msa-sla-clause-template

activetype/area-docdomain/legaldomain/operations

MSA/SLA clause template

TL;DR

This reusable clause set standardizes support guarantees by LumenCare tier, limits unmanaged risk, and aligns service credits with measurable misses. Copy these clauses into MSA/SLA drafts and fill bracket placeholders.

Clause pack (template)

1) Service tier and uptime target

Provider will deliver managed services under the selected LumenCare tier: [Foundation/Growth/Scale]. Monthly service availability target is:

  • Foundation: 99.0%
  • Growth: 99.5%
  • Scale: 99.9%

Availability excludes approved maintenance windows and exclusions listed in this agreement.

2) Incident response and resolution windows

Incident severity is classified jointly by business impact:

| Severity | Example impact | First response target | Resolution target | |---|---|---|---| | Sev-1 | Critical outage, production unavailable | Foundation: 4h / Growth: 2h / Scale: 30m | Foundation: next business day / Growth: 8h workaround / Scale: 4h workaround | | Sev-2 | Major degradation, core workflow impaired | Foundation: 8h / Growth: 4h / Scale: 2h | Foundation: 2 business days / Growth: 1 business day / Scale: 8h | | Sev-3 | Minor issue, workaround exists | Foundation: 2 business days / Growth: 1 business day / Scale: 8h | Scheduled in next release cycle |

Targets apply during support coverage hours in the selected tier.

3) Maintenance windows

Planned maintenance may occur during [day/time/timezone] with prior notice:

  • Foundation: at least 48h notice
  • Growth: at least 72h notice
  • Scale: at least 5 business days notice for major changes

Emergency maintenance may be performed without full notice when required to protect service integrity.

4) Backups and restore commitments

  • Backup schedule: [daily/4-hourly/custom]
  • Retention: [x days]
  • Restore objective (RTO): [target hours by tier]
  • Recovery point objective (RPO): [target hours by tier]

Restore commitment is best effort unless a stricter RTO/RPO addendum is signed.

5) Security patch cadence

  • Critical vulnerabilities: patch or mitigation within [24h/48h].
  • High severity vulnerabilities: patch within [7 days].
  • Medium/low vulnerabilities: bundled into regular maintenance cycles.

Client-approved change freeze periods can defer non-critical patches and may affect SLA outcomes.

6) Incident communication

For Sev-1 and Sev-2 incidents, Provider will:

  • Open an incident thread in [channel].
  • Send update cadence:
    • Sev-1: every [30-60 minutes]
    • Sev-2: every [2-4 hours]
  • Issue post-incident summary within [2 business days] after closure.

7) Service credits policy

If monthly availability falls below the applicable target, Client may claim service credits:

  • First breach in month: [5%] of that month’s maintenance fee
  • Additional breach in same month: up to [10-15%] cap total
  • Credits apply to future invoices only and are the sole financial remedy for SLA misses

No credit applies where misses result from exclusions.

8) Exclusions

SLA commitments do not apply to:

  • Third-party outages outside Provider control (cloud provider, ISP, SaaS API, registrar, payment gateway).
  • Client-requested changes, client-side misconfiguration, or delayed client approvals.
  • Force majeure events.
  • Pass-through infrastructure issues where Provider has no operational authority.

Negotiation notes

  • Keep uptime + support promises mapped to tier, never one-size-fits-all.
  • Keep infra and third-party costs outside fixed maintenance to protect margin.
  • Align credits to maintenance fee only, not total project value.

Related

  • [[Areas/LumenDev/playbooks/lumencare-tier-matrix|LumenCare tier matrix]]
  • [[Areas/LumenDev/playbooks/monthly-infra-statement-template|Monthly infra statement template]]