⚠ INTERNAL — Elevate Code sales enablement. Do not share this link with clients or forward outside the team.

Managed Services: Offering, Tiers & Playbook

The Pillar 3 productized offering - what we sell on retainer, what each tier includes, how to price it, and how conversions happen. Prepared for sales & account management.

The Model: Base Subscription + Overage

Every managed-services invoice has two components: a base subscription for operational coverage and overage billing for development work beyond included capacity.

Base subscription. A flat monthly fee for the operational layer - monitoring, maintenance, availability, SLA, reporting. This is "don't make me think about it" insurance that keeps the system healthy without the client watching it. Each tier includes a defined number of operational hours for routine maintenance: break-fix, config changes, minor adjustments, dependency updates, code review. The included hours are explicit and visible to the client.

Overage billing. Work that exceeds included hours, or that changes what the system does (new features, integrations, user flows), bills at $120/hr. Overages are flagged before they start, never invoiced as a surprise after.

Billing philosophy - clients pay for human decision-time, not AI compute-time. Our internal billing applies LRBT modifiers that discount hours where AI did the heavy lifting (long-running background tasks bill at 15-30% of wall-clock time). These modifiers are visible on the invoice - the client literally sees when they're paying less because the work was automation-heavy. This is a trust builder; use it in the pitch.

The analogy that lands: it works like a Claude Pro/Max subscription. The base gets you coverage plus defined included usage. Normal months stay within it. Heavy months (go-live prep, feature push, incident) show up as overages. The client gets a predictable base they can budget and report on, with variable cost that maps directly to extra value received.

The Three Tiers

Named to communicate depth of partnership, not a feature checklist. Ranges reflect scope variability - actual quotes are scoped per engagement (see Pricing). Higher tiers inherit everything below them.

Essential
$1,000–1,500/mo
3–5 included operational hrs/mo
We watch the system so the client doesn't have to.
  • Sentry error monitoring, weekly triage (immediate response for critical errors)
  • Backup health verification + quarterly restore test
  • Dependency security alerts (critical CVEs flagged)
  • Monthly plain-language health report
  • Business-hours, best-effort availability (same day non-critical, 4hr critical)
Fits: stable, low-traffic internal tools where the main risk is something breaking silently. No SLA, no proactive maintenance, no code review.
Strategic
$4,000–6,000/mo
15–20 included operational hrs/mo
We operate as their technology department.
  • Everything in Professional, plus:
  • Priority SLA: critical 1hr / high 2hr / normal 4hr (+ weekend availability)
  • Compliance artifact maintenance (HIPAA / bar rules / SOC 2 as applicable)
  • Quarterly roadmap planning (strategic, beyond health review)
  • Dedicated availability for major initiatives (rollouts, migrations)
  • Deeply embedded agentic workflows (routines, loops, scheduled agents)
Fits: business-critical systems, regulated clients (who usually enter here directly), growing external user bases. Greenfield builds & 24/7 on-call scoped separately.

Overage rate is $120/hr at every tier, always with LRBT modifiers applied.

What's Included vs. What's Overage

One question defines the boundary: did the system's capabilities change?

Service Catalog

What we actually do, by category. "Min. tier" is the lowest tier that includes the item; higher tiers inherit everything and often increase frequency. Method notes: Skill (silent) = automated scan, only surfaces if something's found; Skill + review = automated with human review; Meeting = live session.

Advisory / Consultation

ServiceMin. TierFrequencyTimeMethod
Check-in callsThe single highest-value touchpoint. We learn their business; they get surgical recommendations. Compounds over time.EssentialMonthly (E) · Bi-weekly (P) · Weekly (S)30mMeeting
Incident responseE: best-effort business hours. P: defined SLA (critical 2hr). S: adds weekend availability.EssentialAs neededVariesMeeting + manual
Monthly health reportPlain-language: what happened, what we did, what's coming, one recommendation. Makes quiet months feel valuable.EssentialMonthly20mSkill + review
Team AI literacy coachingScale AI capability beyond one power user: prompt hygiene, what not to do, tool selection. Recorded.EssentialQuarterly1–2hMeeting (recorded)
Regulatory update monitoringIRS, FTC, state board guidance changes relevant to the client's AI usage (e.g. §7216, WISP, state CPA positions).ProfessionalMonthly15–30mSkill + brief
New tool/integration evaluationVendor ships a new AI feature - evaluate adopt vs. build. Prevents shiny-object chasing.ProfessionalAs needed1–2hResearch + rec

AI-Specific

ServiceMin. TierFrequencyTimeMethod
Skills & MCP design and oversightDesign, audit, and maintain Claude skills and MCP configs. High damage potential if misconfigured - guardrails, permissions, auth boundaries.EssentialAs needed + quarterly review1–2hMeeting + review
Knowledge base curationVersioned prompt/SOP library for client workflows, incl. onboarding new team members to use it. Addresses the LLM "intern with amnesia" problem.ProfessionalMonthly30m–1hSkill + review
Frontier architecture monitoringScan for new models, providers, and agent approaches that affect client workflows.ProfessionalBi-weekly20mSkill (silent)
Compliance monitoringVertical-specific sweeps: §7216 for tax, HIPAA for healthcare, SOC 2 for finance.ProfessionalMonthly (P) · Bi-weekly (S)30m–1hSkill + review

Operational / Technical

ServiceMin. TierFrequencyTimeMethod
Sentry error monitoring + triagePeriodic scan; only surfaces a report if errors found. No client interaction unless critical.EssentialWeekly (E/P) · Daily (S)20mSkill (silent)
Backup monitoringVerify backups are running and restorable. Ideally two separate backup targets.EssentialMonthly (E/P) · Weekly (S)5mSkill (silent)
Security baseline auditFull audit at onboarding (all tiers); quarterly re-audit at Professional+. Auth, routes, CORS, rate limiting, input validation.EssentialOnboarding + quarterly (P+)30m–1hSkill + review
Dependency security scanningDependabot / npm audit review. Silent unless critical CVEs, then flagged with severity + recommendation.ProfessionalMonthly20mSkill (silent)
Audit logging reviewWho accessed what client data - anomaly hunting. Important for §7216 / HIPAA posture.ProfessionalMonthly15–30mSkill + report

Onboarding (One-Time, All Tiers)

ServiceTimeMethod
Collaborative dev environment setupGitHub repo, Claude Code access, CLAUDE.md guardrails for non-technical leads. Version control via agent commands, not CLI.2–3hMeeting + manual
Onboarding walkthrough sessionFull-team walkthrough of the deployed app: how to use it, what not to do, where to get help.1–2hMeeting (recorded)
CI/CD pipeline setupGitHub Actions: auto-deploy on push, basic lint/type checks.1hManual
Role-based access control designDefine user roles (e.g. preparer / reviewer / admin) with permission levels; review when team or workflow changes.1–2h initialMeeting + manual

Steady-state hours check: the catalog adds up to ~3–4 hrs/mo at Essential, ~8–10 at Professional, ~15–20 at Strategic - which is why the included-hours bands are what they are. Incident response is on top, as needed.

Pricing Rationale & How to Quote

Within-tier placement is set by three factors:

  1. System complexity. A single Next.js app with one database vs. multi-service architecture with integrations, cron jobs, and external API dependencies. More moving parts = more monitoring surface = higher in the range.
  2. User count and criticality. 25 internal users on a workflow tool vs. 500 external clients on a customer-facing platform. Blast radius of downtime determines how tight the SLA needs to be.
  3. Regulatory overhead. Healthcare, legal, and financial clients need compliance artifacts and audit trails that compound every other activity. Regulated clients start at the top of their range or a tier higher.

Why base + overage beats hourly: under hourly, every hour of work required a new scope conversation. Under base + overage, the operational layer is simply covered - no surprises, no approval friction for routine maintenance. Overages only appear when the client actively requests new capabilities, flagged and estimated up front. The base buys peace of mind; overages buy growth.

Consistent overages = tier conversation, not nickel-and-diming. If operational work regularly exceeds included hours, the system has grown, usage changed, or we scoped wrong - we right-size the tier. Development overages are expected to vary month to month and bill as incurred.

How Clients Get Here (Conversion Playbook)

Stabilization → partnership is the primary path. During stabilization we install the operational infrastructure (Sentry, backups, monitoring, CI/CD, auth hardening) that becomes the substrate of the managed service. By the end, we know the system intimately and the client has experienced working with us. The partnership proposal is not a new sale - it's a natural continuation.

The pitch at conversion is not "buy more hours." It's: everything we just set up - error monitoring, backups, security posture - needs someone watching it. You can watch it yourself (you won't, and shouldn't - your job is running your business). You can let it run unwatched (it will decay, and when it breaks you'll be scrambling for someone who understands the system). Or we keep watching it, because we already know it, and problems get caught before you ever hear about them. Development is separate: when you want to build something new, we scope it and you see the estimate before we start.

Strategy engagements (Pillar 1) convert differently. If we built the system we assessed/designed, conversion follows the stabilization pattern. If someone else built it, we can still offer the governance and compliance layer - monitoring whether the implementation stays aligned to the strategy.

Upwork-originated clients: the stabilization engagement stays on Upwork. The ongoing partnership is framed as a new direct engagement outside Upwork's scope - the natural break between "project work" and "ongoing partnership" is the transition point to direct billing via Stripe.

Contract Terms & Client Requirements

What we need from the client

The monthly deliverable

Every client, every tier, gets a monthly health report - plain-language, not a dashboard dump: what happened (errors, incidents, backups, downtime), what we did (maintenance, patches, reviews under included hours), what's coming (dependency EOLs, scaling milestones, compliance deadlines), one genuine recommendation (operational advice, not a sales pitch), and a usage summary (hours used, overages, transparent accounting the client can report to stakeholders). At Professional+ the quarterly business review replaces that month's report with a deeper session.

Case Study: The First Conversion

Our first live conversion (May 2026): a grant services firm, classic Profile 1. The COO built an internal grant-alert registry with Claude Code over ~60 days, then brought us in through Upwork for stabilization - security audit plus production hardening (database migration with hourly backups, auth lockdown on 14 API routes, Sentry integration, off-site backups, performance work, and removal of a build script that could destroy production data).

What she asked for, in her words:

"I just need someone to go in and do all of kind of the technical stuff for me, so I just don't have to deal with it."

She specifically asked about live app support, Sentry monitoring, production issue response, and a "backup person" for technical escalations - and leaned retainer over hourly for the peace-of-mind coverage. She chose us over cheaper offshore alternatives because of trust and accumulated context from the stabilization work.

The moat thesis, in the client's own words (on a future rebuild project):

"We need someone who's really familiar with our business basically, or else it just makes sense for me to do it. Because I can either explain it to you or I can explain it to Claude. Takes the same amount of time. Might as well just explain it to Claude and not pay you."

Our value is the accumulated business context, not the code output. Sell that.

The numbers: her Upwork spend averaged ~$3,500/month with high variance ($165 to $1,400/week). Recommended tier: Professional - a ~$2,000–2,500/month base covering operational coverage plus code review (her team commits actively), with overage billing on heavier development weeks (go-live prep, rollout work). Quiet months cost the base only; active months cost base + development overages. Same average spend, radically more predictable.

The objection to expect: she has CEO accountability on spend and compared us to a competitor quote of ~$3K/quarter for their whole tech stack. The framing that answers it: this is not "paying a developer to be on standby." It's outsourcing the technical operations of a business-critical system to the team that built and understands it, so her team can do grant work instead of becoming part-time sysadmins.

Language Guide