Most MSPs do not lose their biggest clients because of a breach or a ransomware attack. They lose them because of a clause buried somewhere in the service agreement that the provider never honestly planned to keep.
Client offboarding is the most neglected part of the MSP lifecycle. Most providers pour resources into sales, onboarding, and retention. But when a client leaves, the process is ad hoc at best.
The ScalePad 2025 MSP Business Trends Report, which surveyed more than 1,300 MSPs, found that 26 percent do not have enough staff to service the clients they already have. When you are already stretched thin, offboarding feels like a chore. Something to rush through so you can focus on the clients who stayed.
But MSP360, a major MSP software provider, puts it bluntly in their client offboarding guide: “The loss of one customer will reduce your MRR, but the loss of the customer coupled with bad offboarding will likely damage your reputation.”
Reputation recovery takes far longer than revenue recovery.
What the Contract Attorneys See
TechProComp, an MSP that publishes contract analysis for the industry, identified ten structural patterns in service agreements that routinely trap small and medium-sized businesses. The patterns are not theoretical. They are pulled from real contracts that real attorneys review.
The most common trap is the 50 percent liquidated damages clause. On a 36-month contract at $3,500 per month, terminating at month 6 triggers an exit fee of $52,500. At month 18, it is still $31,500. TechProComp notes that this 50 percent standard is the industry default, recommended by MSP legal counsel, and routinely upheld by courts.
Then there is the auto-renewal window. A typical clause extends the agreement for another 36 months unless written notice is given 90 days before expiration. Miss the deadline by two weeks and you are locked in for three more years. BetterCloud found that 69 percent of software contracts contain auto-renewal clauses, and 40 percent of organizations track renewals manually on spreadsheets and calendars.
There is also the documentation hostage clause. Some agreements state that all network diagrams, configurations, and operational records belong to the provider. When the relationship ends, the client either pays a handover fee, which TechProComp reports runs $10,000 to $22,000, or starts from scratch with no documentation at all.
These are not edge cases. These are the standard terms that most MSPs put in front of most clients.
What Good Offboarding Looks Like
Based on published best practices from MSP360, CyberSheath, and Giant Rocketship, here is what a professional offboarding process includes.
Before the End Date
- Fulfill all contractual obligations. Continue providing agreed-upon support until the contract end date, not a day sooner.
- Secure final payments. Invoice for the last billing cycle before the end date. Make payment a precondition of data handoff.
- Communicate the timeline. Clearly state end dates for all active projects and services.
- Conduct an exit interview. Ask why the client is leaving. Document the feedback.
On the End Date
- Transfer all credentials. Network maps, passwords, vendor contacts, domain registrations, firewall rules. Everything the client needs, in writing.
- Rotate shared passwords. Any credentials the MSP and client shared should be changed after the handoff.
- Remove your tools. Uninstall RMM agents, monitoring software, and remote access tools on the handoff date.
- Provide a data retention notice. Inform the client that data will be deleted after 30 days.
After the End Date
- Delete client data after the 30-day notice period. Exception: compliance-related data required by law.
- Document everything. Archive all communications and handoff confirmations.
- Follow up. A brief check-in 30 to 60 days after the transition shows professionalism.
Contract Protections
Giant Rocketship’s Dustin Puryear recommends getting these terms into your contract before you need them, not after.
| Protection | Why It Matters |
|---|---|
| Define offboarding scope in the contract | What is included versus what is billable (training the new MSP is NOT included) |
| Charge for post-contract support | Hourly rate, paid upfront |
| Limit documentation to client-specific info | Do not share proprietary SOPs, scripts, or configurations |
| Set time limits on handoff meetings | One to two hours maximum; additional time is billable |
| Require payment before data handoff | No outstanding balance, no data transfer |
| Use a refusal form | Document when clients reject security recommendations |
| Clarify breach liability | You cannot be held liable for breaches caused by the client’s own actions |
The Standard I Hold
I have spent thirty years in this industry. I have watched MSPs win contracts with impressive SLAs and lose clients six months later when the promises caught up with them. I have watched other MSPs write quieter agreements, deliver consistently, and build practices that last.
The second group is always more successful. Not because they are smarter or more talented. Because they made promises they could keep.
Write your offboarding process for the client who is going to hold you to it. Write it for the Tuesday night when everything goes wrong. Write it so that if the relationship ends, both sides can walk away knowing the agreement was fair.
That is the Rewired MSP standard. Not just how you start. But how you finish.
Frequently Asked Questions
What is the most common MSP contract trap?
According to TechProComp’s analysis of real MSP contracts, the 50 percent liquidated damages clause is the most common. On a 36-month, $3,500 per month contract, terminating early can trigger exit fees of $31,000 to $52,000. This is the industry default, recommended by MSP legal counsel, and upheld by courts.
What should be included in an MSP offboarding process?
MSP360’s published guide recommends: fulfill obligations through the contract end date, collect final payments before credential handoff, transfer all documentation in writing, remove your tools from client systems, provide 30 days notice before deleting retained data, and archive all communications.
When should an MSP revoke a client’s access?
All access should be revoked on the contract end date. Not before because you still have service obligations. Not later because lingering credentials are a security risk. Shared passwords should be rotated immediately after handoff.
Should an MSP charge for offboarding support?
Basic offboarding (credentials, documentation) should be covered under the existing contract. But training the new MSP, hand-holding through their setup, or extended support after termination should be billable at an hourly rate with payment upfront.
How long should an MSP retain client data after offboarding?
Thirty days is standard. Notify the client in writing. Give them time to request copies. Then wipe it, unless you are required to keep certain records for compliance.
Brent Lacy has spent nearly 30 years in the IT industry building and advising managed service providers. He is the author of Rewired MSP: Mastery, Scalability and Performance, vCIO Rewired: Virtually Conquering IT Obstacles, and Near Miss: Preventable IT Failures Threatening Your Business Security. He does not sell consulting services or subscriptions. He shares what works.
Related articles:
