<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">

  Back to the Learning Center

IT Outsourcing: What Is An SOW? Blog Feature
Karen Cohen

By: Karen Cohen on December 22, 2023

Print/Save as PDF

IT Outsourcing: What Is An SOW?

IT Support

Whether you are just considering external IT support for the first time or are trying to wrap your head around the stew of acronyms associated with it, it can be confusing.

In this article, I’ll provide a clear description of an SOW so that you will have a complete understanding of what to expect.

We know “tech talk” can be daunting, that’s why we publish articles like this one (and speak in plain English) to explain the terminology that’s so common in our business.

We want you to enter technical conversations as a partner and part of that includes being comfortable and having a working understanding of the terms that go with the territory.

What Is An SOW?

In IT as in other industries, a Statement of Work (SOW) is a document that outlines the details of a project.

An IT SOW governs the details of a standalone technology project, but is used in conjunction with a Master Services Agreement (MSA).

Why Are SOWs Necessary?

Think of it this way: the MSA defines the terms of your ongoing services contract, but the SOW covers separate jobs that come up outside the scope of that agreement. For example, maybe you need a new firewall or want to migrate to the cloud; those activities would be covered by a SOW.

Related article: Cloud Migration: What It Means, How It Works (6 Questions To Ask)

In other words, say you have an agreement with a general contractor to build a house. You have agreed to certain terms and legalities. If you decide to add a pool to the agreement, that may be coordinated by the general contractor, but it will require a separate detailed plan or SOW.

What Should An SOW Include?

An SOW should include a complete summary of the scope of the project including:

  • Deliverables

What exactly will happen? You want a detailed description of the services so that there are no questions when the project is complete.

Let’s use a vulnerability scan as an example.

Which IP addresses will be scanned? Who will scan the devices and how? Where will the scanning happen (at your site or remote)? What information will be collected? Will you be provided with a report or how will the information be shared? What will happen as a result? What are the next steps?

Related article: What Is Vulnerability Scanning? Pros & Cons

  • Timeline

When will the project begin? What will it involve? How long will it last? How will it impact your users? Should you expect downtime? You want to know exactly what to expect.

  • Responsibilities

Who takes the lead on which aspects of the project? From the provider side and from your side.

    • Provider

What is the provider required to do? Maybe you want them to provide advanced notice before accessing your infrastructure? Maybe you want to be sure the person in charge of the project has certain qualifications?

    • Client

Depending on the project, you may need to give the provider access to your facility and provide diagrams of your network infrastructure and/or maps of your facility. You may need to perform data backups before work begins. Make sure you read and understand your responsibilities.

  • Cost

The SOW should include the complete cost (along with a payment schedule and terms).

  • Signature Page

To be a legal agreement, the SOW must be signed by a representative of the provider and your organization.

What’s The Bottom Line?

After reading this article, you have a complete understanding of SOWs. You know what the acronym stands for, but more importantly you understand why they are necessary, and what they should include.

When you have a technology project and need external support, you’ll know what to expect. You know the things to look for in your SOW: deliverables, timeline, responsibilities, cost, and signature. Make sure you get a copy for your records so there is no question about what you agreed to do and pay.

Most providers are reputable and will go above and beyond to take care of your organization, but you don’t want to fall victim to the one bad apple.

Any time you consider external IT support, make sure to compare several providers so that you find one that is the right partner for your organization. Remember, they are an extension of your company and should always have your best interests in mind.

Many small and medium-sized businesses turn to external IT providers to supplement their in-house staff or provide full support. Wondering if it could be a solution for your organization? Learn your options for external IT support.

If you are in the process of selecting an external IT provider, discover 10 of the best questions to ask.

About Karen Cohen

Karen brings unending curiosity to her role as Kelser's Content Manager. If you have a question, she wants to know the answer.

Suggested Posts

Case Study

The Truth About 5 Common MFA Myths

If you are considering implementing multi-factor authentication (MFA), you may be hesitant to move forward because you’ve heard bad reviews from...

Read More »

Case Study

What Is Controlled Unclassified Information (CUI) In NIST 800-171?

If you work as a contractor or subcontractor to the U.S. government, you likely know that not all sensitive information is marked “secret,” “top...

Read More »

Case Study

Should I Shut Down My Personal Computer? (When, Why & How To Do It)

Most people have done it…you leave your personal computer (PC) running…one day leads into the next and before you know it, it has been running for...

Read More »

Visit Our Learning Center