IT Support Service Models: Break-Fix vs. Managed vs. Co-Managed
Selecting an IT support service model shapes every downstream decision about staffing, budgeting, and risk tolerance — yet the three dominant structures (break-fix, managed, and co-managed) operate on fundamentally different economic and operational logics. This page defines each model, explains how each functions in practice, maps the scenarios where each performs best, and identifies the decision boundaries that separate one from another. Understanding these distinctions is foundational to interpreting any IT support service model comparison or vendor engagement.
Definition and scope
Break-fix is a reactive, transactional model: an organization contacts an IT provider only after a failure occurs, pays an hourly or per-incident rate, and the engagement ends once the problem is resolved. There is no ongoing contract, no retained access, and no proactive monitoring. The provider bears no financial incentive to prevent problems — revenue is generated only when problems arise.
Managed IT services (often abbreviated MSP — Managed Service Provider) is a subscription model in which a provider assumes ongoing responsibility for defined IT functions at a fixed monthly fee. The provider monitors infrastructure, applies patches, manages endpoints, and responds to incidents under the terms of a service level agreement. Because the provider's profitability improves when the client's environment is stable, the economic incentive shifts toward prevention rather than reaction. The IT Infrastructure Library (ITIL), published by AXELOS and adopted internationally, frames managed services within a broader IT service management discipline that emphasizes continual service improvement (ITIL 4 Foundation, AXELOS).
Co-managed IT services is a hybrid: an organization retains an internal IT department but contracts an MSP to augment specific functions — cybersecurity monitoring, after-hours help desk, patch management, or cloud infrastructure oversight. Responsibility is divided by domain or time-of-day rather than entirely outsourced.
NIST Special Publication 800-53 Rev 5, which governs security and privacy controls for federal information systems (NIST SP 800-53 Rev 5), identifies continuous monitoring as a control requirement that break-fix arrangements structurally cannot satisfy — a distinction with direct compliance implications.
How it works
Each model follows a distinct operational sequence:
Break-fix process:
1. A failure is detected by internal staff or end users.
2. The organization contacts a provider (often from a list of vendors with no prior relationship).
3. A technician diagnoses and resolves the issue.
4. The organization is billed hourly — typical rates ranged from $100 to $250 per hour as of published industry surveys, though rates vary by geography and specialization.
5. The engagement closes; no data on root cause is retained systematically.
Managed services process:
1. An MSP deploys remote monitoring and management (RMM) tooling across the client's environment during an onboarding phase.
2. Automated alerts surface anomalies before they escalate to outages.
3. The MSP applies patches, rotates backups, and manages endpoint management on a scheduled basis.
4. End users submit tickets to a help desk support staffed under defined response-time commitments.
5. Monthly reporting documents system health metrics, ticket volume, and resolution rates.
Co-managed services process:
1. Internal IT and the MSP define a division-of-responsibility matrix — specifying which functions each party owns.
2. The MSP provisions access to shared tooling (ticketing, RMM, documentation platforms).
3. Escalation paths are documented so that tickets flow between internal staff and the MSP without duplication.
4. Governance checkpoints, typically quarterly, reconcile whether the division of responsibilities still fits the organization's needs.
The IT service management frameworks that underpin managed and co-managed models — ITIL 4, ISO/IEC 20000 (published by the International Organization for Standardization), and the NIST Cybersecurity Framework (NIST CSF 2.0) — provide structured vocabulary for these processes. Break-fix lacks a comparable framework backbone.
Common scenarios
Break-fix remains operationally appropriate in three identifiable situations: organizations with 1–5 employees and minimal IT complexity; businesses with equipment under manufacturer warranty that covers labor; and one-time project needs (hardware installation, single-application deployment) with no ongoing support requirement.
Managed services is the predominant model for organizations in regulated industries. Healthcare entities subject to HIPAA (HHS HIPAA Security Rule, 45 CFR §164), financial firms under GLBA, and government contractors operating under CMMC (Cybersecurity Maturity Model Certification, administered by the Department of Defense) all face continuous monitoring requirements that break-fix cannot satisfy. Technology services for healthcare and technology services for financial services consistently surface compliance-driven demand for managed models.
Co-managed services is the characteristic model for mid-market organizations — typically those with 50 to 500 employees — that have invested in internal IT staff but face capability gaps in security operations, 24/7 coverage, or specialized cloud platforms like Microsoft 365. It also appears in enterprise environments where a business unit has distinct IT needs that the central IT department cannot service within existing headcount.
Decision boundaries
The table below maps the primary variables that determine model fit:
| Variable | Break-Fix | Managed | Co-Managed |
|---|---|---|---|
| Internal IT staff | None or minimal | None to minimal | 1 or more FTEs |
| Budget structure | Variable/unpredictable | Fixed monthly | Fixed + internal salaries |
| Compliance requirements | Low to none | Moderate to high | Moderate to high |
| Proactive monitoring required | No | Yes | Shared |
| Scalability need | Low | High | Moderate |
| After-hours coverage | Not included | Typically included | Supplemented by MSP |
Proactive vs. reactive IT support framing maps directly onto this table: break-fix is reactive by design, managed is proactive by contract, and co-managed is a negotiated balance of both.
Three additional decision factors deserve explicit attention:
- Total cost of ownership: Break-fix costs are invisible until failure; managed costs are predictable. For organizations that have experienced a data breach, IBM's Cost of a Data Breach Report 2023 found the average breach cost reached $4.45 million (IBM Cost of a Data Breach Report 2023) — a figure that reframes fixed managed service fees as loss prevention rather than overhead.
- Contractual accountability: Only managed and co-managed models include enforceable SLAs with defined response and resolution time commitments. Technology services response time benchmarks vary by tier, with critical-severity response often required within 1 hour under managed contracts.
- Vendor relationship continuity: Break-fix providers hold no institutional knowledge of the client's environment. Managed and co-managed providers accumulate documented network maps, asset inventories, and change histories — assets that have measurable value during audits and incident response.
Organizations evaluating a transition between models should consult technology services pricing models and review outsourced vs. in-house IT services before finalizing contractual terms.
References
- NIST SP 800-53 Rev 5 — Security and Privacy Controls for Information Systems and Organizations
- NIST Cybersecurity Framework (CSF) 2.0
- AXELOS — ITIL 4 Foundation
- ISO/IEC 20000 — IT Service Management Standard, International Organization for Standardization
- HHS — HIPAA Security Rule, 45 CFR §164
- U.S. Department of Defense — Cybersecurity Maturity Model Certification (CMMC)
- IBM Cost of a Data Breach Report 2023