I'm setting up an e-commerce site for a client. It's a pretty standard setup, using Zen Cart, Authorize.net for credit card payments, with a hosting provider who has PCI compliance. Every other site I have done for a client I have been able to be available for hire for follow-on work if they want it, or never hear from them again if they didn't, and that was fine.
This is the first time as an independent consultant that I've done a store for a client with no technical expertise of their own. I want to negotiate some sort of ongoing maintenance contract that would allow me to stay on top of any security patches or upgrades for Zen Cart or PHP or whatever, make sure that the automated backup systems I set up for them stay operational, check their access logs every so often for suspicious activity, etc. I could not in good conscience build the site and walk away and see them get hacked when the next vulnerability is discovered. It should not require much of my time except when something comes up or when the client asks for a quote for some modification or enhancement.
Any suggestions for the typical terms and rates for such a contract? Perhaps a monthly retainer that covers up to some certain amount of my time, with anything past that in a month being billed at hourly rates after a quote and approval? How many minimum hours or what minimum price would make sense? Or would a completely different structure be more typical?
These kind of follow up contracts fall into several different categories:
Maintenance (something done on a scheduled basis) Updates (something scheduled, but done as the updates occur) Service (which usually means be there within a set time frame if something goes horribly wrong)
Each as a reasonable price scale... it will be up to you and your client as to what that range will be.
In the first category I consider my time for the work and set a flat price per month. Second category I charge by the hour, scheduling as soon as possible after updates are made available.
Third category the rate goes up tremendously since I have to drop whatever I am doing to respond within 4 hours.
If you Google "service level agreement" or SLA you will find information on this but I appreciate your problem as we are in the same situation with a client at present. It is all about getting the SLA properly defined in a way that the client uunderstands what he is paying for.
In any agreement, particularly those that presume a time frame for response, make sure there's a clause included for your vacation in (select favorite destination). In which case you have a backup service if contracted, or the client agrees they can't declare breach during that time period. Small thing... but I saw one of my fellows in this industry get eaten alive for taking a trip to Belize for a week and unable to get to Cleveland when a client had a severe problem. In other words CYA as much as possible, and is fair to both you and the client.