IT Support Agreement (Australia)
This IT Support Agreement (the “Agreement”) is made on [Agreement Date] between:
[Provider Name] (ABN [Provider ABN], ACN [Provider ACN]), of [Provider Address], [Provider Suburb], [Provider State] [Provider Postcode] (the “IT Provider”); and
[Client Name] (ABN [Client ABN]), of [Client Address], [Client Suburb], [Client State] [Client Postcode] (the “Client”).
The IT Provider and the Client are referred to collectively as the “Parties”.
BACKGROUND
A. The Client wishes to engage the IT Provider to provide managed IT support and related services on the terms and conditions set out in this Agreement.
B. The IT Provider has agreed to provide those services using qualified personnel and in accordance with Australian industry standards, the Privacy Act 1988 (Cth), and the Australian Consumer Law.
NOW, THEREFORE, the Parties agree as follows:
1. SERVICES AND SCOPE
1.1 The IT Provider agrees to provide the following managed IT support services to the Client (the “Services”):
[Services Description]
1.2 The Services are provided via [Support Method].
1.3 Standard support hours are [Support Hours]. Emergency support outside standard hours is available at the rates specified in clause 3.2 or by prior arrangement.
1.4 Any services requested by the Client that are outside the scope of the Services described in clause 1.1 are “Out-of-Scope Work”. Out-of-Scope Work will be quoted separately before commencement and charged at the ad hoc rates in clause 3.2. The IT Provider is not obliged to perform Out-of-Scope Work without a written agreed quotation.
1.5 The IT Provider will perform the Services with due care and skill, using qualified personnel in a manner consistent with Australian industry standards. These obligations are consistent with the consumer guarantees implied by the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)).
2. SERVICE LEVELS
2.1 The IT Provider will classify support requests in accordance with the following priority levels and will use reasonable endeavours to respond within the target response times set out below:
Critical Priority — Definition: Complete failure of a server, network, or core business system, or a security incident affecting the Client’s ability to operate. Target initial response: [Critical Response Time].
High Priority — Definition: A significant degradation in system performance or a failure affecting multiple users, where a workaround exists. Target initial response: [High Response Time].
Standard Priority — Definition: An issue affecting an individual user, a general query, or a request for a non-urgent change. Target initial response: [Standard Response Time].
2.2 Response time means the time between the IT Provider’s receipt of a support request and the IT Provider’s first substantive response to that request. Response time is not a guarantee of resolution within the specified time.
2.3 The IT Provider will use reasonable endeavours to achieve the response times set out in clause 2.1 but does not guarantee that all issues will be resolved within those times. Response time targets may be affected by factors outside the IT Provider’s control, including third-party vendor delays, internet outages, and Client-side access limitations.
2.4 The Client agrees to provide the IT Provider with timely access to systems, premises, and personnel required to diagnose and resolve issues. Delays caused by the Client will extend any applicable response or resolution time accordingly.
3. FEES AND PAYMENT
3.1 Managed services fee: The Client must pay the IT Provider a monthly managed services fee of $[Monthly Fee] AUD ([GST Treatment]) for the Services described in clause 1.1. The IT Provider will issue a valid tax invoice on the first business day of each month, due within [Payment Terms] days of invoice.
3.2 Ad hoc and Out-of-Scope Work: Work performed outside the scope of the monthly managed services fee will be charged at $[Onsite Hourly Rate] per hour (exclusive of GST) for on-site or extended remote support, unless otherwise agreed in writing. Travel time beyond 30 minutes from the IT Provider’s office will be charged at half the hourly rate. Third-party costs (hardware, software licences, cloud subscriptions) will be passed through to the Client at cost plus a procurement fee of 10%, unless the Client procures directly.
3.3 Tax invoices issued by the IT Provider will comply with the A New Tax System (Goods and Services Tax) Act 1999 (Cth) and will include the IT Provider’s ABN.
3.4 If any amount remains unpaid after the due date, the IT Provider may charge interest at 10% per annum, calculated daily. The IT Provider may also suspend or reduce the Services on 5 business days’ written notice until all outstanding amounts are paid, without liability to the Client for any loss caused by such suspension.
3.5 Fees will be reviewed annually. Any increase requires at least 30 days’ written notice and will take effect from the start of the next monthly billing period following the notice period.
4. DATA SECURITY AND PRIVACY
4.1 The IT Provider acknowledges that in performing the Services, it will have access to the Client’s systems, data, and personal information. The IT Provider must implement and maintain the following data security measures:
[Data Security Measures]
4.2 The IT Provider must notify the Client as soon as practicable (and in any event within 4 business hours) of becoming aware of any actual or suspected unauthorised access to, disclosure of, or loss of the Client’s data or systems, and must take all reasonable steps to contain, investigate, and remediate the security incident.
4.3 The IT Provider must handle all personal information obtained in the course of providing the Services in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). The IT Provider must: (a) only use personal information for the purpose of providing the Services; (b) not disclose personal information to any third party without the Client’s written consent, except as required by law; and (c) promptly notify the Client if the IT Provider receives a request for access to personal information from a government authority.
4.4 Where a notifiable data breach occurs or is suspected under Part IIIC of the Privacy Act 1988 (Cth), the Parties will cooperate to determine whether a notifiable breach has occurred and to comply with any mandatory notification obligations to the Office of the Australian Information Commissioner (OAIC) and affected individuals.
4.5 On termination of this Agreement, the IT Provider must promptly return or destroy all Client data in its possession or control in a secure manner, in accordance with the Client’s written instructions.
5. BACKUP AND DISASTER RECOVERY
5.1 The IT Provider will implement and manage the following backup arrangements for the Client’s systems and data:
[Backup Arrangements]
5.2 The Client acknowledges that no backup system can guarantee complete data recovery in all circumstances. The IT Provider provides backup services in accordance with the agreed backup plan but does not guarantee that all data lost in a disaster scenario will be recoverable. The IT Provider’s liability for unrecoverable data loss is limited to the extent specified in clause 6.
5.3 The Client is responsible for maintaining adequate business continuity plans and for ensuring that critical business processes can continue during any IT system outage, regardless of the IT Provider’s response time commitments.
6. LIMITATION OF LIABILITY AND AUSTRALIAN CONSUMER LAW
6.1 Nothing in this Agreement excludes, restricts, or modifies any right or guarantee implied by the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) or any other legislation that cannot lawfully be excluded or limited.
6.2 Subject to clause 6.1 and to the extent permitted by law, the IT Provider’s aggregate liability to the Client for all claims arising under or in connection with this Agreement — whether in contract, tort (including negligence), statute, or otherwise — is limited to the total fees paid by the Client in the 3 calendar months immediately preceding the event giving rise to the liability claim.
6.3 Subject to clause 6.1 and to the extent permitted by law, neither Party will be liable to the other for any indirect, special, incidental, or consequential loss or damage, including loss of revenue, loss of profit, loss of data, loss of business opportunity, or business interruption loss, arising out of or in connection with this Agreement, even if the Party has been advised of the possibility of such loss.
6.4 The IT Provider is not liable for any loss or damage caused by: (a) the Client’s failure to implement the IT Provider’s security recommendations; (b) hardware failure where the hardware is not under a managed maintenance agreement; (c) third-party software defects beyond the IT Provider’s control; (d) the Client’s failure to provide timely access to systems or personnel; or (e) force majeure events including internet or power outages affecting third-party infrastructure.
7. TERM AND TERMINATION
7.1 This Agreement commences on [Commencement Date] and continues for an initial term of [Initial Term] months.
7.2 After the expiry of the initial term, this Agreement will continue on a month-to-month basis, terminable by either Party on [Notice Period] days’ written notice.
7.3 If the Client terminates this Agreement during the initial term for any reason other than the IT Provider’s material breach, the Client must pay an early termination fee equal to the remaining monthly fees that would have been payable for the balance of the initial term.
7.4 Either Party may terminate this Agreement immediately by written notice if the other Party: (a) commits a material breach and fails to remedy it within 14 days of written notice specifying the breach; (b) becomes insolvent, enters administration, or is wound up; or (c) in the case of the IT Provider, experiences a loss of key personnel or capability that materially impacts service delivery.
7.5 On termination for any reason, the IT Provider must: (a) provide reasonable transition assistance for up to 30 days to enable the Client to transfer to a new IT provider; (b) return all Client equipment, data, access credentials, and documentation; and (c) cease all access to the Client’s systems immediately upon the effective date of termination.
8. GENERAL PROVISIONS
8.1 Independent Contractor: The IT Provider is an independent contractor and not an employee, partner, or agent of the Client. The IT Provider is responsible for all tax, superannuation, and insurance obligations with respect to its personnel.
8.2 Confidentiality: Each Party must keep confidential all proprietary and business information of the other Party disclosed in connection with this Agreement and may not disclose it without prior written consent, except to the extent required by law. This obligation survives termination of this Agreement for 3 years.
8.3 Intellectual Property: Nothing in this Agreement transfers ownership of any intellectual property from the IT Provider to the Client. The IT Provider grants the Client a non-exclusive, revocable licence to use any tools, scripts, or documentation provided by the IT Provider solely for the purpose of using the Services during the term of this Agreement.
8.4 Dispute Resolution: In the event of a dispute, the Parties must attempt to resolve it through good-faith negotiation within 14 days of written notice. If unresolved, either Party may refer the dispute to mediation administered by the Australian Disputes Centre before commencing legal proceedings.
8.5 Governing Law: This Agreement is governed by the law of [Governing State], Australia. The Parties submit to the non-exclusive jurisdiction of the courts of [Governing State].
8.6 Entire Agreement: This Agreement constitutes the entire agreement between the Parties with respect to IT support services and supersedes all prior representations and agreements. Amendments must be in writing and signed by both Parties.
EXECUTED as an Agreement.
IT PROVIDER
Business name: [Provider Name]
ABN: [Provider ABN]
Address: [Provider Address], [Provider Suburb], [Provider State] [Provider Postcode]
CLIENT
Business name: [Client Name]
ABN: [Client ABN]
Address: [Client Address], [Client Suburb], [Client State] [Client Postcode]
IT Provider
________________
Signature
Date: ________________
Client
________________
Signature
Date: ________________
What Is a IT Support Agreement (Australia)?
An IT Support Agreement in Australia records the IT support to be provided, the fees, the service standards, and each party's obligations between the provider and the client under the Corporations Act 2001 (Cth).
The legal framework governing IT support agreements in Australia is multifaceted. The Australian Consumer Law (ACL), which forms Schedule 2 of the Competition and Consumer Act 2010 (Cth), implies mandatory consumer guarantees into all contracts for services — including IT services — provided to consumers and small businesses. These guarantees require that services be rendered with due care and skill, be fit for any particular purpose made known to the provider, and be supplied within a reasonable time. The unfair contract terms provisions of the ACL, which have applied to small business contracts since November 2023, also require that IT support agreements not contain terms that create a significant imbalance in rights and obligations without reasonable justification.
Data protection is a central issue for IT support agreements. The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) govern how personal information must be handled by organisations covered by the Act. IT providers typically have extensive access to client systems and data, and the IT support agreement must clearly document the provider's data security obligations, the restrictions on use and disclosure of personal information, and the process for managing and reporting data breaches under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act.
The Australian Signals Directorate (ASD) publishes the Essential Eight cybersecurity controls — a set of baseline mitigation strategies recommended for all Australian organisations. IT support providers and their clients should consider referencing or incorporating the Essential Eight (application control, patch applications, patch operating systems, restrict Microsoft Office macros, user application hardening, restrict administrative privileges, multi-factor authentication, and regular backups) as a security framework within the IT support agreement.
The legal framework governing the IT Support Agreement (Australia) in Australia draws on several key statutes and regulatory bodies. Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Parties executing a IT Support Agreement (Australia) in Australia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Corporations Act 2001 (Cth) sets the foundational requirements.
When Do You Need a IT Support Agreement (Australia)?
An IT Support Agreement is needed by any Australian business that outsources its IT function — in whole or in part — to an external IT service provider. This covers the most common models of IT outsourcing: fully managed IT services (where the IT provider is responsible for all hardware, software, security, and helpdesk); co-managed IT services (where the IT provider supplements an in-house IT team); and break-fix support (where the IT provider responds to incidents on an ad hoc basis without a monthly retainer).
A written agreement is particularly important for: small and medium-sized businesses that have no in-house IT expertise and rely entirely on their MSP for IT continuity; businesses that hold personal information (including health records, financial data, and customer databases) and need to document their IT provider's Privacy Act compliance obligations; professional services firms — including law firms, accounting practices, medical practices, and financial planning businesses — where data confidentiality and system uptime are critical; businesses operating in regulated industries that are subject to specific cybersecurity or data governance standards; and businesses entering multi-year managed services contracts where early termination fees and transition obligations need to be clearly defined.
A written IT support agreement protects both parties: the client gets clear SLA commitments, defined scope, and documented data security obligations; the IT provider gets clear payment terms, defined scope boundaries that prevent scope creep, early termination protections, and a limitation of liability clause that reduces exposure to disproportionate claims.
The agreement is also important for cyber insurance purposes: many Australian cyber insurers require evidence of documented IT security practices, backup procedures, and incident response obligations as a condition of coverage or when calculating premiums.
Parties in Australia should prepare a IT Support Agreement (Australia) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your IT Support Agreement (Australia)
A thorough Australian IT Support Agreement should address the following key provisions.
Scope of services — Define with precision every service included in the monthly managed services fee. Common inclusions are: remote helpdesk support, on-site support visits, network monitoring, patch management, endpoint security management, cloud platform administration (Microsoft 365, Google Workspace, Azure, AWS), email management, backup administration, and IT procurement assistance. Equally important is an explicit exclusions list and a change order process for Out-of-Scope Work.
Service level agreement (SLA) — Specify tiered priority levels (Critical, High, Standard) with clear definitions for each tier and binding target response times. Many SMB managed services contracts target 1 hour for critical issues, 4 business hours for high priority, and 1 business day for standard issues. Include an escalation process and a service reporting obligation so the client can monitor SLA performance.
Support hours and after-hours access — State the standard support hours and the process for obtaining emergency support outside those hours. Specify whether after-hours support is included in the monthly fee or charged at a premium rate.
Fees and payment — Set out the monthly managed services retainer, the GST treatment, and the payment terms. Specify the hourly rate for ad hoc and Out-of-Scope Work, travel charges, and the procurement margin for third-party hardware and software. Include an annual fee review mechanism.
Data security — Document the specific security measures the IT provider will implement and maintain, including endpoint protection, multi-factor authentication, encryption, access controls, and security incident detection. Reference the ASD Essential Eight or equivalent framework if appropriate.
Privacy and data handling — Address the IT provider's obligations under the Privacy Act 1988 (Cth) and APPs, including restrictions on use and disclosure of personal information, the obligation to report data breaches, and the process for complying with the Notifiable Data Breaches scheme.
Backup and disaster recovery — Specify the backup frequency, retention period, storage location (geographically separate from primary data), and testing schedule. Include a realistic acknowledgement that no backup system guarantees 100% recovery.
Term and early termination — Define the initial term, the notice period after the initial term, and the early termination fee if the client exits before the end of the initial term. Include the IT provider's obligations on termination, including data return or destruction, revocation of access, and transition assistance.
Limitation of liability — Include a cap on the IT provider's aggregate liability (typically the fees paid in the preceding 3 months) and an exclusion of indirect and consequential loss, compliant with the Australian Consumer Law.
Additional compliance elements for a IT Support Agreement (Australia) used in Australia include: Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Forms-legal.com provides this template as a starting point for Australia-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). IT Support Agreement (Australia) (Australia) [Legal document template]. Forms Legal. https://forms-legal.com/australia/business/services/it-support-agreement-australia
"IT Support Agreement (Australia) (Australia)." Forms Legal, 2026, https://forms-legal.com/australia/business/services/it-support-agreement-australia.
@misc{formslegal-it-support-agreement-australia,
author = {{Forms Legal}},
title = {IT Support Agreement (Australia) (Australia)},
year = {2026},
howpublished = {\url{https://forms-legal.com/australia/business/services/it-support-agreement-australia}},
note = {Free legal document template. Based on Corporations Act 2001 (Cth)}
}Also available for these jurisdictions:
Frequently Asked Questions
IT service providers that handle personal information on behalf of their clients in Australia are subject to the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) if the provider has an annual turnover of more than $3 million, provides health services, or is otherwise covered by the Privacy Act. Many IT providers will be covered given their turnover or the nature of their services. Under the APPs, personal information must be collected, used, and disclosed only for the primary purpose for which it was collected (or a related secondary purpose that is reasonably expected by the individual). IT providers must also protect personal information from unauthorised access, use, disclosure, and modification. Under Part IIIC of the Privacy Act (the Notifiable Data Breaches scheme), organisations covered by the Act must notify the Office of the Australian Information Commissioner (OAIC) and affected individuals where a data breach is likely to result in serious harm. An IT support agreement should expressly address these obligations and specify the process for reporting and responding to data breaches.
A Service Level Agreement (SLA) in an Australian IT support contract should specify at minimum: the hours during which support is available (for example, Monday to Friday, 8am to 6pm AEST, excluding public holidays); the classification system for support requests (typically Critical, High, and Standard or similar tiers); the target initial response time for each priority tier; the target resolution time (which is often separate from the response time and may be expressed as a business hours target rather than a guarantee); the escalation process when a request is not resolved within the target time; and any service credits or remedies available to the client if the provider consistently misses SLA targets. Managed service agreements often include a monthly service report summarising uptime statistics, response times, and open tickets, which provides the client with visibility of SLA performance.
Yes, with important limitations. Under the Australian Consumer Law (ACL, Schedule 2 of the Competition and Consumer Act 2010 (Cth)), IT support services come with mandatory consumer guarantees — including that services will be rendered with due care and skill — that cannot be excluded by contract. However, where the client is a business (not a consumer under the ACL), the IT provider may limit its liability for data loss to a specified cap, provided the limitation clause is not an unfair contract term under Part 2-3 of the ACL (which now applies to small business contracts). The most common approach is to cap the IT provider's aggregate liability at the total fees paid in the preceding 3 months, and to exclude liability for indirect, consequential, or pure economic loss including loss of data and business interruption. The enforceability of these caps depends on the circumstances, and a solicitor should review any significant liability limitation provisions.
When an IT support agreement ends, the IT provider typically has administrative access to the client's systems, cloud services, network devices, email platforms, and potentially to sensitive business and personal data. The agreement must clearly specify what happens to this access on termination: all access credentials (admin accounts, VPN access, cloud portal access, SSH keys) must be revoked or transferred; all client data in the provider's possession must be returned or securely destroyed in accordance with the client's written instructions; all client equipment and documentation must be returned; and the provider should deliver a final handover report to enable the incoming provider to take over management. The agreement should also include a reasonable transition assistance period — typically 30 days — during which the outgoing provider cooperates with the client and incoming provider to ensure continuity of IT services.
Under Part IIIC of the Privacy Act 1988 (Cth) — the Notifiable Data Breaches (NDB) scheme — organisations covered by the Privacy Act must notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable after becoming aware that an eligible data breach has occurred. An eligible data breach is one where there has been unauthorised access to or disclosure of personal information (or loss of personal information in circumstances likely to result in unauthorised access), and where a reasonable person would conclude that the breach is likely to result in serious harm to one or more individuals. As an IT provider with access to the client's systems and personal data, the provider may be the first to detect a breach. The IT support agreement should specify: (a) the provider's obligation to notify the client within a set timeframe (for example, 4 business hours) of detecting an actual or suspected breach; (b) the process for jointly determining whether an eligible data breach has occurred; and (c) how any mandatory OAIC notification will be coordinated between the parties.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Service Agreement (Australia)
Create a comprehensive Australian Service Agreement compliant with the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) and the common law of contract. Covers scope of services, GST-inclusive or exclusive fees, payment terms, consumer guarantees, intellectual property ownership, confidentiality, Privacy Act 1988 obligations, limitation of liability, and termination rights. Suitable for consultants, freelancers, agencies, and businesses providing services to other businesses or consumers across all Australian states and territories.
Software Licence Agreement (Australia)
Licence software in Australia with this comprehensive Software Licence Agreement covering SaaS, on-premises, and hybrid delivery models. Compliant with the Copyright Act 1968 (Cth) (software protected as literary work), the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) including consumer guarantees for digital products, and the Privacy Act 1988 (Cth) with Notifiable Data Breaches scheme. Covers uptime SLA, support terms, acceptable use, IP ownership of customisations, data ownership, GST, and limitation of liability.
Non-Disclosure Agreement (NDA) (Australia)
Protect your confidential business information under Australian common law with a legally sound Non-Disclosure Agreement (NDA). Whether you are sharing trade secrets with a prospective partner, disclosing proprietary technology to a developer, or presenting financial projections to a potential investor, a properly drafted Australian NDA keeps your sensitive information under strict legal protection. Our template complies with Australian contract law principles and includes provisions addressing the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Consultancy Agreement (Australia)
Create a professional Consultancy Agreement for Australia. Covers scope of services, fixed or hourly fees, GST, expense reimbursement, IP ownership, confidentiality, liability cap, professional indemnity insurance, and Australian Consumer Law compliance. Suitable for all states and territories.
Independent Contractor Agreement (Australia)
Create a legally compliant Independent Contractor Agreement for Australia. Covers ABN requirements, sham contracting protections, GST, IP ownership, WHS obligations, and the multi-factor contractor test under Fair Work Act 2009. Suitable for all states and territories including NSW, VIC, QLD, WA, SA, and ACT.