By mcbecker on

I'm going to be setting up a client with a Drupal site and was wondering what other site builders do for security updates. They will eventually need to patch their installation. For those of you who are designing sites for others do you:

* Do all updates for the client indefinitely?
* Do updates for a given period of time?
* Not do any updates?
* Charge for each update you do?
* Tell them to find someone else to do updates?

I tried searching around for what the industry standard is and couldn't find any answers, maybe I am using the wrong terms to search for. Anyway, I'm interested in hearing what others do. Thanks!

Categories: Drupal 6.x

Comments

groenm’s picture

groenm commented

Usually, the implementation of the site and the maintenance are covered by two separate contracts. It is not uncommon though to already discuss the maintenance contract during the bidding phase of the implementation contract.

What is in the maintenance contract is up to you to decide, often it is a fixed period contract with an automatic renewal. (For example, the contract automatically renews every year unless one of the parties terminates the contract at least x weeks or months before it renews).

Charges can be per update or a fixed charge per period (whether there are updates or not).

Define clearly what is included: only security updates to drupal core, security and bug fixes in core, are contributed modules included? What about bugs in custom made modules written by you?

Define clearly within what period you perform the updates after they have become available. Define how to determine the scheduled downtime for the updates.

Define whether updates are first performed on a test system for testing the updated system, or are directly applied to the live system.

Define who makes a backup before upgrading. (If the client is going to do the backup, define what happens if they did not backup at the scheduled time for the upgrade).

This is just a summary of stuff you should think about.

Greetings,
Mark

mcbecker’s picture

mcbecker commented

I appreciate the reply. I'll keep those items in mind when we discuss maintenance of the site.

oputaossai’s picture

oputaossai commented

Hi,

In response to Mark, do you have any suggestions on how frequently these updates should be, in terms of what's reasonable.

Another question is, if set periods are agreed on, for updates or maintenance, and a bug or new update appears before the scheduled date, would it not be necessary to fix the problem immediately - before that date? If this is case, this would bring uncertainty to the client's yearly budget for the site. What do you think

Thanks
Oputa