I'm setting up an e-commerce site for a client. It's a pretty standard setup, using Zen Cart, Authorize.net for credit card payments, with a hosting provider who has PCI compliance. Every other site I have done for a client I have been able to be available for hire for follow-on work if they want it, or never hear from them again if they didn't, and that was fine.
This is the first time as an independent consultant that I've done a store for a client with no technical expertise of their own. I want to negotiate some sort of ongoing maintenance contract that would allow me to stay on top of any security patches or upgrades for Zen Cart or PHP or whatever, make sure that the automated backup systems I set up for them stay operational, check their access logs every so often for suspicious activity, etc. I could not in good conscience build the site and walk away and see them get hacked when the next vulnerability is discovered. It should not require much of my time except when something comes up or when the client asks for a quote for some modification or enhancement.
Any suggestions for the typical terms and rates for such a contract? Perhaps a monthly retainer that covers up to some certain amount of my time, with anything past that in a month being billed at hourly rates after a quote and approval? How many minimum hours or what minimum price would make sense? Or would a completely different structure be more typical?