IT & MSP Industry Glossary - MSP Guide Australia

Your MSP Industry Glossary

The Australian MSP industry is loaded with jargon. This glossary breaks down every term you'll encounter — from contracts and compliance to operations and finance.

Bookmark this page. You'll need it.

---

Service Delivery & Operations

SLA — Service Level Agreement

A contract between an MSP and client defining expected service levels — response times, resolution times, uptime guarantees, and penalties for non-compliance. The backbone of managed services. If your MSP breaches SLAs regularly, that's a red flag.

NOC — Network Operations Centre

A centralised facility where technicians monitor networks, servers, and infrastructure 24/7. NOCs handle alert triage, patching, monitoring, and incident response. Often staffed in shifts with L1/L2/L3 tiers.

SOC — Security Operations Centre

Similar to a NOC but focused on cybersecurity. Monitors for threats, investigates security incidents, manages SIEM tools, and coordinates incident response. Critical for MSPs offering managed security services (MSS).

RMM — Remote Monitoring and Management

Software that allows MSPs to remotely monitor, manage, and patch client endpoints (laptops, servers, firewalls). Examples: NinjaOne, Datto RMM, ConnectWise Automate. RMM is the operational backbone — if your MSP's RMM is misconfigured, expect outages.

PSA — Professional Services Automation

The central hub for ticketing, billing, contracts, and project management within an MSP. Examples: ConnectWise Manage, HaloPSA, Autotask. If the PSA is messy, expect billing errors and ticket chaos.

Ticket Queue

The backlog of unresolved support tickets. A growing ticket queue signals under-staffing, poor process, or both. If your team's queue never shrinks, your MSP is probably understaffed.

Escalation

The process of moving a ticket from a lower support tier to a higher one when it can't be resolved at the current level. Excessive escalation is expensive and signals weak L1 processes.

L1 / L2 / L3 Support

Tiered support levels. L1 handles password resets and basic troubleshooting. L2 deals with more complex issues. L3 involves senior engineers, architects, and vendor escalations. A healthy MSP has strong L1 to reduce escalation costs.

Incident Management

The process of restoring normal service as quickly as possible after an unplanned interruption. Part of the ITIL framework. Focuses on speed of resolution, not root cause (that's Problem Management).

Problem Management

Identifying and addressing the root cause of recurring incidents. Unlike Incident Management (which restores service), Problem Management prevents future incidents. Mature MSPs invest heavily here.

Change Management

A formal process for planning, approving, and implementing changes to IT infrastructure. Prevents "cowboy" changes that cause outages. Managed through a Change Advisory Board (CAB).

CAB — Change Advisory Board

A group that reviews and approves proposed changes to production environments. Prevents risky changes and ensures proper testing. A good CAB is a sign of operational maturity.

Capacity Planning

Forecasting future infrastructure needs based on current usage trends. Ensures systems can handle growth without performance degradation. Often neglected in reactive MSPs.

---

Disaster Recovery & Business Continuity

DR/BCP — Disaster Recovery / Business Continuity Planning

DR focuses on restoring IT systems after a disaster. BCP ensures the business can continue operating during and after a disruption. Every MSP should have both — and test them regularly.

RTO — Recovery Time Objective

The maximum acceptable time to restore a system after failure. "4-hour RTO" means systems must be back within 4 hours. Lower RTOs require more expensive infrastructure.

RPO — Recovery Point Objective

The maximum acceptable amount of data loss measured in time. "1-hour RPO" means backups run every hour, so you lose at most 1 hour of data. Critical for compliance-sensitive industries.

---

Security & Compliance

MFA — Multi-Factor Authentication

Requiring two or more verification methods to access an account (e.g., password + authenticator app). The single most effective control against credential theft. Non-negotiable for any IT environment.

Zero Trust

A security model that assumes no user or device is trusted by default, even inside the network. Every access request is verified. The modern standard for IT security architecture.

Essential 8

The Australian Cyber Security Centre's (ACSC) prioritised list of 8 mitigation strategies to protect against cyber threats. Includes application control, patching, macros, admin privileges, patching OS, MFA, backups, and user training. Mandatory baseline for government contractors.

ISO 27001

An international standard for Information Security Management Systems (ISMS). Demonstrates an organisation manages security risks systematically. Often required for enterprise contracts.

SOC 2

A security auditing framework (by AICPA) focused on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. Increasingly required for SaaS and cloud MSPs.

BYOD — Bring Your Own Device

Policies allowing employees to use personal devices for work. Creates security risks — MSPs must have MDM (Mobile Device Management) policies in place.

---

Frameworks & Methodologies

ITIL — Information Technology Infrastructure Library

The most widely adopted framework for IT service management (ITSM). Defines best practices for service strategy, design, transition, operation, and continual improvement. ITIL 4 is the current version.

COBIT — Control Objectives for Information and Related Technologies

A framework for IT governance and management. Helps organisations align IT strategy with business goals. More strategic than ITIL — focuses on governance rather than day-to-day operations.

---

Finance & Pricing

MRR — Monthly Recurring Revenue

The predictable revenue an MSP earns each month from managed services contracts. The lifeblood of MSP valuation. Higher MRR = higher business valuation.

ARR — Annual Recurring Revenue

MRR multiplied by 12. Used for annual planning and valuation discussions. Private equity acquirers love stable ARR.

Churn

The rate at which clients leave an MSP. High churn signals service quality problems. Industry average is 3-5% monthly — anything above is a red flag.

OPEX vs CAPEX

OPEX (Operating Expenses) are ongoing costs like monthly MSP fees. CAPEX (Capital Expenditure) are upfront investments in hardware/infrastructure. MSPs push OPEX because it's recurring revenue. Clients sometimes prefer CAPEX for ownership and control.

TCO — Total Cost of Ownership

The complete cost of a solution over its lifetime — not just the sticker price. Includes licensing, implementation, training, support, and opportunity costs. MSPs often hide costs in TCO.

ROI — Return on Investment

The profit generated relative to the cost. ROI = (Net Profit / Cost) × 100. If your MSP can't demonstrate ROI, question whether they're adding value.

---

Engagement Models

Break-Fix

The traditional model: something breaks, you call the IT provider, they fix it and charge hourly. No proactive maintenance. Expensive long-term and results in more downtime.

Co-Managed IT

A hybrid model where an MSP supplements (rather than replaces) an internal IT team. The MSP handles specific areas (security, cloud, monitoring) while internal IT retains control. Growing trend in mid-market.

vCIO — Virtual Chief Information Officer

A senior IT strategist provided by an MSP on a part-time or fractional basis. Provides technology roadmaps, vendor management, and strategic planning without a full-time CIO salary. Quality varies wildly.

vCISO — Virtual Chief Information Security Officer

Like vCIO but focused on cybersecurity strategy, compliance, and risk management. Essential for organisations that need security leadership but can't afford a full-time CISO.

Vendor Lock-in

When a client becomes so dependent on a specific MSP's proprietary tools, processes, or contracts that switching becomes difficult or expensive. A deliberate strategy by some MSPs — watch for it.

Single Pane of Glass

A management dashboard that provides a unified view of all IT systems and services. Marketing buzzword that rarely delivers on the promise. The reality is usually 3-4 different panes of glass glued together.

---

Labour & Employment

Labour Hire

When an MSP supplies workers to a client through a third-party labour hire agency. Creates a three-way relationship with complex legal obligations. Regulated by state Labour Hire Licensing schemes.

Subcontracting

When an MSP engages individual contractors or other companies to deliver work. Common in the Australian MSP landscape. Creates risk around IP, quality control, and worker rights.

Non-Compete Clause

A contractual restriction preventing you from working for competitors (or starting a competing business) after leaving an MSP. Enforceability varies by state — NSW uses the Restraints of Trade Act 1976.

IP Assignment

A clause transferring ownership of intellectual property (code, scripts, documentation) you create during employment to the MSP. Many MSP contracts include broad IP assignment clauses — read them carefully.

---

Business Strategy

Private Equity (PE) Acquisition

When a private equity firm buys an MSP (or majority stake). Drives consolidation, standardisation, and cost-cutting. Often leads to cultural shifts, layoffs, and "efficiency" measures. Increasingly common in the Australian market.

Operational Maturity

How well an MSP's processes, documentation, and automation are developed. Measured across four stages: Reactive → Stable → Proactive → Scalable. Higher maturity = better service delivery and technician experience.

Effective Hourly Rate (EHR)

The actual revenue per hour of labour on fixed-fee contracts. Formula: Monthly Revenue ÷ Total Hours Worked. The true profitability metric — more revealing than MRR alone.

RHEM — Reactive Hours per Endpoint per Month

The average number of reactive support hours consumed per managed device each month. Formula: Total Reactive Hours ÷ Managed Endpoints. Lower is better — high RHEM means constant firefighting.

First Contact Resolution (FCR)

The percentage of issues resolved during the first contact without escalation. Industry average is ~74%. Elite MSPs target 80%+. Low FCR = expensive, slow service.

---

Related Resources

• MSP Health Score — Rate any MSP in 2 minutes using the terms above
• Contract Clause Analyser — Paste any contract clause to check for red flags
• Salary Arbitrage Calculator — See what you're really worth vs what the MSP pockets
• MSP Directory — Browse profiles of 60+ Australian MSPs
• Red Flag Scanner — Check your contract for common traps
• How to Choose an MSP — Step-by-step selection guide
• MSP Pricing Models — Understanding how MSPs structure fees

---

Last updated: June 2026 · Found a term we missed? Submit it