Insight

What should be in an IT support agreement?

The clauses that matter in an IT support agreement: scope, response times, security, data ownership and exit terms, so nothing is left to assumption.

Published

June 3, 2026

Reading time

6
min read
Operate
What should be in an IT support agreement?

The clauses that matter in an IT support agreement: scope, response times, security, data ownership and exit terms, so nothing is left to assumption.

In this article

A good IT support agreement should clearly state what is covered, how fast the provider will respond, what falls outside the scope, the security standards they maintain, and how your data is protected and returned if you leave. If those things are not written down, you do not really have an agreement, you have a hope.

The agreement is where good intentions become commitments. Most disputes with an IT provider come down to something that was assumed but never written, so it pays to read this part properly.

Best practice: Read the agreement as if the relationship has already ended, the exit and data handover clauses reveal the most about how a provider treats clients.

What should the agreement always include?

At a minimum, the agreement should define scope, response times, security standards, data ownership and exit terms. These five areas cause the most friction when they are vague.

  • Scope, exactly what is covered and what is charged extra.
  • Response and resolution times, ideally split by how urgent the issue is.
  • Security standards, what protections they maintain on your behalf.
  • Data ownership and privacy, confirming your data is yours.
  • Exit terms, notice periods and how your data is handed back.

What are response and resolution times?

Response time is how quickly the provider acknowledges your issue, and resolution time is how quickly they aim to fix it. Good agreements set both, and vary them by priority.

Note: Response time and resolution time are not the same promise, a fast acknowledgement means little if the fix still takes days.
PriorityExampleTypical response
CriticalWhole office offlineWithin 30 to 60 minutes
HighOne person cannot workWithin 2 to 4 hours
StandardMinor issue or requestSame or next business day

These commitments are often called a service level agreement, or SLA. Numbers vary by provider, so make sure they match how your business actually runs.

What is often missing (and should not be)?

The clauses owners most often overlook are onboarding, offboarding and exit terms. What happens when a staff member starts or leaves, and what happens if you change providers, should never be left unsaid.

Also check for security commitments in line with the Australian Cyber Security Centre, and confirm backups are tested, not just running. For the wider context, see the complete guide to managed IT and how pricing ties in under IT support cost.

Warning: If onboarding and offboarding of staff are not spelled out, every new hire and every leaver can become an unplanned charge.

A quick checklist before you sign

  • Is the scope specific, or full of vague terms like 'as required'?
  • Are response times written down and split by priority?
  • Does it confirm your data is yours and returnable?
  • Are onboarding and offboarding of staff covered?
  • Is there a clear notice period and exit process?

The short version: a strong IT support agreement puts scope, response times, security, data ownership and exit terms in writing, so nothing important is left to assumption.

Frequently asked questions

What is an SLA in an IT support agreement?

An SLA, or service level agreement, is the part that sets measurable commitments, mainly response and resolution times by priority. It turns a vague promise into a defined standard.

Who owns my data under an IT support agreement?

You should. A good agreement states clearly that your data belongs to you and will be returned in a usable format if the relationship ends. Confirm this in writing.

What notice period is normal?

Thirty to ninety days is common for managed IT agreements. What matters most is that the exit process, including data handover, is clearly defined before you sign.

Should backups be mentioned in the agreement?

Yes. The agreement should confirm what is backed up, how often, and that recovery is tested regularly. A backup that has never been tested cannot be relied on.

Want us to review your current agreement, no obligation? Send it to Ryan for a plain-English read, or see how our support works.

June 3, 2026
Ryan Pigram
Ready when you are

One partner.
Marketing and technology, run as one.

Tell us where your business is at, and we will tell you where we would start.