An IT support contract is one of the most important agreements your business will ever sign, yet many UK organisations rush through the process, accepting boilerplate terms without truly understanding what they are committing to — or what they are missing. The consequences of a poorly drafted IT support contract range from slow response times and unexpected invoices to catastrophic gaps in coverage during a cyber incident or hardware failure.
Whether you are a growing SME in Manchester looking for your first managed service provider, or an established business in London renegotiating an existing agreement, understanding exactly what should be in your IT support contract is essential. This guide walks you through every critical clause, metric, and consideration to ensure your contract genuinely protects your business and delivers the value you expect.
At its core, an IT support contract defines the relationship between your organisation and your technology partner. It sets expectations, establishes accountability, and provides a framework for resolving disputes. Without a comprehensive contract, you are relying on goodwill — and goodwill rarely survives a crisis.
Service Level Agreements: The Heart of Your Contract
The Service Level Agreement — commonly known as the SLA — is the single most important section of any IT support contract. It defines the measurable standards your provider must meet, the consequences of failing to meet them, and the metrics used to track performance. Without a robust SLA, your contract is little more than a statement of intent.
A well-drafted SLA should specify response times, resolution times, availability guarantees, and escalation procedures for every category of issue your business might face. Response time is how quickly your provider acknowledges a support request, while resolution time is how quickly they actually fix the problem. These are fundamentally different metrics, and many contracts only specify the former — leaving resolution time entirely open-ended.
Priority Levels and Response Times
Your SLA should define clear priority levels based on the severity and business impact of each issue. A typical four-tier structure works well for most UK SMEs, though larger organisations may require additional granularity.
| Priority Level | Description | Response Time | Resolution Target |
|---|---|---|---|
| P1 — Critical | Complete business outage, all users affected | 15 minutes | 4 hours |
| P2 — High | Major system degraded, multiple users affected | 30 minutes | 8 hours |
| P3 — Medium | Single user impacted, workaround available | 2 hours | 24 hours |
| P4 — Low | Minor issue, no immediate business impact | 4 hours | 48 hours |
Ensure your contract specifies whether response and resolution times are measured in business hours or calendar hours. For critical issues, you want calendar hours — a server failure at 6pm on a Friday should not wait until 9am Monday for a response. For lower-priority issues, business hours are generally acceptable.
Many IT support contracts include phrases such as "best efforts to resolve" or "target response times." These phrases have no contractual teeth. If your provider fails to meet a "target," there is no breach because targets are aspirational by nature. Insist on guaranteed response and resolution times with clearly defined consequences — typically service credits — for failure to meet them.
Scope of Services: What Is and Is Not Covered
Ambiguity over scope is the most common source of disputes between businesses and their IT providers. Your contract must clearly delineate what is included in the fixed monthly fee and what constitutes additional chargeable work. Without this clarity, you will inevitably face unexpected invoices for work you assumed was covered.
At a minimum, your IT support contract should cover the following core services: remote helpdesk support for all users, proactive monitoring of servers, workstations, and network devices, patch management and software updates, backup management and verification, antivirus and endpoint security management, user account administration including starters and leavers, and vendor liaison for third-party software and hardware issues.
Common Exclusions to Watch For
Equally important is understanding what your contract does not cover. Common exclusions that catch businesses off guard include on-site visits (often charged separately per visit or per hour), project work such as office moves, server migrations, or new system implementations, hardware procurement and replacement, third-party application support beyond basic troubleshooting, and out-of-hours support outside the standard Monday-to-Friday window.
Typically Included
- Remote helpdesk support during business hours
- Server and network monitoring (24/7)
- Patch management and updates
- Backup management and daily verification
- Antivirus and endpoint protection
- User account setup and removal
- Monthly reporting and service reviews
- Vendor liaison for supported applications
Typically Excluded (Extra Cost)
- On-site engineer visits
- Project work (migrations, deployments)
- Hardware procurement and installation
- Out-of-hours and weekend support
- Cabling and physical infrastructure
- Bespoke software development
- Training delivery for end users
- Disaster recovery testing beyond standard
Pricing Models: Per User, Per Device, or Flat Fee
The pricing model determines how your monthly cost is calculated and how it scales as your business grows. There are three primary pricing models used by UK managed service providers, each with distinct advantages and disadvantages.
The per-user model charges a fixed monthly fee for each employee covered by the contract, regardless of how many devices that user has. This is the most popular model for modern businesses because it accommodates the reality that most employees now use multiple devices — a laptop, a mobile phone, and perhaps a tablet. A typical per-user rate for UK SMEs ranges from £60 to £120 per user per month, depending on the scope of services included.
The per-device model charges based on the number of devices under management. This can be more economical for businesses where employees use only a single device each, but it becomes expensive and complex to manage when device counts fluctuate. Rates typically range from £15 to £40 per device per month.
The flat-fee model provides a single monthly price covering the entire organisation. This offers maximum budget predictability but requires careful scoping — if your business grows significantly, the provider may seek to renegotiate, and if it shrinks, you may be overpaying.
Security and Compliance Obligations
Your IT support contract must explicitly address your provider's obligations regarding cyber security and regulatory compliance. In the UK, this means alignment with GDPR, the Data Protection Act 2018, and where applicable, sector-specific regulations such as FCA requirements for financial services or NHS Digital standards for healthcare.
The contract should specify the security controls your provider will implement and maintain, including endpoint protection, email filtering, firewall management, vulnerability scanning, and incident response procedures. It should also clarify who holds responsibility for data breaches — both in terms of notification obligations under GDPR (which requires the ICO to be informed within 72 hours of becoming aware of a qualifying breach) and in terms of financial liability.
If your business requires Cyber Essentials or Cyber Essentials Plus certification, your contract should oblige your provider to maintain the technical controls necessary to achieve and retain this certification. Many UK government contracts now require Cyber Essentials as a minimum, making this an increasingly important contractual requirement.
Data Ownership and Exit Provisions
One of the most frequently overlooked aspects of an IT support contract is what happens when the relationship ends. Whether you switch providers, bring IT in-house, or your business circumstances change, you need clear provisions governing data ownership, transition assistance, and the handover process.
Your contract should unambiguously state that all data, configurations, documentation, and intellectual property relating to your IT environment remain your property at all times. The provider should be contractually obligated to return or securely destroy all your data upon termination, and to provide reasonable transition assistance to your new provider — typically for a period of 30 to 90 days.
Pay particular attention to any clauses regarding proprietary tools or configurations that your provider installs on your systems. Some providers use proprietary monitoring agents, security tools, or management platforms that are removed when the contract ends, potentially leaving gaps in your security and monitoring capabilities during transition.
Ensure your contract includes: a defined notice period (typically 30-90 days), an obligation to provide full documentation of your environment, assistance with data migration to a new provider, return or certified destruction of all your data, no penalty fees for early termination after the minimum term, and continued access to support during the transition period. These provisions protect your business and prevent vendor lock-in.
Reporting and Service Reviews
A good IT support contract includes regular reporting and periodic service reviews that give you visibility into what your provider is actually doing and how well they are performing against their SLA commitments. Without this transparency, you have no way of assessing whether you are getting value for money.
Monthly reports should cover: the number of support tickets raised and resolved, SLA compliance percentages for each priority level, system uptime statistics, security incidents and responses, patch compliance rates across your estate, and backup success and failure rates. These reports should be accompanied by a regular service review meeting — typically quarterly — where you discuss performance, upcoming projects, strategic recommendations, and any concerns from either side.
Insurance and Liability
Your contract should specify the insurance your IT provider carries, including professional indemnity insurance, public liability insurance, and cyber liability insurance. Professional indemnity insurance protects you if your provider's negligence or errors cause your business financial loss — for example, if a misconfigured backup means your data cannot be recovered after a ransomware attack.
The contract should also define liability caps and exclusions. Most providers cap their total liability at the value of the contract over a 12-month period, though this can be negotiated. Pay attention to exclusions — particularly around consequential losses, which include lost revenue and lost business opportunities resulting from IT failures. Many providers exclude consequential losses entirely, which can leave you significantly exposed if a major failure occurs.
Contract Duration and Renewal Terms
IT support contracts in the UK typically run for 12, 24, or 36 months. Shorter contracts offer more flexibility but may come with higher monthly fees. Longer contracts often secure better rates but lock you in for an extended period.
Be cautious of automatic renewal clauses. Many contracts include a provision that the agreement automatically renews for a further term unless you provide written notice before the expiry date — often 60 or 90 days in advance. Missing this window can commit you to another year or more with a provider you want to leave. Set calendar reminders well in advance of your renewal date to ensure you have time to review, renegotiate, or switch providers if needed.
Your contract should allow for annual price reviews, but these should be capped — typically at RPI (Retail Prices Index) or a fixed percentage — to prevent unexpected cost increases. Uncapped annual increases give your provider free rein to raise prices, knowing that the switching costs make it difficult for you to leave mid-contract.
Key Questions to Ask Before Signing
Before committing to any IT support contract, ensure you have satisfactory answers to these critical questions: What exactly is included in the monthly fee, and what incurs additional charges? What are the guaranteed response and resolution times for each priority level, and what happens if they are missed? Who owns the data, documentation, and configurations created during the contract? What is the exit process, and what assistance is provided during transition? What insurance does the provider carry, and what are the liability limits? How often will performance be reported and reviewed? What happens if the business grows or shrinks significantly during the contract term? Are there any penalties for early termination after the minimum period?
Taking the time to negotiate a thorough, balanced IT support contract is one of the best investments your business can make. It sets the foundation for a productive partnership, prevents misunderstandings, and ensures your technology is supported to the standard your business requires.
Need Help With Your IT Support Contract?
Cloudswitched provides transparent, comprehensive IT support contracts for businesses across the UK. Our agreements are clear, fair, and designed to protect your interests. Get in touch to discuss your requirements.
GET IN TOUCH
CloudSwitched
Centrally located in London, Shoreditch, we offer a range of IT services and solutions to small/medium sized companies.