MERLONIX
Sign inStart free

Website Monitoring Retainer Contract Template: What to Include and Why

Most agencies that include website monitoring in their retainer agreements do not have a contract clause that describes it. They monitor client infrastructure because it is the right thing to do, but the scope, the cadence, and the response expectations are not written anywhere. This creates two predictable problems.

The first is a perception gap. The client does not know monitoring is happening, and therefore cannot value it. When they consider whether the retainer is worth renewing, they do not include the monitoring in their mental accounting because they were never told it was included.

The second is a liability gap. When something goes wrong — and at some point, something always does — the scope of the agency's monitoring obligation is ambiguous. Was domain registration monitoring included? Was the agency supposed to catch a DNS change the client's IT team made? Without a documented scope, every incident becomes a negotiation about what the agency was responsible for.

A written monitoring scope in the retainer contract closes both gaps.

The Core Components of a Monitoring Scope Clause

A monitoring scope clause in an agency retainer agreement should cover five things:

What is monitored. The specific check types the agency will run: SSL certificate validity and expiry, DNS record integrity, domain registration status, uptime or HTTP response checks, and vendor/third-party service status where applicable. List them explicitly. Do not use blanket language like "website health" — it is too vague to be enforceable or credible.

Which assets are covered. The domains and subdomains included in scope. For a standard retainer, this is typically the primary domain plus any subdomains the agency manages. The contract should specify whether it covers all subdomains or named subdomains only, and whether assets added during the retainer period are automatically included or require a scope amendment.

The check cadence. How often each check type runs. SSL and DNS checks at five-to-fifteen minute intervals are the agency-grade standard. Domain registration checks daily or weekly. Vendor status checks matching the provider's own update cadence. Document the specific intervals so the client knows what "monitoring" means operationally.

Alert and response commitments. How quickly the agency will respond to a triggered alert, through what channel, and what actions the agency is committed to taking. This is not the same as an SLA promising uptime — the agency does not control the infrastructure. It is a process commitment: the agency will alert on SSL expiry 30 days in advance, will investigate a DNS anomaly within one business hour, will proactively notify the client of vendor incidents affecting their stack within four hours of detection.

What is out of scope. Equally important to what is included. The contract should be explicit that monitoring does not cover assets not registered in the monitoring system, that the agency cannot monitor assets for which it does not have domain verification, and that certain check types require client cooperation (DNS TXT records for verification, access to domain registrar accounts for registration monitoring). Out-of-scope items prevent disputes when something unmonitored breaks.

Template Language

Below is template language for each section. Adapt it to your standard contract format and jurisdiction.

Monitoring Services

As part of this retainer, Agency will maintain automated monitoring of the following asset types for the Client's domains listed in Schedule A:

  • SSL/TLS certificate validity: expiry date, issuer, chain integrity
  • DNS record integrity: A, CNAME, MX, NS, CAA records against baseline
  • Domain registration status: expiry date, registrar account status
  • Third-party service status: services listed in Schedule B, monitored via provider status APIs

Check Cadence

SSL and DNS checks will run at intervals not to exceed fifteen minutes. Domain registration checks will run at intervals not to exceed twenty-four hours. Third-party vendor status will be checked at intervals not to exceed five minutes.

Alert Response Commitments

Agency commits to the following alert response process:

  • SSL expiry alerts at 30 and 14 days before expiry: Agency will initiate certificate renewal within one business day of the 30-day alert.
  • DNS anomaly alerts: Agency will investigate and communicate findings to Client within two business hours.
  • Vendor service incidents affecting Client's stack: Agency will notify Client within four business hours of alert, with status update as the incident resolves.
  • Domain registration alerts at 60 and 14 days before expiry: Agency will initiate renewal within one business day of the 60-day alert.

Out of Scope

Monitoring services do not extend to: (a) assets not listed in Schedule A; (b) assets for which Client has not completed domain verification through Agency's monitoring system; (c) internal applications not accessible via public DNS; (d) assets whose registrar accounts are not accessible to Agency. Agency is not responsible for downtime, certificate errors, or DNS failures on out-of-scope assets.

Monitoring Reports

Agency will deliver a written monitoring summary to Client by the fifth business day of each calendar month. The summary will include: check coverage for the prior month, alert history, incidents investigated, and renewal actions taken.

Why Each Clause Matters

The response commitment section is the most important from a retention standpoint and the most commonly skipped. Agencies are reluctant to put response timelines in writing because they feel like a liability. The opposite is true.

A written response commitment makes the monitoring visible. Clients who know the agency commits to investigating DNS anomalies within two hours think of the agency as operationally responsible, not just strategically helpful. The commitment is not a guarantee of uptime — it is a commitment to process. That distinction is worth drawing clearly in the contract.

The out-of-scope section is the most important from a liability standpoint. The most common dispute pattern is: something unmonitored breaks, the client asks why the agency did not catch it, and the agency has no documented answer. An explicit out-of-scope clause turns that conversation from an accusation into a scope discussion. "This domain was not in the monitoring schedule — would you like us to add it to the retainer?"

The monthly report clause ties everything together. A monitoring scope that includes a report delivery commitment creates a recurring touchpoint that makes the monitoring value visible. Without the report, clients receive alerts they may not read carefully and have no accumulated picture of what the agency caught over the year. The report is what turns a background operational practice into a documented service.

Pricing the Monitoring Scope

A common question when adding a formal monitoring scope to a retainer is whether to price it separately or bundle it. For most agencies running retainers in the $1,500–$5,000/month range, monitoring is most effectively bundled — it is part of what "managing the client's digital infrastructure" means, and itemizing it risks commoditization.

For agencies running flat-fee monitoring retainers sold as a standalone service, a separate line item is appropriate. The scope document then doubles as the sales artifact — this is exactly what is included for the monthly fee.

See how to price website monitoring for clients for the full pricing framework, including per-domain vs. flat-fee models and how to present monitoring as a premium service rather than a commodity check.

If you are building a monitoring retainer from scratch and need the SLA framework rather than the contract template, that is a different document — the SLA covers commitments to the client about their own uptime, while this contract template covers the agency's monitoring process obligations. Both are worth having, and the SLA reference in the monitoring contract reinforces the value structure.

→ See also: Agency Website Monitoring Retainer → See also: How to Price Website Monitoring for Clients → See also: Uptime SLA for Agency Clients → See also: Agency Client Reporting Automation → Complete guide: Agency Monitoring Retainer Guide