IT Contract Terms Defined: MSA vs. SOW

If you are new to the idea of working with an external IT support provider, you may be encountering a whole new vocabulary. We can help and we promise not to use “tech talk”!

We are committed to publishing articles that explain IT abbreviations so that you can enter technology conversations with the knowledge you need to be on a level playing field.

In this article, we’ll explore MSAs and SOWs. We’ll explain what each abbreviation means, what each type of document includes, how the documents work together, and when to use each one.

When you enter technical conversations with a basic understanding of the terms being used, you’ll be confident that you have the information you need to be an informed consumer.

We want to include you in the conversation.

What Is An IT MSA?

As in other industries, an IT MSA is an abbreviation for Master Services Agreement. This legal document covers the overall rules of engagement between an IT provider and a customer.

No matter what project is being worked on, the overarching MSA will provide the overall direction for all activities. It will define things including pricing and payment details (like terms and procedures), confidentiality, and liability.

The benefit of having an MSA is in place, it that it is not necessary to draft and execute a completely new contract for each new project, saving time and money.

What Should An IT MSA Include?

Here are some of the things your MSA should include:

• Scope Of Services

While specific project services are usually described in individual statements of work (SOW), the MSA is the overarching legal document that provides a broad view of the services provided as part of your relationship with an outside IT provider.

The MSA will likely include language that identifies circumstances in which the SOW will supersede it.

• General Requirements

MSAs usually defines things like minimum licensing and hardware/software requirements, maintenance and update policies, third-party support, insurance for provider-supplied hardware, and expectations for following the provider’s maintenance and administration advice.

It may also include scheduling expectations and language that identifies the authorized contact people within your organization who can engage in contract discussions.

• Payment Details

The MSA also details the fees, payment schedule, and nonpayment information.

• Access Requirements

This document also defines the type of access the provider will need to properly monitor and maintain your infrastructure.

• Service Level Agreements

Service level agreements (SLAs) may also be included in your MSA. SLAs spell out the specific expectations for response and remediation times.

After you submit a request for service how long does the provider have to respond? Within what amount of time can you expect your issue to be resolved? There may be different SLA terms for different types of service.

• Other Terms & Conditions

An MSA may include additional terms and conditions pertaining to things like liability, warranties, nondisclosure/confidentiality, and the contract termination conditions and penalties.

• Signature Page

To be legally binding, the MSA must include signatures from authorized representatives of each organization.

What Is An IT SOW?

In IT as in other industries, a Statement of Work (SOW) is a document that outlines the details of an individual project.

IT SOWs are used in conjunction with an MSA – more on that below.

What Should Be Included In A SOW?

SOWs should include the specific details pertaining to a project including:

• Deliverables

What exactly will happen? You want a detailed description of the services so that you know exactly what to expect.

Let’s use a vulnerability scan as an example.

Which IP addresses will be scanned? Who will scan the devices and how? Where will the scanning happen (at your site or remote)? What information will be collected? Will you be provided with a report or how will the information be shared? What will happen as a result? What are the next steps?

Related article: What Is Vulnerability Scanning? Pros & Cons

• Timeline

When will the project begin? What will it involve? How long will it last? How will it impact your users? Should you expect downtime? Know the timeline before work begins.

• Responsibilities

Who takes the lead on which aspects of the project?

• Provider

What is the provider required to do? Maybe you want them to provide advanced notice before accessing your infrastructure? Maybe you want to be sure the person in charge of the project has certain qualifications? These are the kinds of details you want spelled out in the SOW.

• Client

Depending on the project, you may need to give the provider access to your facility and provide diagrams of your network infrastructure and/or maps of your facility. You may need to perform data backups before work begins. Make sure you read and understand your responsibilities.

• Cost

The SOW should include the complete cost (along with a payment schedule and terms).

• Signature Page

To be a legally valid, the SOW must be signed by authorized representatives from both organizations. 

Why Are Both MSAs and SOWs Necessary?

Think of it this way: the MSA defines the broad terms of your ongoing contract, and the SOW covers the details of separate jobs that come up. So the MSA is like an umbrella and the SOWs are separate project agreements that fall under the overall umbrella contract.

For example, maybe you need a new firewall or want to migrate to the cloud; those activities would be covered by individual SOWs, but a MSA must be in place to provide the overall framework for the relationship.

Related article: Cloud Migration: What It Means, How It Works (6 Questions To Ask)

When Do I Use An MSA Or An SOW?

Here’s a completely unrelated (but easy to understand) example:

When you sign an agreement with a general contractor to build a house, both parties agree to certain terms and legalities under a master services agreement of sorts. If you decide you want to add a pool to the plan, that project may be coordinated by the general contractor, but it will require a separate detailed plan or SOW outlining the details, timeline, etc.

When you begin working with an IT services provider, you’ll likely sign a master services agreement that covers the basic terms of your business relationship.

When you have a specific project that you want the provider to handle, the details of that project will likely be included in a separate SOW that falls under the overall terms outlined in the MSA.

What’s The Bottom Line?

After reading this article, you have a complete understanding of MSAs and SOWs. You know what the acronyms mean, but more importantly you understand why they are necessary, what they should include, and why both are necessary.

When you need external support, you’ll know what to expect. You know the things to look for in each document.

You know that MSAs should include top-level information including scope of services, general requirements, payment details, access requirements, SLAs, other terms and conditions and a signature page.

When it comes to SOWs, you’ll look for detailed project information like: deliverables, timeline, responsibilities, cost, and signature page.

Make sure to keep copies of all legal documents for your records so there is no question about what you agreed to do and pay. And, if you don’t understand something, make sure you ask questions before you sign!

Any time you consider external IT support, make sure to compare several providers so that you find one that is the right partner for your organization. Remember, they are an extension of your company and should always have your best interests in mind.

Many small and medium-sized businesses turn to external IT providers to supplement their in-house staff or provide full support. Wondering what a combined internal/external partnership would look like? Read this article to learn when combining internal and external resources is best.  

The first step toward making the best decision technology support decision for your organization, is to understand your options for external IT support.

Already decided that an external partnership is right for you? Look for these 10 qualities when choosing an IT partner.

Or, if you find yourself overwhelmed at any point in the process and just want to chat with a real person, click the link below and one of our IT solutions experts will reach out to schedule a 15-minute call to learn about your business, your goals, and your technology pain points.