Managed Services: Offering, Tiers & Playbook
The Pillar 3 productized offering - what we sell on retainer, what each tier includes, how to price it, and how conversions happen. Prepared for sales & account management.
The Model: Base Subscription + Overage
Every managed-services invoice has two components: a base subscription for operational coverage and overage billing for development work beyond included capacity.
Base subscription. A flat monthly fee for the operational layer - monitoring, maintenance, availability, SLA, reporting. This is "don't make me think about it" insurance that keeps the system healthy without the client watching it. Each tier includes a defined number of operational hours for routine maintenance: break-fix, config changes, minor adjustments, dependency updates, code review. The included hours are explicit and visible to the client.
Overage billing. Work that exceeds included hours, or that changes what the system does (new features, integrations, user flows), bills at $120/hr. Overages are flagged before they start, never invoiced as a surprise after.
Billing philosophy - clients pay for human decision-time, not AI compute-time. Our internal billing applies LRBT modifiers that discount hours where AI did the heavy lifting (long-running background tasks bill at 15-30% of wall-clock time). These modifiers are visible on the invoice - the client literally sees when they're paying less because the work was automation-heavy. This is a trust builder; use it in the pitch.
The analogy that lands: it works like a Claude Pro/Max subscription. The base gets you coverage plus defined included usage. Normal months stay within it. Heavy months (go-live prep, feature push, incident) show up as overages. The client gets a predictable base they can budget and report on, with variable cost that maps directly to extra value received.
The Three Tiers
Named to communicate depth of partnership, not a feature checklist. Ranges reflect scope variability - actual quotes are scoped per engagement (see Pricing). Higher tiers inherit everything below them.
- Sentry error monitoring, weekly triage (immediate response for critical errors)
- Backup health verification + quarterly restore test
- Dependency security alerts (critical CVEs flagged)
- Monthly plain-language health report
- Business-hours, best-effort availability (same day non-critical, 4hr critical)
- Everything in Essential, plus:
- Proactive dependency updates & security patches (monthly, tested before deploy)
- Performance monitoring & optimization
- Code review on client-authored commits
- Quarterly business review (60 min)
- Defined SLA: critical 2hr / high 4hr / normal 1 biz day
- Everything in Professional, plus:
- Priority SLA: critical 1hr / high 2hr / normal 4hr (+ weekend availability)
- Compliance artifact maintenance (HIPAA / bar rules / SOC 2 as applicable)
- Quarterly roadmap planning (strategic, beyond health review)
- Dedicated availability for major initiatives (rollouts, migrations)
- Deeply embedded agentic workflows (routines, loops, scheduled agents)
Overage rate is $120/hr at every tier, always with LRBT modifiers applied.
What's Included vs. What's Overage
One question defines the boundary: did the system's capabilities change?
- Included (same system, healthier). The system does what it did before, just more reliably, securely, or faster: patching a vulnerability, fixing a reported bug, optimizing a slow query, config changes, reviewing a client commit, responding to a Sentry alert, verifying backups.
- Overage (system does something new). New feature, integration, page, user flow, or API endpoint: a client portal, a new reporting dashboard, a third-party integration, multi-tenant auth for a new user population.
- Tier-defined services are always included - anything listed as a tier feature is never reclassified as overage, even if it's technically "proactive."
- Gray areas get flagged before work starts. A "small change" that's actually a feature gets an estimate first; the client decides before we begin. Never invoiced after the fact.
Service Catalog
What we actually do, by category. "Min. tier" is the lowest tier that includes the item; higher tiers inherit everything and often increase frequency. Method notes: Skill (silent) = automated scan, only surfaces if something's found; Skill + review = automated with human review; Meeting = live session.
Advisory / Consultation
| Service | Min. Tier | Frequency | Time | Method |
|---|---|---|---|---|
| Check-in callsThe single highest-value touchpoint. We learn their business; they get surgical recommendations. Compounds over time. | Essential | Monthly (E) · Bi-weekly (P) · Weekly (S) | 30m | Meeting |
| Incident responseE: best-effort business hours. P: defined SLA (critical 2hr). S: adds weekend availability. | Essential | As needed | Varies | Meeting + manual |
| Monthly health reportPlain-language: what happened, what we did, what's coming, one recommendation. Makes quiet months feel valuable. | Essential | Monthly | 20m | Skill + review |
| Team AI literacy coachingScale AI capability beyond one power user: prompt hygiene, what not to do, tool selection. Recorded. | Essential | Quarterly | 1–2h | Meeting (recorded) |
| Regulatory update monitoringIRS, FTC, state board guidance changes relevant to the client's AI usage (e.g. §7216, WISP, state CPA positions). | Professional | Monthly | 15–30m | Skill + brief |
| New tool/integration evaluationVendor ships a new AI feature - evaluate adopt vs. build. Prevents shiny-object chasing. | Professional | As needed | 1–2h | Research + rec |
AI-Specific
| Service | Min. Tier | Frequency | Time | Method |
|---|---|---|---|---|
| Skills & MCP design and oversightDesign, audit, and maintain Claude skills and MCP configs. High damage potential if misconfigured - guardrails, permissions, auth boundaries. | Essential | As needed + quarterly review | 1–2h | Meeting + review |
| Knowledge base curationVersioned prompt/SOP library for client workflows, incl. onboarding new team members to use it. Addresses the LLM "intern with amnesia" problem. | Professional | Monthly | 30m–1h | Skill + review |
| Frontier architecture monitoringScan for new models, providers, and agent approaches that affect client workflows. | Professional | Bi-weekly | 20m | Skill (silent) |
| Compliance monitoringVertical-specific sweeps: §7216 for tax, HIPAA for healthcare, SOC 2 for finance. | Professional | Monthly (P) · Bi-weekly (S) | 30m–1h | Skill + review |
Operational / Technical
| Service | Min. Tier | Frequency | Time | Method |
|---|---|---|---|---|
| Sentry error monitoring + triagePeriodic scan; only surfaces a report if errors found. No client interaction unless critical. | Essential | Weekly (E/P) · Daily (S) | 20m | Skill (silent) |
| Backup monitoringVerify backups are running and restorable. Ideally two separate backup targets. | Essential | Monthly (E/P) · Weekly (S) | 5m | Skill (silent) |
| Security baseline auditFull audit at onboarding (all tiers); quarterly re-audit at Professional+. Auth, routes, CORS, rate limiting, input validation. | Essential | Onboarding + quarterly (P+) | 30m–1h | Skill + review |
| Dependency security scanningDependabot / npm audit review. Silent unless critical CVEs, then flagged with severity + recommendation. | Professional | Monthly | 20m | Skill (silent) |
| Audit logging reviewWho accessed what client data - anomaly hunting. Important for §7216 / HIPAA posture. | Professional | Monthly | 15–30m | Skill + report |
Onboarding (One-Time, All Tiers)
| Service | Time | Method |
|---|---|---|
| Collaborative dev environment setupGitHub repo, Claude Code access, CLAUDE.md guardrails for non-technical leads. Version control via agent commands, not CLI. | 2–3h | Meeting + manual |
| Onboarding walkthrough sessionFull-team walkthrough of the deployed app: how to use it, what not to do, where to get help. | 1–2h | Meeting (recorded) |
| CI/CD pipeline setupGitHub Actions: auto-deploy on push, basic lint/type checks. | 1h | Manual |
| Role-based access control designDefine user roles (e.g. preparer / reviewer / admin) with permission levels; review when team or workflow changes. | 1–2h initial | Meeting + manual |
Steady-state hours check: the catalog adds up to ~3–4 hrs/mo at Essential, ~8–10 at Professional, ~15–20 at Strategic - which is why the included-hours bands are what they are. Incident response is on top, as needed.
Pricing Rationale & How to Quote
Within-tier placement is set by three factors:
- System complexity. A single Next.js app with one database vs. multi-service architecture with integrations, cron jobs, and external API dependencies. More moving parts = more monitoring surface = higher in the range.
- User count and criticality. 25 internal users on a workflow tool vs. 500 external clients on a customer-facing platform. Blast radius of downtime determines how tight the SLA needs to be.
- Regulatory overhead. Healthcare, legal, and financial clients need compliance artifacts and audit trails that compound every other activity. Regulated clients start at the top of their range or a tier higher.
Why base + overage beats hourly: under hourly, every hour of work required a new scope conversation. Under base + overage, the operational layer is simply covered - no surprises, no approval friction for routine maintenance. Overages only appear when the client actively requests new capabilities, flagged and estimated up front. The base buys peace of mind; overages buy growth.
Consistent overages = tier conversation, not nickel-and-diming. If operational work regularly exceeds included hours, the system has grown, usage changed, or we scoped wrong - we right-size the tier. Development overages are expected to vary month to month and bill as incurred.
How Clients Get Here (Conversion Playbook)
Stabilization → partnership is the primary path. During stabilization we install the operational infrastructure (Sentry, backups, monitoring, CI/CD, auth hardening) that becomes the substrate of the managed service. By the end, we know the system intimately and the client has experienced working with us. The partnership proposal is not a new sale - it's a natural continuation.
The pitch at conversion is not "buy more hours." It's: everything we just set up - error monitoring, backups, security posture - needs someone watching it. You can watch it yourself (you won't, and shouldn't - your job is running your business). You can let it run unwatched (it will decay, and when it breaks you'll be scrambling for someone who understands the system). Or we keep watching it, because we already know it, and problems get caught before you ever hear about them. Development is separate: when you want to build something new, we scope it and you see the estimate before we start.
Strategy engagements (Pillar 1) convert differently. If we built the system we assessed/designed, conversion follows the stabilization pattern. If someone else built it, we can still offer the governance and compliance layer - monitoring whether the implementation stays aligned to the strategy.
Upwork-originated clients: the stabilization engagement stays on Upwork. The ongoing partnership is framed as a new direct engagement outside Upwork's scope - the natural break between "project work" and "ongoing partnership" is the transition point to direct billing via Stripe.
Contract Terms & Client Requirements
- Month-to-month, no minimum. Cancel anytime with 30 days' notice. The partnership should be retained because it's valuable, not because a contract says so.
- Billing cadence: base billed bi-weekly in advance (Essential $1,000/mo = $500 every two weeks); overages billed bi-weekly in arrears with itemized hours, work performed, and LRBT modifiers shown.
- Tier changes: upgrade/downgrade with 30 days' notice, effective next billing cycle. Consistent overages prompt an upgrade conversation, but the decision is always the client's.
- Pause policy: up to 3 months (seasonal business, dormancy, budget). Monitoring stays active free during pause; SLA and included hours suspend.
What we need from the client
- Communication channel: Slack (preferred) or Teams, one dedicated channel. No email-only partnerships.
- Access: admin-level on hosting, database, Sentry, and GitHub. We can't watch what we can't see.
- Point of contact: one decision-maker (doesn't need to be technical) who responds within a business day when flagged.
- Commit hygiene: clients who code must push to the repo - no editing files on the server or bypassing version control.
The monthly deliverable
Every client, every tier, gets a monthly health report - plain-language, not a dashboard dump: what happened (errors, incidents, backups, downtime), what we did (maintenance, patches, reviews under included hours), what's coming (dependency EOLs, scaling milestones, compliance deadlines), one genuine recommendation (operational advice, not a sales pitch), and a usage summary (hours used, overages, transparent accounting the client can report to stakeholders). At Professional+ the quarterly business review replaces that month's report with a deeper session.
Case Study: The First Conversion
Our first live conversion (May 2026): a grant services firm, classic Profile 1. The COO built an internal grant-alert registry with Claude Code over ~60 days, then brought us in through Upwork for stabilization - security audit plus production hardening (database migration with hourly backups, auth lockdown on 14 API routes, Sentry integration, off-site backups, performance work, and removal of a build script that could destroy production data).
What she asked for, in her words:
"I just need someone to go in and do all of kind of the technical stuff for me, so I just don't have to deal with it."
She specifically asked about live app support, Sentry monitoring, production issue response, and a "backup person" for technical escalations - and leaned retainer over hourly for the peace-of-mind coverage. She chose us over cheaper offshore alternatives because of trust and accumulated context from the stabilization work.
The moat thesis, in the client's own words (on a future rebuild project):
"We need someone who's really familiar with our business basically, or else it just makes sense for me to do it. Because I can either explain it to you or I can explain it to Claude. Takes the same amount of time. Might as well just explain it to Claude and not pay you."
Our value is the accumulated business context, not the code output. Sell that.
The numbers: her Upwork spend averaged ~$3,500/month with high variance ($165 to $1,400/week). Recommended tier: Professional - a ~$2,000–2,500/month base covering operational coverage plus code review (her team commits actively), with overage billing on heavier development weeks (go-live prep, rollout work). Quiet months cost the base only; active months cost base + development overages. Same average spend, radically more predictable.
The objection to expect: she has CEO accountability on spend and compared us to a competitor quote of ~$3K/quarter for their whole tech stack. The framing that answers it: this is not "paying a developer to be on standby." It's outsourcing the technical operations of a business-critical system to the team that built and understands it, so her team can do grant work instead of becoming part-time sysadmins.
Language Guide
- Say "technology partner," "managed services," "ongoing partnership."
- Never say "MSP" or "managed service provider" to a client - it signals break-fix commodity IT support. We sell cumulative business context, judgment about what matters, and accountability for outcomes, not SLA-driven ticket resolution.
- The tiers communicate depth of partnership, not feature checklists.
- Lead with the client's freedom: "the base subscription buys you the freedom to stop thinking about the technical layer entirely."