This Website Maintenance Service Level Agreement (the “SLA”) is effective as of [Effective Date] and applies between:
Client: [Client Legal Name] (“Client”)
Service Provider: [Provider Legal Name] (“Provider”)
Covered Website(s): [Domain(s)/environment(s)]
Related Agreement (Optional): ☐ Website Maintenance Agreement dated [Date] ☐ MSA dated [Date] ☐ Other: [__] ☐ None.
1. Scope of Services
1.1 Provider will provide maintenance and support services for the Covered Website(s), including:
-
uptime/availability monitoring (if selected): ☐ yes ☐ no
-
routine updates and patches: [CMS, plugins, themes]
-
security monitoring/response (if selected): ☐ yes ☐ no
-
backups (if selected): ☐ yes ☐ no (frequency: [__])
-
incident response and troubleshooting
-
minor content updates (optional): [__] hours/month
-
other: [List]
uptime/availability monitoring (if selected): ☐ yes ☐ no
routine updates and patches: [CMS, plugins, themes]
security monitoring/response (if selected): ☐ yes ☐ no
backups (if selected): ☐ yes ☐ no (frequency: [__])
incident response and troubleshooting
minor content updates (optional): [__] hours/month
other: [List]
1.2 Out of Scope (Examples): major redesigns, new feature development, SEO campaigns, paid ads, custom integrations beyond maintenance, and issues caused by third-party services not controlled by Provider (unless included).
2.1 Support hours: ☐ Mon–Fri [hours/time zone] ☐ 24/7 for critical incidents only ☐ other: [**].
2.2 Contact methods: ☐ support email ☐ ticketing portal ☐ phone (critical only) ☐ other: [**].
2.3 Client must provide authorized contacts: [Names/emails] (optional).
3. Severity Levels
3.1 Incidents will be categorized as:
-
Severity 1 (Critical): website down, security breach, checkout/payment failure
-
Severity 2 (High): major functionality impaired, significant performance degradation
-
Severity 3 (Medium): minor functionality issues, non-critical bugs
-
Severity 4 (Low): cosmetic issues, minor content updates, questions
Severity 1 (Critical): website down, security breach, checkout/payment failure
Severity 2 (High): major functionality impaired, significant performance degradation
Severity 3 (Medium): minor functionality issues, non-critical bugs
Severity 4 (Low): cosmetic issues, minor content updates, questions
4. Response and Resolution Targets
4.1 Provider will use commercially reasonable efforts to meet the following targets:
-
Severity 1: response within [__] hours; work continuously until mitigated or workaround in place
-
Severity 2: response within [] hours; resolution within [] business days (target)
-
Severity 3: response within [] business days; resolution within [] business days (target)
-
Severity 4: response within [__] business days; scheduled as agreed
Severity 1: response within [__] hours; work continuously until mitigated or workaround in place
Severity 2: response within [] hours; resolution within [] business days (target)
Severity 3: response within [] business days; resolution within [] business days (target)
Severity 4: response within [__] business days; scheduled as agreed
4.2 Resolution times are targets, not guarantees, and may depend on third-party vendors.
5. Uptime Target (If Included)
5.1 Uptime Target: [__]% per calendar month for production site, excluding:
-
planned maintenance windows (Section 6)
-
force majeure events
-
third-party hosting/DNS/CDN outages not controlled by Provider
-
Client-caused changes or access issues
planned maintenance windows (Section 6)
force majeure events
third-party hosting/DNS/CDN outages not controlled by Provider
Client-caused changes or access issues
5.2 Measurement: uptime measured by [monitoring tool] from [locations] at [intervals].
6. Maintenance Windows
6.1 Planned maintenance window: [Day/time range/time zone].
6.2 Provider will provide notice at least [__] hours/days before planned maintenance when feasible.
6.3 Emergency maintenance may be performed without advance notice to address critical risks.
7. Backups and Restore (If Included)
7.1 Backup frequency: [Daily/weekly], retention: [**] days.
7.2 Restore requests: ☐ included ☐ billed separately; restore target: [**] hours/days.
7.3 Client acknowledges backups may not capture third-party data (e.g., SaaS systems).
8. Security and Patch Management
8.1 Provider will apply security patches within:
critical patches: [__] hours/days
non-critical patches: [__] days
8.2 If a vulnerability requires a major upgrade, Provider will submit a change request (Section 9).
9. Change Requests and Billable Work
9.1 Requests outside scope will be handled via: ☐ change order ☐ time & materials at $[rate]/hour ☐ other: [__].
9.2 Provider will provide estimates and obtain approval before starting out-of-scope work.
10. Reporting and Reviews (Optional)
10.1 Provider will provide: ☐ monthly report ☐ quarterly report ☐ none.
10.2 Report may include: uptime, incidents, response times, updates applied, and recommended improvements.
11. Client Responsibilities
11.1 Client will: provide timely access/credentials, maintain admin contacts, approve changes promptly, and avoid unauthorized changes that could impact stability.
11.2 Client is responsible for third-party subscriptions and hosting fees unless included.
12. Remedies (Optional)
12.1 Service credits for missed uptime targets: ☐ none ☐ as follows: [Define credits], subject to claim process.
12.2 Credits are Client’s exclusive remedy for uptime shortfalls (optional).
13. Governing Terms
13.1 If this SLA conflicts with the related agreement, the related agreement controls.
13.2 This SLA may be updated only in writing signed by both Parties.
Signatures
Client: [Client Legal Name]
Name/Title: [Authorized Signer]
Date: [Date]
Signature: ___________________________
Service Provider: [Provider Legal Name]
Name/Title: [Authorized Signer]
Date: [Date]
Signature: ___________________________