IT Support Agreement (Singapore)
IT SUPPORT AGREEMENT
This IT Support Agreement ("Agreement") is entered into between [Provider Name] (UEN: [Provider U E N]), of [Provider Address] ("Provider"), and [Client Name] (UEN: [Client U E N]), of [Client Address] ("Client").
This Agreement is governed by the laws of Singapore, including the Personal Data Protection Act 2012 (PDPA) and the Cybersecurity Act (Cap. 5D).
1. Services
1.1 The Provider shall provide the following IT support services to the Client: [Service Scope].
1.2 Support Hours: [Support Hours]. Support requests outside these hours may attract additional charges at the rate of [Out Of Scope Rate].
1.3 Support requests shall be submitted to the Provider at [Provider Contact].
2. Service Level Agreement (SLA)
2.1 The Provider commits to the following response and resolution targets: [Sla Response Time].
2.2 Uptime Guarantee: [Uptime Guarantee].
2.3 SLA credits or remedies for missed targets shall be as agreed between the parties in writing.
3. Fees and Payment
3.1 The Client shall pay the Provider a monthly retainer of [Monthly Fee], invoiced monthly in advance, payable within 14 days of invoice date.
3.2 Out-of-scope work: [Out Of Scope Rate]. All out-of-scope work requires written pre-approval from the Client.
3.3 All fees are subject to GST at the prevailing rate (currently 9%) under the GST Act (Cap. 117A).
4. Term and Termination
4.1 This Agreement commences on [Contract Start Date] and continues for [Contract Term], unless earlier terminated.
4.2 Either party may terminate this Agreement by giving [Notice Period] written notice.
4.3 Either party may terminate immediately for material breach not remedied within 14 days of written notice, or for insolvency.
5. Data Protection (PDPA)
5.1 The Provider acknowledges that it is a data intermediary under the Personal Data Protection Act 2012 (PDPA) in respect of any personal data of the Client's customers, employees, or other data subjects that it accesses in performing the services.
5.2 [Pdpa Obligations]
5.3 Upon termination, the Provider shall return or securely destroy all Client personal data within 30 days.
6. Liability
6.1 [Liability Cap]
6.2 Neither party shall be liable for indirect, consequential, or special losses including loss of profit, data, or business opportunity, except in cases of fraud or wilful misconduct.
6.3 Liability for death or personal injury caused by negligence cannot be excluded under the Unfair Contract Terms Act (Cap. 396).
7. Confidentiality
7.1 Both parties shall keep confidential all information exchanged under this Agreement and shall not disclose it to third parties without prior written consent.
7.2 Confidentiality obligations shall survive termination of this Agreement for 3 years.
IT Service Provider / Authorised Signatory
________________
Signature
Client / Authorised Signatory
________________
Signature
What Is a IT Support Agreement (Singapore)?
An IT Support Agreement in Singapore records the terms the parties accept and the commitments each makes to the other.
The agreement defines the service scope, response and resolution times through a Service Level Agreement (SLA), the pricing model (monthly retainer, per-incident, or tiered support packages), the provider’s access to the client’s systems, and the data protection obligations arising from the provider’s access to personal data stored on the client’s systems. Under the PDPA, IT support providers that access or process personal data on the client’s systems are classified as data intermediaries under Section 4 and must comply with the protection obligation under Section 24 and the mandatory data breach notification requirements under Section 26D.
Singapore’s IT support services market serves over 280,000 SMEs registered with ACRA, many of which rely on external IT support providers rather than maintaining in-house IT teams. The Infocomm Media Development Authority (IMDA) promotes IT adoption among SMEs through programmes such as the SMEs Go Digital initiative, which includes pre-approved IT solutions and support services. The Cybersecurity Act 2018 imposes additional obligations on critical information infrastructure (CII) owners, and IT support providers serving CII owners must comply with the cybersecurity requirements prescribed by the Cyber Security Agency of Singapore (CSA).
An IT Support Agreement differs from an IT Services Agreement, which covers project-based engagements such as software development, system integration, or cloud migration. A Software Licence Agreement covers the right to use specific software products, while a SaaS Agreement covers cloud-based subscription services. A Cloud Services Agreement addresses infrastructure hosting and platform services. Organisations with both project and ongoing support needs should maintain separate agreements for each engagement type.
The Computer Misuse Act 1993 (Cap. 50A) criminalises unauthorised access to computer systems, and the IT Support Agreement must clearly define the systems and data that the provider is authorised to access. Access beyond the authorised scope — even by a contracted IT support provider — may constitute an offence under Section 3 of the Computer Misuse Act. The Electronic Transactions Act (Cap. 88) confirms that electronically executed IT Support Agreements are legally valid. Under Singapore law, Section 169 of the Companies Act 1967 (Cap. 50) and Section 8 of the Employment Act 1968 (Cap. 91) govern the core requirements for this type of document. Under Singapore law, Section 22 of the Stamp Duties Act (Cap. 312) and Section 6 of the Conveyancing and Law of Property Act (Cap. 61) govern the core requirements for this type of document.
When Do You Need a IT Support Agreement (Singapore)?
An IT Support Agreement in Singapore is required whenever an organisation engages an external provider for ongoing IT maintenance, monitoring, and technical support services.
When a small or medium enterprise (SME) registered with ACRA does not maintain an in-house IT team and relies on an external provider for day-to-day IT support — including workstation troubleshooting, email administration, printer support, and network connectivity issues — the IT Support Agreement defines the provider’s service scope, availability hours, and response commitments. IMDA’s SMEs Go Digital programme encourages SMEs to engage pre-approved IT support providers for managed services.
When an organisation requires 24/7 monitoring of its IT infrastructure — including servers, firewalls, backup systems, and network devices — the IT Support Agreement must specify the monitoring scope, alerting thresholds, escalation procedures, and the provider’s obligation to respond to critical alerts within defined timeframes. The Cybersecurity Act 2018 requires CII owners to implement continuous monitoring, and the IT Support Agreement should address compliance with CSA’s cybersecurity requirements.
When a company transitions from an in-house IT team to an outsourced IT support model, the IT Support Agreement must include a transition plan, knowledge transfer requirements, documentation of the client’s IT environment, and a ramp-up period during which the provider familiarises itself with the client’s systems. MAS Technology Risk Management Guidelines require financial institutions to manage outsourcing transitions with documented exit plans.
When the client’s IT environment includes systems that store or process personal data — such as customer databases, HR systems, or financial records — the IT Support Agreement must include PDPA-compliant data protection clauses. Under Section 24 of the PDPA, the client remains responsible for the security of personal data even when an IT support provider has access to the systems, and the agreement must require the provider to implement reasonable security measures.
When an organisation requires IT support for regulatory compliance purposes — such as maintaining audit trails, implementing access controls, or managing data retention policies required by IRAS (five-year record retention under the Income Tax Act 1947) — the IT Support Agreement should address the provider’s role in supporting the client’s compliance obligations.
What to Include in Your IT Support Agreement (Singapore)
An IT Support Agreement in Singapore must contain the following essential components to define the service relationship and protect both parties.
Service provider and client details must include the full legal names and UEN numbers of both parties registered with ACRA, registered addresses, and the primary contact persons for service requests and escalations. The provider’s Data Protection Officer (DPO) appointed under Section 11(3) of the PDPA should be identified.
Service scope must define the specific IT support services included in the agreement, categorised by service type: reactive support (break-fix troubleshooting, incident resolution), proactive support (system monitoring, patch management, backup verification, antivirus updates), and scheduled maintenance (system updates, hardware inspections, performance optimisation). The scope must clearly state what is included and excluded to prevent scope disputes.
Service Level Agreement (SLA) must specify measurable performance commitments, including response times by incident severity (critical: 30 minutes, high: 1 hour, medium: 4 hours, low: next business day), resolution targets, system uptime guarantees (typically 99.5% to 99.9%), and service availability hours (business hours, extended hours, or 24/7). Service credits for SLA breaches should be defined as a percentage of the monthly retainer fee.
Fees and payment terms must specify the pricing model (monthly retainer, per-incident fees, tiered packages with defined support hours), the contract value, GST at 9% under the Goods and Services Tax Act (Cap. 117A), invoicing frequency, payment terms (typically 14 to 30 days from invoice date), and any additional charges for after-hours support, on-site visits, or hardware procurement.
PDPA and data protection provisions must address the provider’s obligations when accessing systems containing personal data. Under Section 24 of the PDPA, the provider must implement reasonable security measures including encryption, access controls, audit logging, and secure remote access protocols. The mandatory data breach notification requirement under Section 26D requires the provider to notify the client within 3 calendar days of assessing a notifiable data breach.
Liability and indemnity provisions must cap the provider’s total liability (typically at the aggregate fees paid during the preceding 12 months), exclude liability for consequential or indirect losses (subject to the Unfair Contract Terms Act, Cap. 396), and require each party to indemnify the other against third-party claims arising from the indemnifying party’s breach of the agreement.
The forms-legal.com IT Support Agreement template covers all 7 sections including the SLA framework, PDPA data intermediary provisions, confidentiality obligations, and the termination and exit management clauses required for Singapore IT support engagements. Under Singapore law, the common-law requirements for a valid contract — offer, acceptance, consideration, and intention to create legal relations — Section 169 of the Companies Act 1967 (Cap. 50), and Section 13 of the Personal Data Protection Act 2012 (PDPA) govern the core requirements for this type of document.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). IT Support Agreement (Singapore) (Singapore) [Legal document template]. Forms Legal. https://forms-legal.com/singapore/business/services/it-support-agreement-singapore
"IT Support Agreement (Singapore) (Singapore)." Forms Legal, 2026, https://forms-legal.com/singapore/business/services/it-support-agreement-singapore.
@misc{formslegal-it-support-agreement-singapore,
author = {{Forms Legal}},
title = {IT Support Agreement (Singapore) (Singapore)},
year = {2026},
howpublished = {\url{https://forms-legal.com/singapore/business/services/it-support-agreement-singapore}},
note = {Free legal document template. Based on Companies Act 1967 (Cap. 50)}
}Also available for these jurisdictions:
Frequently Asked Questions
An IT Support Agreement is legally binding in Singapore under the common law of contract and the Electronic Transactions Act (Cap. 88), provided the agreement meets the standard requirements for contract formation. The agreement does not require notarization, registration, or witnesses to be enforceable. Electronically signed agreements are legally valid under the Electronic Transactions Act. Singapore courts enforce IT Support Agreements and have awarded damages for breach of SLA commitments and failure to deliver contracted services. The agreement’s enforceability depends on the clarity of the service scope, SLA definitions, and the measurability of the performance standards — vague or ambiguous SLA terms may be difficult to enforce. Under Singapore law, specifically the Companies Act 1967 (Cap. 50), parties should seek independent legal advice to confirm compliance with all applicable requirements and confirm the document meets the standards set by the relevant regulatory authorities.
Standard SLA response times for IT support services in Singapore are typically graded by incident severity: critical incidents (system-wide outage or data loss) require a 15-30 minute response and 4-hour resolution target; high-severity incidents (major functionality impaired) require a 1-hour response and 8-hour resolution; medium-severity incidents (minor functionality affected, workaround available) require a 4-hour response and 24-hour resolution; and low-severity incidents (general queries, non-urgent requests) require a next-business-day response. Response time is measured from the time the incident is logged through the provider’s ticketing system. Resolution time is the elapsed time until the incident is resolved or a workaround is implemented. Service credits for SLA breaches are typically calculated as 5-25% of the monthly retainer fee.
An IT support provider that accesses or processes personal data on a client’s systems is classified as a data intermediary under Section 4 of the Personal Data Protection Act 2012 (PDPA). Data intermediaries must comply with the protection obligation (Section 24), requiring reasonable security measures to protect personal data against unauthorised access, disclosure, or modification. The provider must also comply with the mandatory data breach notification provisions under Section 26D — notifying the client within 3 calendar days of assessing a breach that is likely to cause significant harm to individuals or affects 500 or more individuals. The IT Support Agreement should include clauses requiring the provider to implement encryption, access controls, audit logging, staff training, and incident response procedures. The PDPC may impose financial penalties of up to S$1 million for PDPA violations.
An IT Support Agreement can be terminated early in accordance with the termination provisions in the agreement. Most agreements provide for termination on written notice (typically 30 to 90 days), allowing both parties time to manage the transition. Immediate termination without notice is typically permitted for material breach (such as persistent SLA failures, security incidents, or breach of confidentiality), loss of the provider’s ACRA registration, or insolvency. Upon termination, the provider must cooperate with the transition to a successor provider or the client’s in-house team, return all client data and documentation, remove access credentials, and provide a final service report. The agreement should include an exit management clause specifying the provider’s transition assistance obligations and the timeline for completing the handover.
An IT Support Agreement covers ongoing, retainer-based technical support services — including help desk, system monitoring, patch management, backup verification, and break-fix troubleshooting — delivered over a continuous contract term (typically 12 to 36 months). An IT Services Agreement covers project-based technology engagements with defined deliverables and completion milestones — such as software development, system integration, cloud migration, or cybersecurity assessment. The IT Support Agreement typically uses a monthly retainer or per-incident pricing model, while the IT Services Agreement uses fixed-price or time-and-materials pricing. Organisations that require both ongoing support and project-based services should maintain separate agreements for each engagement type to avoid scope confusion and pricing disputes.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Bookkeeping Agreement (Singapore)
A Bookkeeping Agreement for the engagement of a bookkeeper or accounting services firm in Singapore. Covers scope of services, fees, ACRA filing obligations, GST compliance, IRAS requirements, confidentiality under PDPA 2012, and termination provisions.
Catering Agreement (Singapore)
A food catering services agreement compliant with Singapore Food Agency (SFA) licensing requirements and the Sale of Food Act 1973. Covers menu, food safety obligations, SFA licensed premises requirements, staffing, event liability, cancellation terms, and payment for corporate and event catering in Singapore.
Childcare Service Agreement (Singapore)
A childcare centre service agreement licensed under the Early Childhood Development Agency (ECDA), covering enrolment terms, Child Development Account (CDA) and subsidy arrangements, PDPA obligations for child data, health and safety protocols, and fee schedules for centre-based childcare in Singapore.
Cleaning Services Agreement (Singapore)
A commercial or residential cleaning services contract for Singapore, covering scope of cleaning works, service frequency, NEA environmental compliance, staff qualifications, chemical safety under the Environmental Protection and Management Act, payment terms, and liability.
Co-Working Space Agreement (Singapore)
A licence agreement between a co-working space operator and a member or company granting access to shared office facilities in Singapore. Addresses membership tiers, hot-desking and private office options, house rules, termination, and landlord-tenant law distinctions.