting: Performance metrics and SLA adherence will be reviewed and shared with the Client in monthly reports.

4.6 Client Responsibilities Under SLAs

For SLAs to remain enforceable, the Client must:
• Maintain required access and permissions for Bonelli Systems to perform services.
• Respond promptly to requests for information or approvals necessary for incident resolution.
• Ensure IT environments remain compliant with prerequisites defined during onboarding.

4.7 Remedies for SLA Breaches

If Bonelli Systems fails to meet SLA commitments without just cause, the Client is entitled to the following remedies:
• Service Credits: Pro-rated service credits for the affected service during the breach period.
• Escalation Review: Dedicated review with senior management to address and prevent recurring SLA breaches.

4.8 SLA Review and Adjustments

SLAs will be reviewed periodically to ensure they reflect the Client’s evolving business needs. Adjustments may be made with mutual agreement between Bonelli Systems and the Client.

5. Client Responsibilities

5.1 Overview

The Client acknowledges that their cooperation, timely response, and adherence to the outlined responsibilities are critical for the successful delivery of services under this Agreement. These responsibilities ensure that Bonelli Systems can provide uninterrupted and effective service.

5.2 Access and Permissions

The Client agrees to provide the following:
• System Access: Administrative credentials for servers, workstations, and other devices within the scope of services.
• Third-Party Tools: Access to third-party tools, platforms, or software required for monitoring, maintenance, and support.
• Physical Access: Where necessary, physical access to Client facilities or equipment to facilitate troubleshooting or setup.

5.3 Environment Maintenance

The Client is responsible for ensuring their IT environment meets the following prerequisites:
• Supported Versions: All operating systems, software, and hardware must remain within their vendor-supported lifecycle (e.g., not End of Life or End of Support).
• Licenses and Subscriptions: All required software and platform licenses must remain active and in compliance with vendor agreements.
• Device and Network Readiness: Devices and network infrastructure must meet minimum technical specifications as defined during onboarding.

5.4 Communication Protocols

To ensure efficient service delivery, the Client will:
• Designate Authorized Contacts: Provide Bonelli Systems with a list of key personnel authorized to request or approve services.
• Incident Reporting: Report incidents or issues promptly via agreed communication channels (e.g., phone, email, ticketing system).
• Timely Responses: Respond to requests for information or approvals within a reasonable timeframe to avoid delays in resolution.

5.5 Security and Compliance

The Client is responsible for adhering to security best practices and compliance requirements, including but not limited to:
• Endpoint Protection: Ensuring that all devices under management are enrolled in supported endpoint security solutions.
• Data Privacy: Complying with applicable data protection regulations (e.g., GDPR, HIPAA).
• Restricted Access: Avoiding unauthorized access or changes to managed systems that may disrupt services.

5.6 Backups and Disaster Recovery

While Bonelli Systems provides backup monitoring and management services, the Client retains responsibility for:
• Critical Data Identification: Identifying and communicating which data or systems are critical for business continuity.
• Backup Verification: Regularly reviewing and testing backups to ensure accuracy and completeness.
• Data Recovery Scenarios: Providing necessary resources for recovery processes in the event of major incidents.

5.7 Customization Requests

Any requests for customized workflows, monitoring setups, or additional services beyond the defined scope must:
• Be clearly documented and submitted via the agreed communication channel.
• Include all necessary technical details to support implementation.
• Be reviewed and mutually agreed upon, with potential impacts to pricing or timelines noted in a separate statement of work (SOW).

5.8 Unauthorized Changes or Incidents

The Client agrees to avoid making changes to the IT environment without notifying Bonelli Systems. The Client will:
• Document Changes: Communicate any planned changes in advance to minimize disruptions.
• Address Self-Created Incidents: Be responsible for rectifying issues caused by unauthorized modifications.

5.9 Payment of Fees

The Client will ensure timely payment of all fees as outlined in Section 7. Failure to do so may result in service suspension until payment is received.

5.10 Review and Feedback

To optimize service quality, the Client will:
• Participate in Reviews: Engage in regular service performance reviews and feedback sessions.
• Report Discrepancies: Notify Bonelli Systems immediately if any discrepancies or concerns arise regarding service delivery or SLA adherence.

6. Customization and Onboarding

6.1 Purpose

This section outlines the process for onboarding the Client to Bonelli Systems’ services and the customization options available to tailor the service delivery model to the Client’s specific business needs.

6.2 Onboarding Process

The onboarding process ensures a smooth transition and alignment of Bonelli Systems’ services with the Client’s operational requirements. The steps include:
1. Initial Consultation:
o Conduct a detailed review of the Client’s IT environment, including network infrastructure, devices, applications, and security measures.
o Define service requirements, key performance indicators (KPIs), and escalation workflows.
2. Environment Assessment:
o Perform a comprehensive network and vulnerability assessment to identify risks and areas for improvement.
o Document existing configurations, system dependencies, and compliance requirements.
3. Configuration and Setup:
o Deploy agents and monitoring tools on all devices within the scope of services.
o Set up patch management policies, backup routines, and cybersecurity tools in accordance with Bonelli Systems’ best practices.
o Configure notification channels and escalation paths for incident reporting and management.
4. Documentation and Runbooks:
o Develop and maintain Runbooks outlining standard operating procedures, escalation protocols, and troubleshooting steps specific to the Client’s environment.
5. Testing and Validation:
o Test all deployed tools, including monitoring thresholds, alert mechanisms, and backup routines, to ensure proper functionality.
o Fine-tune configurations based on results and Client feedback.
6. Go-Live:
o Transition services to full operational status.
o Provide Client with a comprehensive onboarding report and confirm readiness for service delivery.

6.3 Customization Options

Bonelli Systems recognizes that each Client’s IT environment is unique and offers the following customization options:
• Monitoring and Alerting:
o Adjust alert thresholds, categories, and notification methods (e.g., SMS, email, phone) to align with Client priorities.
o Configure additional monitoring for specific applications, databases, or systems upon request.
• Patch Management Policies:
o Customize patch schedules to minimize disruptions during critical business hours.
o Exclude or prioritize specific applications or systems for patching based on Client preferences.
• Help Desk Workflows:
o Integrate Client-specific workflows, including ticket categorization, priority settings, and escalation procedures.
o Customize response templates and knowledge base entries to reflect Client-specific terminologies.
• Reporting and Analytics:
o Modify executive reports to include Client-specific metrics, trends, and KPIs.
o Incorporate additional insights such as cost analysis or risk assessments upon request.

6.4 Roles and Responsibilities

• Bonelli Systems’ Responsibilities:
o Provide technical expertise and resources required for onboarding and customization.
o Deliver all tools, configurations, and documentation necessary for seamless service delivery.
• Client Responsibilities:
o Provide access to all systems, platforms, and personnel required for onboarding.
o Clearly communicate any unique requirements or preferences for customization.
o Review and approve configurations, runbooks, and test results before the Go-Live phase.

6.5 Onboarding Timelines

Bonelli Systems will complete the onboarding process within [Number of Weeks, e.g., 4 weeks] from the Effective Date of this Agreement, subject to:
• Timely provision of required information and access by the Client.
• Complexity of the Client’s IT environment and requested customizations.

6.6 Customization Limitations

• Customizations requiring integration with unsupported tools or platforms will require additional scoping and a separate statement of work (SOW).
• Certain requests may incur additional costs or impact onboarding timelines, which will be communicated to the Client in advance.

6.7 Review and Handover

Upon completion of onboarding, a formal review session will be conducted to:
• Validate service readiness and confirm alignment with Client expectations.
• Provide training to authorized Client personnel on service interfaces and reporting tools.
• Handover all final documentation, including Runbooks, SLAs, and system configurations.

7. Pricing and Payment Terms

7.1 Fee Structure

The fees for Bonelli Systems’ services are based on the scope of services, volume of supported devices, and any customizations requested by the Client. All fees are outlined in the Pricing Schedule (Appendix C) and categorized as follows:
1. Recurring Fees:
o Managed IT Services, NOC support, cybersecurity, and help desk services are billed on a monthly subscription basis.
o The monthly fee includes all standard deliverables outlined in Section 2.
2. One-Time Fees:
o Onboarding, initial setup, and customization fees are billed as a one-time charge.
o Project-based work, including migrations or new implementations, is scoped and invoiced separately.
3. Additional Charges:
o Customization requests beyond the agreed scope may incur additional charges.
o Emergency support outside agreed SLA parameters (e.g., after-hours onsite services) will be billed at [Hourly Rate].

7.2 Invoicing

Bonelli Systems will issue invoices as follows:
1. Recurring Invoices:
o Recurring service fees will be invoiced at the start of each billing cycle.
o Billing cycles are [monthly/quarterly], beginning from the Effective Date.
2. One-Time Invoices:
o One-time fees will be invoiced upon completion of the related tasks or at the time of Client approval of the customization request.
3. Ad Hoc Services:
o Ad hoc or project-based services will be invoiced in accordance with the approved SOW or service order.
Invoices will be sent electronically to the designated Client contact and must be reviewed upon receipt.

7.3 Payment Terms

The Client agrees to the following payment terms:
• Payment Due Date: All invoices are due within [Net 15/30] days from the date of issuance.
• Payment Methods: Payments can be made via [methods, e.g., ACH transfer, credit card, or check].
• Late Payments: Late payments may incur a penalty of [1.5% per month] or the maximum rate allowed by law, applied to the outstanding balance.

7.4 Disputed Charges

If the Client disputes any portion of an invoice, they must notify Bonelli Systems within [10 business days] of receipt. The undisputed portion of the invoice must still be paid by the due date. The Parties will work in good faith to resolve any disputed charges promptly.

7.5 Adjustments to Fees

Bonelli Systems reserves the right to adjust fees under the following conditions:
• Annual Adjustments: Fees may be adjusted annually based on inflation, changes in operational costs, or market conditions.
• Service Changes: If the scope of services changes, fees will be adjusted accordingly with prior written approval from the Client.
• Third-Party Costs: Any increase in third-party licensing or subscription costs will be passed through to the Client with at least [30 days] written notice.

7.6 Suspension for Non-Payment

If payment is not received within [30 days] of the due date, Bonelli Systems reserves the right to suspend services until payment is made in full. The Client will be notified in advance of any such suspension.

7.7 Tax Obligations

All fees are exclusive of applicable taxes, levies, or duties. The Client is responsible for all applicable taxes unless a valid tax exemption certificate is provided.

7.8 Refunds

Bonelli Systems does not offer refunds for services rendered. In cases of termination under Section 10, prorated refunds for prepaid services may be issued at the discretion of Bonelli Systems.

7.9 Pricing Review

Fees and pricing structures will be reviewed during periodic service reviews, and adjustments may be made to align with the Client’s evolving needs and the addition or removal of services.

8. Confidentiality and Data Protection

8.1 Confidentiality Obligations

Both Parties agree to maintain the confidentiality of all proprietary and sensitive information disclosed under this Agreement, including but not limited to:
• Business strategies, operations, and financial information.
• Technical documentation, software configurations, and network designs.
• Client data, employee details, and customer information.

8.1.1 Definition of Confidential Information

Confidential Information includes any non-public, proprietary information, whether oral, written, electronic, or visual, disclosed by either Party. Exclusions to this definition include information that:
• Is or becomes publicly available through no fault of the receiving Party.
• Was lawfully known to the receiving Party prior to disclosure.
• Is independently developed by the receiving Party without the use of the disclosing Party’s information.
• Is required to be disclosed by law, regulation, or court order, provided the receiving Party gives prompt notice to the disclosing Party.

8.1.2 Handling of Confidential Information

The receiving Party agrees to:
• Use Confidential Information solely for the purpose of fulfilling obligations under this Agreement.
• Limit disclosure to employees, contractors, or agents who require access to perform their duties and are bound by similar confidentiality obligations.
• Implement reasonable safeguards to protect against unauthorized access or disclosure.

8.2 Data Protection and Security

Bonelli Systems is committed to maintaining high standards of data protection and security in compliance with applicable laws and regulations.
8.2.1 Client Data Ownership
• The Client retains sole ownership of all data stored, processed, or transmitted as part of the services.
• Bonelli Systems will not access, modify, or disclose Client data without explicit written consent, except as necessary to provide services or comply with legal obligations.

8.2.2 Data Security Measures

Bonelli Systems will implement and maintain industry-standard security measures, including but not limited to:
• Encryption of data in transit and at rest where applicable.
• Regular security audits and vulnerability assessments.
• Access controls to limit data access to authorized personnel only.

8.2.3 Data Breach Notification

In the event of a data breach involving Client data, Bonelli Systems will:
• Notify the Client within [48 hours] of discovering the breach.
• Provide details of the breach, including scope, impact, and mitigation measures.
• Cooperate with the Client to remediate and address the breach.

8.3 Data Privacy Compliance

Bonelli Systems will comply with applicable data privacy laws, including but not limited to:
• General Data Protection Regulation (GDPR): Ensuring lawful processing, data subject rights, and international data transfers are handled in compliance with GDPR requirements.
• California Consumer Privacy Act (CCPA): Providing transparency and honoring Client requests for data access, deletion, or restrictions.
• HIPAA (where applicable): Implementing safeguards for handling protected health information (PHI) in compliance with HIPAA standards.

8.4 Return or Destruction of Confidential Information

Upon termination of this Agreement, the receiving Party will:
• Return or destroy all Confidential Information in its possession or control.
• Provide written certification of destruction upon request by the disclosing Party.
• Retain only the information required to comply with legal or regulatory obligations, subject to continued confidentiality protections.

8.5 Non-Disclosure Period

The obligations of confidentiality outlined in this section will survive for a period of [2/3/5 years] following the termination or expiration of this Agreement.

8.6 Limitation of Liability for Data Protection

While Bonelli Systems will make commercially reasonable efforts to safeguard Client data, it will not be held liable for:
• Unauthorized access caused by Client negligence, such as weak passwords or unsecured devices.
• Loss or corruption of data due to Client-controlled changes or actions.

9. Indemnification and Liability

9.1 Indemnification

Each Party agrees to indemnify, defend, and hold harmless the other Party from and against any claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of:

9.1.1 Client Responsibilities:

• Claims arising from the Client’s failure to comply with applicable laws or regulations.
• Misuse or unauthorized use of the services by the Client or its authorized personnel.
• Security incidents resulting from the Client’s negligence or failure to follow Bonelli Systems’ recommendations.

9.1.2 Service Provider Responsibilities:

• Claims alleging that Bonelli Systems’ services infringe on any third-party intellectual property rights, provided the Client uses the services as intended and per this Agreement.
• Breaches of confidentiality obligations or mishandling of Client data as outlined in Section 8.

9.2 Limitation of Liability

To the fullest extent permitted by law, the liability of Bonelli Systems for any claims arising under this Agreement will be limited as follows:

9.2.1 Direct Damages Only:

• Bonelli Systems’ total liability, whether in contract, tort, or otherwise, is limited to the amount paid by the Client for the services in the six (6) months preceding the claim.

9.2.2 Exclusion of Indirect Damages:

Neither Party shall be liable for any indirect, incidental, consequential, or punitive damages, including but not limited to loss of profits, business interruption, or data loss, even if advised of the possibility of such damages.

9.2.3 Exceptions to Liability Cap:

The limitation of liability does not apply to:
• Gross negligence or willful misconduct by either Party.
• Breaches of confidentiality or data protection obligations under Section 8.
• Indemnification obligations under Section 9.1.

9.3 Mutual Indemnification Process

The Party seeking indemnification (the “Indemnified Party”) agrees to:
1. Provide prompt written notice of any claims to the indemnifying Party (the “Indemnitor”).
2. Allow the Indemnitor to control the defense and settlement of the claim, provided that any settlement does not impose obligations on the Indemnified Party without its consent.
3. Cooperate with the Indemnitor in the defense of the claim.

9.4 Third-Party Claims

Bonelli Systems will not be liable for third-party claims resulting from:
• Misuse of the services by the Client.
• Security incidents caused by unsupported systems or unauthorized modifications by the Client.

9.5 Force Majeure

Neither Party will be liable for failure or delay in performing its obligations under this Agreement due to events beyond its reasonable control, including but not limited to:
• Natural disasters, pandemics, or extreme weather conditions.
• Government actions, labor strikes, or public unrest.
• Cyberattacks, utility failures, or other technical disruptions.

9.5.1 Notice of Force Majeure:

The affected Party must notify the other Party promptly and make commercially reasonable efforts to mitigate the impact of the force majeure event.

9.6 Insurance

Bonelli Systems will maintain appropriate insurance coverage, including general liability and cyber liability insurance, to mitigate risks associated with service delivery. Upon request, Bonelli Systems will provide proof of insurance to the Client.

10. Termination and Renewal

10.1 Term of Agreement

This Agreement shall commence on the Effective Date and continue for an initial term of [Initial Term, e.g., 12 months] (“Initial Term”). Upon expiration of the Initial Term, the Agreement will automatically renew for successive terms of equal duration (each a “Renewal Term”), unless terminated in accordance with this Section.

10.2 Termination by Convenience

Either Party may terminate this Agreement at any time during the Initial Term or any Renewal Term by providing [30/60] days’ written notice to the other Party.

10.3 Termination for Cause

Either Party may terminate this Agreement immediately by providing written notice if the other Party:
• Material Breach: Fails to remedy a material breach of this Agreement within [15 days] of receiving written notice of the breach.
• Insolvency: Becomes insolvent, declares bankruptcy, or undergoes similar proceedings.
• Compliance Failures: Violates applicable laws or regulations in a manner that impacts the other Party.

10.4 Termination for Non-Payment

Bonelli Systems may suspend or terminate services if the Client fails to pay any undisputed fees within [30/45] days of the due date, provided the Client is notified in writing and given an opportunity to cure the non-payment within [15 days].

10.5 Effects of Termination

Upon termination of this Agreement:
• Cessation of Services: Bonelli Systems will cease providing all services as of the termination date.
• Outstanding Payments: The Client will pay all fees for services rendered up to the termination date, including any prorated amounts for the final billing cycle.
• Return of Data and Materials:
o Bonelli Systems will return or delete Client data within [30 days] of termination, subject to the Client’s written instructions.
o The Client is responsible for requesting and retrieving any data or configurations prior to the deletion date.
• License Termination: Any licenses or third-party subscriptions provided under this Agreement will be terminated, unless otherwise agreed.

10.6 Survival of Provisions

The following provisions will survive the termination or expiration of this Agreement:
• Confidentiality and Data Protection (Section 8).
• Indemnification and Liability (Section 9).
• Payment Obligations for services rendered prior to termination (Section 7).

10.7 Transition Assistance

If requested by the Client, Bonelli Systems will provide limited transition assistance for a period of up to [30 days] after termination. Transition assistance may include:
• Providing access to relevant documentation and runbooks.
• Facilitating the transfer of data and configurations to a successor service provider.
Transition assistance will be provided at Bonelli Systems’ then-current hourly rates unless otherwise agreed in writing.

10.8 Renewal Terms and Adjustments

Prior to the commencement of any Renewal Term:
• Fee Adjustments: Bonelli Systems may adjust fees with at least [60 days] written notice.
• Service Modifications: The scope of services may be modified to align with the Client’s evolving needs, subject to mutual agreement.
• Client Review Period: The Client may review and opt out of renewal by providing written notice at least [30 days] before the end of the current term.

11. Dispute Resolution

11.1 Purpose

This section outlines the procedures for resolving any disputes, claims, or controversies arising from or relating to this Agreement, including its interpretation, breach, termination, or validity.

11.2 Informal Resolution

The Parties agree to attempt to resolve all disputes informally before initiating formal proceedings.
1. Notice of Dispute:
o The Party raising the dispute must provide written notice to the other Party, describing the issue in detail and including relevant supporting documentation.
o The responding Party must acknowledge receipt within [5 business days].
2. Good Faith Negotiation:
o The Parties will engage in good faith discussions to resolve the dispute within [30 days] of the notice date.
o During this period, senior representatives from both Parties will meet (in person, virtually, or by phone) as necessary.

11.3 Mediation

If the dispute cannot be resolved informally within [30 days], the Parties agree to submit the matter to mediation.
1. Selection of Mediator:
o The Parties will mutually agree on a neutral mediator with expertise in the subject matter of the dispute.
o If the Parties cannot agree on a mediator within [10 days], either Party may request that a mediator be appointed by a recognized mediation organization (e.g., AAA, JAMS).
2. Mediation Process:
o The mediation will occur within [30 days] of mediator selection.
o Mediation costs will be shared equally by both Parties, though each Party will bear its own legal and travel costs.
3. Non-Binding Nature:
o The results of the mediation are non-binding, and either Party may pursue further legal remedies if mediation fails.

11.4 Arbitration

If mediation is unsuccessful, the dispute shall be resolved through binding arbitration as follows:
1. Arbitration Forum:
o Arbitration will be conducted under the rules of [AAA/JAMS or other specified forum] in effect at the time of the dispute.
2. Arbitrator Selection:
o The arbitration will be conducted by a panel of one (1) arbitrator if the dispute involves less than [$Amount], or three (3) arbitrators if the amount exceeds [$Amount].
3. Location and Language:
o The arbitration will be held in [City, State], or another mutually agreed location.
o Proceedings will be conducted in English.
4. Arbitration Award:
o The arbitrator’s decision will be final and binding on both Parties.
o The award may be enforced in any court with jurisdiction.

11.5 Governing Law and Jurisdiction

This Agreement is governed by the laws of the State of [Your State], without regard to its conflict of law principles.
1. Exclusive Jurisdiction:
o For disputes not subject to arbitration, the Parties agree to submit to the exclusive jurisdiction of the state and federal courts located in [Your State].
2. Equitable Relief:
o Either Party may seek equitable relief, such as injunctive relief, in court without violating this dispute resolution procedure.

11.6 Costs and Attorneys’ Fees

Each Party will bear its own costs and attorneys’ fees unless the arbitrator or court awards such fees to the prevailing Party.

11.7 Time Limitation for Claims

No action or proceeding arising from this Agreement may be initiated more than [1/2 years] after the cause of action accrues.

12. Force Majeure

12.1 Definition of Force Majeure

For the purposes of this Agreement, a “Force Majeure Event” is defined as any event or circumstance beyond the reasonable control of either Party, which prevents or delays the performance of their obligations under this Agreement. Such events include, but are not limited to:
• Natural disasters (e.g., earthquakes, floods, hurricanes).
• Acts of war, terrorism, or civil unrest.
• Government actions, sanctions, or regulations.
• Cyberattacks, including Distributed Denial of Service (DDoS) attacks or widespread malware incidents.
• Utility or internet outages, or failures of telecommunications infrastructure.
• Epidemics, pandemics, or other public health emergencies.

12.2 Relief from Obligations

1. Suspension of Obligations:
o If a Force Majeure Event occurs, the affected Party’s obligations under this Agreement (except for payment obligations) will be suspended for the duration of the event.
2. Notification:
o The affected Party must notify the other Party in writing within [5 business days] of the Force Majeure Event, including:
 A description of the event and its expected impact.
 An estimate of the duration of the event.
3. Resumption of Obligations:
o The affected Party must make reasonable efforts to resume its obligations as soon as the Force Majeure Event subsides.

12.3 Exclusions from Force Majeure

The following situations will not be considered Force Majeure Events:
• Delays caused by negligence or willful misconduct of the affected Party.
• Financial difficulties or lack of resources to perform obligations.
• Failure of third-party vendors or subcontractors, unless due to a Force Majeure Event that directly impacts them.

12.4 Termination Due to Extended Force Majeure

If the Force Majeure Event continues for a period of [60/90] days or longer, either Party may terminate this Agreement by providing written notice to the other Party.
1. Settlement of Outstanding Obligations:
o Upon termination, the Client will pay for all services rendered prior to the Force Majeure Event.
2. No Liability for Termination:
o Neither Party will be held liable for termination under this clause, provided the terminating Party has acted in good faith.

12.5 Mitigation Efforts

Both Parties agree to take all reasonable steps to minimize the impact of a Force Majeure Event on the performance of their obligations under this Agreement.

13. Amendments and Modifications

13.1 General Provisions

Any amendments or modifications to this Agreement must:
• Be made in writing.
• Be signed by authorized representatives of both Parties.
• Clearly state the specific sections or terms being amended or modified.

13.2 Notification of Changes

Bonelli Systems will provide written notice to the Client of any proposed amendments or modifications to this Agreement, including:
1. Scope of Change: A detailed description of the changes, including how they affect the services or terms of the Agreement.
2. Implementation Timeline: The proposed timeline for implementing the changes.
3. Impact Assessment: Any anticipated effects on fees, service delivery, or Client responsibilities.
The Client must acknowledge receipt and provide written consent to the changes before implementation.

13.3 Changes to Scope of Services

1. Client-Initiated Changes:
o The Client may request changes to the scope of services by submitting a written request to Bonelli Systems.
o Bonelli Systems will evaluate the request and provide a response within [10 business days], including a revised pricing schedule or implementation timeline if applicable.
2. Service Provider-Initiated Changes:
o Bonelli Systems may recommend changes to improve service quality or address emerging risks.
o These changes will not be implemented without prior written approval from the Client if they affect pricing or deliverables.

13.4 Fee Adjustments for Amendments

• Any changes to the scope of services or deliverables may result in adjustments to the fees outlined in the Pricing Schedule (Appendix C).
• Fee adjustments will be documented and mutually agreed upon in writing before implementation.

13.5 Temporary Modifications

Temporary modifications to the Agreement (e.g., during emergencies or specific projects) must:
1. Be documented as an addendum to the Agreement.
2. Clearly state the duration and scope of the temporary change.
3. Automatically revert to the original terms upon expiration of the agreed period unless extended by mutual consent.

13.6 Review of Amendments

Bonelli Systems and the Client agree to review all amendments periodically to ensure they remain relevant and beneficial. Reviews will occur during scheduled service review meetings or upon request by either Party.

13.7 Entire Agreement Clause

This Agreement, including any amendments or modifications made in accordance with this Section, constitutes the entire agreement between the Parties. No verbal or informal agreements will be binding unless documented and signed as an amendment.

14. Attachments and Appendices

This section contains all supporting documents and detailed information referenced in this Agreement. These attachments are considered an integral part of the Agreement and provide specificity on service descriptions, deliverables, pricing, and exclusions.

14.1 Appendix A: Service Descriptions and Deliverables

Detailed descriptions of all services provided under this Agreement, including:
1. Managed IT Services:
o Remote Monitoring & Management (RMM).
o Patch Management for operating systems and third-party software.
o Backup and Recovery solutions.
2. Cybersecurity Services:
o Endpoint Detection & Response (EDR).
o Managed Detection & Response (MDR).
o Dark Web Monitoring.
o Security Awareness Training.
3. Help Desk Services:
o Level 1 and Level 2 support, with tasks and escalation paths.
o Supported devices, applications, and systems.
4. NOC Services:
o Monitoring and alert remediation.
o Monthly Executive Reports with system performance trends.

14.2 Appendix B: Service Level Agreement (SLA) Metrics and Standards

Comprehensive SLA commitments, including:
• Response and resolution times based on incident priority (Critical, High, Medium, Low).
• Uptime guarantees for managed systems.
• Escalation procedures and notification workflows.

14.3 Appendix C: Pricing Schedule

The Pricing Schedule includes:
1. Recurring Fees: Monthly costs for managed services, cybersecurity, and help desk support based on the Client’s volume of devices and systems under management.
2. One-Time Fees: Onboarding and setup fees, as well as any customization charges.
3. Ad Hoc Charges: Rates for additional services, including emergency support or customizations outside the original scope.

14.4 Appendix D: Exclusions and Limitations

A detailed list of excluded activities, systems, and scenarios as outlined in Section 3, including:
1. Unsupported devices or software (e.g., End of Life or End of Support systems).
2. Activities considered “projects,” such as hardware rollouts or system migrations.
3. Custom monitoring or alerting not included in standard service packages.

14.5 Appendix E: Onboarding Checklist and Runbooks

• Step-by-step onboarding tasks, including system setup, configuration, and testing.
• Client-specific Runbooks with standard operating procedures and escalation workflows.

14.6 Appendix F: Confidentiality and Data Protection Measures

• Summary of Bonelli Systems’ data security practices.
• Encryption standards for data at rest and in transit.
• Compliance measures for GDPR, HIPAA, or other applicable regulations.

14.7 Appendix G: Contact Information

Contact details for both Parties, including:
• Primary and secondary points of contact for escalation and general inquiries.
• Emergency contact procedures for after-hours incidents.

14.8 Appendix H: Change Request Form

Standardized form for requesting amendments to the Agreement or changes to the scope of services, including fields for:
• Description of the requested change.
• Estimated impact on pricing and timelines.
• Client approval signature.

15. Signatures

This section formalizes the agreement between the Parties, indicating their acceptance of the terms and conditions outlined in this Master Service Agreement.

15.1 Signature Authority

The individuals signing this Agreement represent and warrant that they have the authority to bind their respective organizations to the terms and conditions set forth herein.

15.2 Acceptance of Agreement

By signing below, the Parties acknowledge that they have read, understood, and agreed to all terms and conditions contained in this Agreement, including all appendices and attachments.

15.3 Counterparts and Electronic Signatures

This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
• Electronic Signatures: Signatures delivered electronically (e.g., via DocuSign or email) are valid and binding as original signatures.

15.4 Signatures

For Bonelli Systems (Service Provider):
Name: ___________________________
Title: __________________________
Signature: ______________________
Date: ___________________________

For [Client Name]:
Name: ___________________________
Title: __________________________
Signature: ______________________
Date: ___________________________

15.5 Witness or Notarization (Optional):

Witness Name (if applicable): ________________
Witness Signature: ___________________________
Date: ________________________________________

16. Partner of Record Acknowledgment

When engaging Bonelli Systems for managed services or consulting, the customer agrees to the following:

Digital Partner of Record (DPOR)
- The customer acknowledges and agrees to designate Bonelli Systems as the Digital Partner of Record (DPOR) for any applicable Microsoft workloads or services managed or implemented by Bonelli Systems.
- This designation enables Bonelli Systems to assist with managing licenses, providing support, and optimizing Microsoft solutions for the customer.
Claiming Partner of Record (CPOR)
- The customer agrees to positively respond to a Claiming Partner of Record (CPOR) request submitted by Bonelli Systems.
- This acknowledgment confirms Bonelli Systems’ involvement in the deployment, management, or growth of Microsoft workloads and ensures alignment with Microsoft’s partner programs.
Acknowledgment and Support
- The customer understands that DPOR/CPOR designations are administrative acknowledgments that do not grant Bonelli Systems access to customer data or sensitive environments without prior explicit authorization.
- These designations allow Microsoft to validate Bonelli Systems’ contribution to the success of the customer’s digital transformation and ongoing operations.
Responsibilities of Bonelli Systems
- Bonelli Systems will provide regular updates on the status of managed services and consulting engagements.
- The company will ensure compliance with all Microsoft requirements to maintain its standing as a trusted partner.

By agreeing to this SLA, the customer confirms their willingness to support Bonelli Systems in maintaining and validating its contributions as a Microsoft partner.

Accessibility Options

Text Size

Contrast

Display

Navigation