Transitional MSP Services – Terms for Third-Party Vendor Integrations

Effective Date: June 1, 2025

1. Scope of Services

Reef Cyber Security (“Provider”) agrees to provide managed IT and cybersecurity services (“Services”) to the client (“Client”) during and after the transition from the Client’s previous managed service provider (MSP) and/or any third-party vendors or systems integrators. This includes continuing support for existing hardware or services provided by such external vendors, where feasible.

2. Continuation of Existing Systems

The Client’s existing hardware, software, or cloud solutions managed by third parties shall remain in place during the transition. Provider will:

  • Coordinate directly with relevant third-party vendors to ensure continuity of service.
  • Assist the Client in maintaining operational integrity while assessing risks, lock-in conditions, or unnecessary costs.
  • Provide technical support and monitoring where possible, subject to system compatibility and access permissions.

3. Effort to Match Prior Service Levels

Provider will make commercially reasonable efforts to match or exceed the quality of service previously provided. However, Provider shall not be held responsible for:

  • Limitations imposed by third-party systems or vendors.
  • Proprietary configurations, undocumented setups, or inaccessible infrastructure.
  • Loss or corruption of data due to misconfigurations or lack of access/control over inherited systems.

4. Good Faith Transition Support

During the transition period, Provider commits to:

  • Reviewing existing service agreements to identify billing inefficiencies, duplications, or unnecessary vendor lock-in.
  • Documenting access credentials, system configurations, and license ownership.
  • Advising the Client on cost-effective, secure, and sustainable alternatives to legacy systems where appropriate.

5. Third-Party Responsibility

Any external vendors, including the Client’s prior MSP, retain sole responsibility for the performance, licensing, and support of systems under their control. Provider makes no guarantees regarding the continued functionality of third-party-managed assets, but will support the Client in resolving issues and communicating with those parties.

6. Client Responsibilities

The Client agrees to:

  • Authorize Provider to liaise with prior MSPs and third-party vendors.
  • Provide necessary access credentials and administrative contacts.
  • Promptly report service issues or billing irregularities related to inherited systems.

7. Limitation of Liability

Provider shall not be liable for disruptions, downtime, or vulnerabilities resulting from:

  • Legacy systems not under Provider’s control.
  • Vendor non-cooperation or proprietary lock-in.
  • Undisclosed contractual obligations or licensing restrictions from prior providers.

8. Post-Transition Review

Within 30 days of service commencement, Provider will review the Client’s third-party systems and deliver a formal recommendation regarding continued use, optimization, or replacement with Provider-managed solutions.