Co-managed IT contracts can be a brilliant way to bridge the gap between internal IT teams and an MSP. It’s like having two teams at bat, ready to tackle every IT problem that comes your way. But, just like in baseball, if you don’t define the rules, you’re bound to have chaos on the field. Here are 12 risks you face in a co-managed environment, plus some practical ways to avoid turning your collaboration into a never-ending blame game.
Unclear Ownership of Responsibilities
Risk: “I thought you were handling that!” Sound familiar? Without clear boundaries, tasks will fall through the cracks faster than your New Year’s resolutions.
Mitigations:
- Governance Plan: Create a crystal-clear governance plan. Document who’s responsible for every task—end-user support, server maintenance, etc. There should be no surprises here.
- Regular Reviews: Check in regularly with the client to review responsibilities. The key to good communication is assuming nothing and asking everything.
- RACI Matrix: If you love acronyms, create a RACI matrix (Responsible, Accountable, Consulted, Informed). It’s the adult version of assigning chores.
Poor Escalation Processes
Risk: Your internal IT says it’s the MSP’s job to fix, while the MSP is convinced the internal team has it covered. Meanwhile, the issue festers like that leftover lasagna no one wants to claim.
Mitigations:
- Define Escalation Rules: Make sure everyone knows who escalates to whom, and when. It’s like playing a game of hot potato, but you actually want to know who ends up holding it.
- Create a Flowchart: Flowcharts aren’t just for nerds. They’re the fastest way to show exactly who handles what when things go sideways.
- Escalation Response Times: Set response times for escalations in the SLA. You don’t want issues lingering longer than your awkward high school photos.
Toolset Mismatches
Risk: The MSP uses a high-end PSA tool, while the internal IT is still stuck with a ticketing system they found in a cereal box.
Mitigations:
- Standardize Toolsets: Whenever possible, get everyone on the same PSA and RMM platforms. If you can’t, at least sync the tools to talk to each other.
- Tool Training: If the client insists on using their tools, make sure both teams are trained on them. It’s better to be on the same (or at least similar) page.
- Evaluate Compatibility: Before you sign the contract, assess whether your systems can play nice together. If not, reconsider the relationship—it’s like trying to mix oil and water.
Inconsistent Ticket Documentation
Risk: One team logs detailed novels for every ticket, while the other writes “computer broke.” This creates confusion, frustration, and probably a few angry emails.
Mitigations:
- Unified Ticketing Protocols: Define a standardized way of documenting tickets—everyone should follow the same format, or at least write more than three words.
- Cross-team Training: Make sure both teams know how to use the ticketing system properly, so nobody’s stuck guessing what “computer sad” means.
- Periodic Audits: Review ticket logs regularly to ensure consistency. You can even turn this into a contest for “Most Detailed (But Not Overly Wordy) Ticket Description.”
Escalation Bottlenecks
Risk: If it’s not crystal clear who takes the lead on escalations, you could end up with a ticket getting ping-ponged between teams, while the end-user sobs quietly in the corner.
Mitigations:
- Designate a Lead: Assign one team as the lead for each type of escalation. They own the ticket, no excuses.
- Clear SLAs: Document specific escalation SLAs. If an issue isn’t resolved in X hours, it escalates automatically, removing the guesswork.
- Accountability Checks: Regularly review escalations to see if bottlenecks are happening. If so, it’s time for a team meeting (with donuts).
Lack of Communication with C-suite
Risk: If the MSP doesn’t have direct access to the decision-makers, any critical updates or issues might be left in the dust while middle management argues over budget reports.
Mitigations:
- Monthly Executive Check-ins: Schedule regular check-ins with the C-suite to keep them in the loop. A little facetime can prevent a lot of headaches.
- Automated Reports: Send automated monthly reports that are easy to digest. No one has time for 10-page documents; keep it brief and high-level.
- Invite to Strategy Sessions: Make sure the MSP is part of quarterly or annual IT strategy discussions. This helps align goals and avoid any future finger-pointing.
Security Gaps
Risk: “I thought you were patching the servers!”—words no one wants to hear after a breach. Overlapping duties without clarity can expose serious vulnerabilities.
Mitigations:
- Security Responsibility Chart: Make a list of who’s responsible for every security-related task—patching, monitoring, updates. No one gets off the hook.
- Security Reviews: Schedule periodic reviews of your security posture. This isn’t a “set it and forget it” situation.
- Automated Alerts: Set up automated alerts to both teams when something critical is missed. It’s hard to ignore flashing red lights.
Training Discrepancies
Risk: The MSP techs know their stuff, but the internal IT folks aren’t trained on the same tools. Cue the unnecessary downtime while everyone gets on the same page.
Mitigations:
- Cross-Training: Schedule regular cross-training sessions between both teams. Think of it as IT team-building, but with fewer trust falls.
- Knowledge Base: Build a shared knowledge base that both teams can access. It’s like a safety net for when someone forgets what they’re doing.
- Collaborative Training: Invite internal IT to your vendor training sessions. Better yet, make it fun—throw in some pizza and call it a training party.
Cultural Mismatch
Risk: You treat the client’s IT team like outsiders, and they start feeling like the nerdy kid in gym class. Cue friction and reduced collaboration.
Mitigations:
- Inclusion: Treat the internal IT like part of your team. Invite them to trainings, events, and yes, even happy hours (if appropriate).
- Career Development: Offer career growth opportunities to the internal IT team through your training programs. It’s a win-win—better IT performance, and a happier client.
- Collaborative Goals: Align on shared goals so both teams feel like they’re rowing in the same direction. Nothing bonds a team like a shared mission.
Scope Creep
Risk: Suddenly, you’re managing their entire IT stack, and no one’s paying you for it. Whoops.
Mitigations:
- Clearly Define Scope: Be explicit in your contract about what’s included and what’s extra. It’s all fun and games until someone asks for 10 hours of unpaid support.
- Change Orders: For anything outside the agreed scope, use change orders to keep the relationship healthy and the revenue flowing.
- Quarterly Scope Reviews: Revisit the scope quarterly to ensure no one’s asking for favors without proper compensation.
Insurance Coverage Gaps
Risk: A breach happens, and suddenly everyone’s pointing fingers—and no one’s insurance wants to pay.
Mitigations:
- Review Insurance Policies: Ensure both parties have appropriate cyber insurance and that the policies cover co-managed relationships.
- Indemnity Clauses: Include indemnity clauses in the contract so everyone knows who’s liable in case things go south.
- Joint Risk Assessments: Conduct joint risk assessments annually to make sure both sides are covered. It’s like your yearly physical but for insurance.
Liability Disputes
Risk: Data loss happens, and no one knows who’s to blame (or worse, everyone blames everyone else).
Mitigations:
- Clearly Defined Liability: Write explicit liability terms in the contract. Everyone should know who’s responsible for what and when.
- Dispute Resolution Plan: Set up a dispute resolution process in advance. It’s better to have it and not need it than to need it and not have it.
- Audit Trails: Keep solid audit trails for every ticket and project. In the event of a dispute, you’ll want to show exactly what happened, and when.