Services Guide

This Services Guide contains provisions that define, clarify, and govern the scope of the services described in the quote that has been provided to you (the “Quote”), as well as the policies and procedures that we follow (and to which you agree) when we provide a service to you or facilitate a service for you. If you do not agree with the terms of this Services Guide, you should not sign the Quote and you must contact us for more information.

This Services Guide is our “owner’s manual” that generally describes all managed services provided or facilitated by IT Network Specialists (“ITNS,” “we,” “us,” or “our”); strong>however, only those services specifically described in the Quote will be facilitated and/or provided to you (collectively, the “Services”).

This Services Guide is governed under our Master Services Agreement (“MSA”). You may locate our MSA through the link in your Quote or, if you want, we will send you a copy of the MSA by email upon request. Capitalized terms in this Services Guide will have the same meaning as the capitalized terms in the MSA, unless otherwise indicated below.

Activities or items that are not specifically described in the Quote will be out of scope and will not be included unless otherwise agreed to by us in writing.

Please read this Services Guide carefully and keep a copy for your records.

Initial Audit / Diagnostic Services

In the Initial Audit/Diagnostic phase of our services, we audit your managed information technology environment (the “Environment”) to determine the readiness for, and compatibility with, ongoing managed services. Our auditing services may be comprised of some or all of the following:

  • Audit to determine general Environment readiness and functional capability
  • Review of hardware and software configurations
  • Review of current vendor service / warranty agreements for Environment hardware and software
  • Basic security vulnerability check
  • Basic backup and file recovery solution audit
  • Speed test and ISP audit
  • Print output audit
  • Office telephone vendor service audit
  • Asset inventory
  • Email and website hosting audit
  • IT support process audit

If deficiencies are discovered during the auditing process (such as outdated equipment or unlicensed software), we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of the Services and provide you with options to correct the deficiencies. Please note, unless otherwise expressly agreed by us in writing, auditing services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the auditing process. Issues that are discovered in the Environment after the auditing process is completed may be addressed in one or more subsequent quotes.

Onboarding Services

In the Onboarding phase of our services, we will prepare your IT environment for the monthly managed services described in the Quote. During this phase, we will work with your Authorized Contact(s) to review the information we need to prepare the targeted environment, and we may also:

  • Uninstall any monitoring tools or other software installed by previous IT service providers.
  • Compile a full inventory of all protected servers, workstations, and laptops.
  • Uninstall any previous endpoint protection and install our managed security solutions (as indicated in the Quote).
  • Install remote support access agents (i.e., software agents) on each managed device to enable remote support.
  • Configure Windows® and application patch management agent(s) and check for missing security updates.
  • Uninstall unsafe applications or applications that are no longer necessary.
  • Optimize device performance including disk cleanup and endpoint protection scans. Review firewall configuration and other network infrastructure devices.
  • Review status of battery backup protection on all mission critical devices.
  • Stabilize network and assure that all devices can securely access the file server.
  • Review and document current server configuration and status.
  • Determine existing business continuity strategy and status; prepare backup file recovery and incident response option for consideration.
  • Review password policies and update user and device passwords.
  • As applicable, make recommendations for changes that should be considered to the managed environment.

This list is subject to change if we determine, at our discretion, that different or additional onboarding activities are required.

If deficiencies are discovered during the onboarding process, we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of our monthly managed services. Please note, unless otherwise expressly stated in the Quote, onboarding-related services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the onboarding process.

The duration of the onboarding process depends on many factors, many of which may be outside of our control—such as product availability/shortages, required third party vendor input, etc. As such, we can estimate, but cannot guarantee, the timing and duration of the onboarding process. We will keep you updated as the onboarding process progresses.

Ongoing / Recurring Services

Ongoing/recurring services are services that are provided to you or facilitated for you on an ongoing basis and, unless otherwise indicated in a Quote, are billed to you monthly. Some ongoing/recurring services will begin with the commencement of onboarding services; others will begin when the onboarding process is completed. Please direct any questions about start or “go live” dates to your account manager.

Managed Services

Services & Solutions General Description

eFax Services

Implementation and facilitation of an industry-recognized eFax solution from our designated Third Party Provider. Features include:

Features include:

  • You can send and receive faxes from anywhere with an internet connection.
  • You can create a fax document in a digital format, such as a PDF, Word document, or image file. Then, you upload this file to the eFax service’s platform, where you specify the recipient’s fax number and other details. The service converts your digital document into a format that can be received by a traditional fax machine, and it’s transmitted to the recipient’s fax number.
  • When someone sends a fax to your eFax number, the service receives the fax, converts it into a digital format (usually a PDF), and sends it to your email inbox or fax portal. You can view, save, or print the faxed documents directly from your computer or mobile device.

Efax User

Implementation and facilitation of an industry-recognized eFax solution from our designated Third Party Provider. Features include:

Provides a single user access to send and receive a fax from either the fax portal or email.

ITNS_MS-Advanced

Implementation and facilitation of an industry-recognized, next generation workstation malware protection solution from our designated Third Party Provider.

Software agents installed in covered devices protect against malware and prevent intruder access. Used in coordination with other endpoint security layers and security solutions to create a comprehensive defensive strategy.

  • Next-generation deep learning malware detection, file scanning, and live protection for Workstation OS.
  • Web access security and control, application security and control, intrusion prevention system.
  • Data loss prevention, exploit prevention, malicious traffic detection, disk, and boot record protection.
  • IT Asset Management
  • Monitor and Remediate Windows & third-party patches.
    • Any remediation that would require manual intervention would not be covered.
  • Monitoring of Critical Services and/or Processes
    • Software agents installed in Covered Equipment (defined below) report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with the Service Levels described below.
    • Includes capacity monitoring, alerting us to severely decreased or low disk capacity (covers standard fixed HDD partitions, not external devices such as USB or mapped drives)
    • Includes routine operating system inspection and cleansing to help ensure that disk space is increased before space-related issues occur.
    • Review and installation of updates and patches for supported software.
    • Any remediation that would require manual intervention would not be covered.

Implementation and facilitation of a top-tier, DNS filtering solution from our designated Third Party Provider. Must have the correct firewall license for this service to be used.

  • Content Filtering
  • Malware and Phishing Protection
  • Compliance and Security

Implementation and facilitation of an industry-recognized zero trust endpoint software from our designated Third Party Provider.

  • Block untrusted Software.
  • Dynamic Control over Network Traffic
  • Ringfencing Applications
  • Elevation Control
  • Storage Control

Includes remote support Monday-Friday between 8AM-5PM CST excluding major holidays. to assist with supported hardware and software issues. If remote support is able to resolve the issue but the client requests onsite support, additional charges may apply.

Includes onsite support Monday-Friday between 8AM-5PM CST excluding major holidays. up to 15 miles from 3900 S Lake Drive, Texarkana, TX 75501.

ITNS_MS-Basic

Implementation and facilitation of an industry-recognized, next generation workstation malware protection solution from our designated Third Party Provider.

Software agents installed in covered devices protect against malware and prevent intruder access. Used in coordination with other endpoint security layers and security solutions to create a comprehensive defensive strategy.

Features include:

  • Next-generation deep learning malware detection, file scanning, and live protection for Workstation OS.
  • Web access security and control, application security and control, intrusion prevention system.
  • Data loss prevention, exploit prevention, malicious traffic detection, disk, and boot record protection.
  • IT Asset Management
  • Monitor and Remediate Windows & third-party patches.
    • Any remediation that would require manual intervention would not be covered.
  • Monitoring of Critical Services and/or Processes
    • Software agents installed in Covered Equipment (defined below) report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with the Service Levels described below.
    • Includes capacity monitoring, alerting us to severely decreased or low disk capacity (covers standard fixed HDD partitions, not external devices such as USB or mapped drives)
    • Includes routine operating system inspection and cleansing to help ensure that disk space is increased before space-related issues occur.
    • Review and installation of updates and patches for supported software.
    • Any remediation that would require manual intervention would not be covered.

Implementation and facilitation of a top-tier, DNS filtering solution from our designated Third Party Provider. Must have the correct firewall license for this service to be used.

  • Content Filtering
  • Malware and Phishing Protection
  • Compliance and Security

Does not include any remote or onsite support to include any manual remediation.

ITNS_MS-Basic+

Implementation and facilitation of a top-tier, disk encryption solution from our designated Third Party Provider.

  • Data Protection
  • Encryption Algorithms
  • Pre-Boot Authentication
  • Remote Wipe
  • Compliance
  • Compliance

Implementation and facilitation of an industry-recognized vulnerability scanning solution from our designated Third Party Provider.

  • Vulnerability scanning identifies holes in the managed network that could be exploited. External vulnerability scans (which pertain to the IP address assigned to each customer location through the Client’s ISP) are run monthly. Internal vulnerability scans (which pertain to all systems inside the managed network) are run at least annually.
  • Vulnerability results will be discussed during business review meetings with Client. Vulnerability reports will be made available on request.
  • Any manual remediation will not be covered under this service.

Please see additional terms for vulnerability scanning below

Implementation and facilitation of an industry-recognized zero trust endpoint software from our designated Third Party Provider.

  • Block untrusted Software.
  • Dynamic Control over Network Traffic
  • Ringfencing Applications
  • Elevation Control
  • Storage Control

Implementation and facilitation of an industry-recognized, next generation workstation malware protection solution from our designated Third Party Provider.

Software agents installed in covered devices protect against malware and prevent intruder access. Used in coordination with other endpoint security layers and security solutions to create a comprehensive defensive strategy.

Features include:

  • Next-generation deep learning malware detection, file scanning, and live protection for Workstation OS.
  • Web access security and control, application security and control, intrusion prevention system.
  • Data loss prevention, exploit prevention, malicious traffic detection, disk, and boot record protection.
  • IT Asset Management
  • Monitor and Remediate Windows & third-party patches.
    • Any remediation that would require manual intervention would not be covered.
  • Monitoring of Critical Services and/or Processes
    • Software agents installed in Covered Equipment (defined below) report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with the Service Levels described below.
    • Includes capacity monitoring, alerting us to severely decreased or low disk capacity (covers standard fixed HDD partitions, not external devices such as USB or mapped drives)
    • Includes routine operating system inspection and cleansing to help ensure that disk space is increased before space-related issues occur.
    • Review and installation of updates and patches for supported software.
    • Any remediation that would require manual intervention would not be covered.

Does not include any remote or onsite support to include any manual remediation.

ITNS_MS-Premium

Implementation and facilitation of an industry-recognized, next generation workstation malware protection solution from our designated Third Party Provider.

Software agents installed in covered devices protect against malware and prevent intruder access. Used in coordination with other endpoint security layers and security solutions to create a comprehensive defensive strategy.

  • Next-generation deep learning malware detection, file scanning, and live protection for Workstation OS.
  • Web access security and control, application security and control, intrusion prevention system.
  • Data loss prevention, exploit prevention, malicious traffic detection, disk, and boot record protection.
  • IT Asset Management
  • Monitor and Remediate Windows & third-party patches.
    • Any remediation that would require manual intervention would not be covered.
  • Monitoring of Critical Services and/or Processes
    • Software agents installed in Covered Equipment (defined below) report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with the Service Levels described below.
    • Includes capacity monitoring, alerting us to severely decreased or low disk capacity (covers standard fixed HDD partitions, not external devices such as USB or mapped drives)
    • Includes routine operating system inspection and cleansing to help ensure that disk space is increased before space-related issues occur.
    • Review and installation of updates and patches for supported software.
    • Any remediation that would require manual intervention would not be covered.

Implementation and facilitation of a top-tier, DNS filtering solution from our designated Third Party Provider. Must have the correct firewall license for this service to be used.

  • Content Filtering
  • Malware and Phishing Protection
  • Compliance and Security

Implementation and facilitation of a top-tier, disk encryption solution from our designated Third Party Provider

  • Data Protection
  • Encryption Algorithms
  • Pre-Boot Authentication
  • Remote Wipe
  • Compliance

Implementation and facilitation of an industry-recognized vulnerability scanning solution from our designated Third Party Provider.

  • Vulnerability scanning identifies holes in the managed network that could be exploited. External vulnerability scans (which pertain to the IP address assigned to each customer location through the Client’s ISP) are run monthly. Internal vulnerability scans (which pertain to all systems inside the managed network) are run at least annually.
  • Vulnerability results will be discussed during business review meetings with Client. Vulnerability reports will be made available on request.

Implementation and facilitation of an industry-recognized zero trust endpoint software from our designated Third Party Provider.

  • Block untrusted Software.
  • Dynamic Control over Network Traffic
  • Ringfencing Applications
  • Elevation Control
  • Storage Control

Includes remote support Monday-Friday between 8AM-5PM CST excluding major holidays. to assist with supported hardware and software issues. If remote support is able to resolve the issue but the client requests onsite support, additional charges may apply.

Includes onsite support Monday-Friday between 8AM-5PM CST excluding major holidays. up to 15 miles from 3900 S Lake Drive, Texarkana, TX 75501.

ITNS_MS-Premium 24/7

Implementation and facilitation of an industry-recognized, next generation workstation malware protection solution from our designated Third Party Provider.

Software agents installed in covered devices protect against malware and prevent intruder access. Used in coordination with other endpoint security layers and security solutions to create a comprehensive defensive strategy.

  • Next-generation deep learning malware detection, file scanning, and live protection for Workstation OS.
  • Web access security and control, application security and control, intrusion prevention system.
  • Data loss prevention, exploit prevention, malicious traffic detection, disk, and boot record protection.
  • IT Asset Management
  • Monitor and Remediate Windows & third-party patches.
    • Any remediation that would require manual intervention would not be covered.

Monitoring of Critical Services and/or Processes

  • Software agents installed in Covered Equipment (defined below) report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with the Service Levels described below.
  • Includes capacity monitoring, alerting us to severely decreased or low disk capacity (covers standard fixed HDD partitions, not external devices such as USB or mapped drives)
  • Includes routine operating system inspection and cleansing to help ensure that disk space is increased before space-related issues occur.
  • Review and installation of updates and patches for supported software.
  • Any remediation that would require manual intervention would not be covered.

Implementation and facilitation of a top-tier, DNS filtering solution from our designated Third Party Provider. Must have the correct firewall license for this service to be used.

  • Content Filtering
  • Malware and Phishing Protection
  • Compliance and Security

Implementation and facilitation of a top-tier, disk encryption solution from our designated Third Party Provider

  • Data Protection
  • Encryption Algorithms
  • Pre-Boot Authentication
  • Remote Wipe
  • Compliance

Implementation and facilitation of an industry-recognized vulnerability scanning solution from our designated Third Party Provider.

  • Vulnerability scanning identifies holes in the managed network that could be exploited. External vulnerability scans (which pertain to the IP address assigned to each customer location through the Client’s ISP) are run monthly. Internal vulnerability scans (which pertain to all systems inside the managed network) are run at least annually.
  • Vulnerability results will be discussed during business review meetings with Client. Vulnerability reports will be made available on request.
  • Any manual remediation will not be covered under this service.

Please see additional terms for vulnerability scanning below.

Implementation and facilitation of an industry-recognized zero trust endpoint software from our designated Third Party Provider.

  • Block untrusted Software.
  • Dynamic Control over Network Traffic
  • Ringfencing Applications
  • Elevation Control
  • Storage Control

Includes 24/7 remote support to assist with supported hardware and software issues. If remote support is able to resolve the issue but the client requests onsite support, additional charges may apply.

Includes 24/7 remote support to assist with supported hardware and software issues up to 15 miles from 3900 S Lake Drive, Texarkana, TX 75501.

ITNS_MS-Secure

Implementation and facilitation of an industry-recognized, next generation workstation malware protection solution from our designated Third Party Provider.

Software agents installed in covered devices protect against malware and prevent intruder access. Used in coordination with other endpoint security layers and security solutions to create a comprehensive defensive strategy.

  • Next-generation deep learning malware detection, file scanning, and live protection for Workstation OS.
  • Web access security and control, application security and control, intrusion prevention system.
  • Data loss prevention, exploit prevention, malicious traffic detection, disk, and boot record protection.
  • IT Asset Management
  • Monitor and Remediate Windows & third-party patches.
    • Any remediation that would require manual intervention would not be covered.
  • Monitoring of Critical Services and/or Processes
    • Software agents installed in Covered Equipment (defined below) report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with the Service Levels described below.
    • Includes capacity monitoring, alerting us to severely decreased or low disk capacity (covers standard fixed HDD partitions, not external devices such as USB or mapped drives)
    • Includes routine operating system inspection and cleansing to help ensure that disk space is increased before space-related issues occur.
    • Review and installation of updates and patches for supported software.
    • Any remediation that would require manual intervention would not be covered.

Implementation and facilitation of a top-tier, DNS filtering solution from our designated Third Party Provider. Must have the correct firewall license for this service to be used.

  • Content Filtering
  • Malware and Phishing Protection
  • Compliance and Security

Implementation and facilitation of a top-tier, disk encryption solution from our designated Third Party Provider

  • Data Protection
  • Encryption Algorithms
  • Pre-Boot Authentication
  • Remote Wipe
  • Compliance

Implementation and facilitation of an industry-recognized vulnerability scanning solution from our designated Third Party Provider.

  • Vulnerability scanning identifies holes in the managed network that could be exploited. External vulnerability scans (which pertain to the IP address assigned to each customer location through the Client’s ISP) are run monthly. Internal vulnerability scans (which pertain to all systems inside the managed network) are run at least annually.
  • Vulnerability results will be discussed during business review meetings with Client. Vulnerability reports will be made available on request.

Implementation and facilitation of an industry-recognized zero trust endpoint software from our designated Third Party Provider.

  • Block untrusted Software.
  • Dynamic Control over Network Traffic
  • Ringfencing Applications
  • Elevation Control
  • Storage Control

Includes remote support Monday-Friday between 8AM-5PM CST excluding major holidays. to assist with supported hardware and software issues. If remote support is able to resolve the issue but the client requests onsite support, additional charges may apply.

Includes onsite support Monday-Friday between 8AM-5PM CST excluding major holidays. up to 15 miles from 3900 S Lake Drive, Texarkana, TX 75501.

Additional Features:

  • Annual Risk Assessment
  • Incident Response Plan

ITNS_MS-Standard

Implementation and facilitation of an industry-recognized, next generation workstation malware protection solution from our designated Third Party Provider.

Software agents installed in covered devices protect against malware and prevent intruder access. Used in coordination with other endpoint security layers and security solutions to create a comprehensive defensive strategy.

  • Next-generation deep learning malware detection, file scanning, and live protection for Workstation OS.
  • Web access security and control, application security and control, intrusion prevention system.
  • Data loss prevention, exploit prevention, malicious traffic detection, disk, and boot record protection.
  • IT Asset Management
  • Monitor and Remediate Windows & third-party patches.
    • Any remediation that would require manual intervention would not be covered.
  • Monitoring of Critical Services and/or Processes
    • Software agents installed in Covered Equipment (defined below) report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with the Service Levels described below.
    • Includes capacity monitoring, alerting us to severely decreased or low disk capacity (covers standard fixed HDD partitions, not external devices such as USB or mapped drives)
    • Includes routine operating system inspection and cleansing to help ensure that disk space is increased before space-related issues occur.
    • Review and installation of updates and patches for supported software.
    • Any remediation that would require manual intervention would not be covered.

Includes remote support Monday-Friday between 8AM-5PM CST excluding major holidays. to assist with supported hardware and software issues. If remote support is able to resolve the issue but the client requests onsite support, additional charges may apply.

Includes onsite support Monday-Friday between 8AM-5PM CST excluding major holidays. up to 15 miles from 3900 S Lake Drive, Texarkana, TX 75501.

License-Agreement

All software provided to you by or through ITNS is licensed, not sold, to you (“Software”). In addition to any Software-related requirements described in ITNS’s Master Services Agreement, Software may also be subject to end user license agreements (EULAs), acceptable use policies (AUPs), and other restrictions all of which must be strictly followed by you and any of your authorized users.

When installing/implementing software licenses in the managed environment or as part of the Services, we may accept (and you agree that we may accept) any required EULAs or AUPs on your behalf. You should assume that all Software has an applicable EULA and/or AUP to which your authorized users and you must adhere. If you have any questions or require a copy of the EULA or AUP, please contact us.

MS - Adv Net Mon
  • Monitors, updates (software/firmware), and supports Client-supplied firewall, managed switches and wireless access points.
  • Helps to prevent hackers from accessing internal network(s) from outside the network(s), while providing secure and encrypted remote network access; provides antivirus scanning for all traffic entering and leaving the managed network; provides website content filtering functionality.

MS - Caas

Implementation and facilitation of an industry-recognized, compliance software solution from our designated Third Party Provider.

Features include:

  • Regulatory Monitoring
  • Policy Management
  • Risk Assessment
  • Auditing and Reporting
  • Security Controls
  • Data Retention and Archiving
  • Data Privacy

MS - CaaS

Perform a cybersecurity assessment under NIST CSF using the NIST Risk Management Framework & NIST 800-53.

  • Identifies how Client currently assesses, mitigates, and tracks its cybersecurity requirements.
  • Identifies authorized and unauthorized devices in the managed network.
  • Identifies gaps or deficiencies in the Client’s operations that would prevent compliance under NIST CSF.

The assessment will cover the following five core areas of the NIST framework:

MS - Caas

The results of the assessment will be provided in a report that will identify detected risks and your organization’s current maturity levels (i.e., indicators that represent the level of capabilities within your organization’s security program) and will propose actionable activities to help increase relevant maturity levels and augment your organization’s security posture. This assessment can be applied to other security Frameworks as needed per the specific requirements needed. Additional assessments would be needed.

Please Note: This service is limited to an assessment/audit only. Remediation of issues discovered during the assessment, as well as additional solutions required to bring your managed environment into compliance, are not part of this service. After the audit is complete, we will discuss the results with you to determine what steps, if any, are needed to bring your organization into full compliance.

MS - DB

MS - Endpoint Backup

Implementation and facilitation of a backup and file recovery solution from our designated Third Party Provider.

  • 24/7 monitoring of backup system, including only offsite backup.
  • Troubleshooting and remediation of failed backups.
  • Preventive maintenance and management of imaging software.
  • Problem analysis by the network operations team.
  • Monitoring of backup successes and failures.

Backup Data Security: All backed up data is encrypted in transit and at rest in 256-bit AES encryption. All facilities housing backed up data implement physical security controls and logs, including security cameras, and have multiple internet connections with failover capabilities.

Backup Retention: Backed up data will be retained for the periods indicated below, unless a different time period is expressly stated in the Quote. This includes both on-premise and cloud backups.

  • Cloud Backups

    All cloud backups will be stored in a secure, off-site location that meets the organization’s security standards. Cloud backups will be performed daily and retained on a rolling thirty (30) day basis.

Recovery of Data: If you need to recover any of your backed up data, then the following procedures will apply:

  • Service Hours: Backed up data can be requested during our normal business hours, which are currently Monday-Friday excluding major holidays from 8AM-5PM CST.
  • Request Method: Requests to restore backed up data should be made through one of the following methods:

Restoration Time: We will endeavor to restore backed up data as quickly as possible following our receipt of a request to do so; however, in all cases data restoration services are subject to (i) technician availability and (ii) confirmation that the restoration point(s) is/are available to receive the backed up data.

MS - DBR

Implementation and facilitation of a backup and file recovery solution from our designated Third Party Provider.

  • 24/7 monitoring of backup system, including offsite backup, offsite replication, and an onsite backup appliance (“Backup Appliance”).
  • Troubleshooting and remediation of failed backup disks.
  • Preventive maintenance and management of imaging software.
  • Firmware and software updates of backup appliance.
  • Problem analysis by the network operations team.
  • Monitoring of backup successes and failures.
  • Daily recovery verification.

Backup Data Security: All backed up data is encrypted in transit and at rest in 256-bit AES encryption. All facilities housing backed up data implement physical security controls and logs, including security cameras, and have multiple internet connections with failover capabilities.

Backup Retention: Backed up data will be retained for the periods indicated below, unless a different time period is expressly stated in the Quote. This includes both on-premise and cloud backups.

  • On-Premise Backups

    All on-premise backups will be stored on either a dedicated server, external hard drive, or Network Attached Storage (NAS) device, which will be kept in a secure location with restricted access. On-premise backups will be performed daily and retained on a rolling thirty (30) day basis.

  • Cloud Backups

    All cloud backups will be stored in a secure, off-site location that meets the organization’s security standards. Cloud backups will be performed daily and retained on a rolling thirty (30) day basis.

Backup Alerts: Managed servers will be configured to inform of any backup failures.

Recovery of Data: If you need to recover any of your backed up data, then the following procedures will apply:

  • Service Hours: Backed up data can be requested during our normal business hours, which are currently Monday-Friday excluding major holidays from 8AM-5PM CST.
  • Request Method: Requests to restore backed up data should be made through one of the following methods:

Restoration Time: We will endeavor to restore backed up data as quickly as possible following our receipt of a request to do so; however, in all cases data restoration services are subject to (i) technician availability and (ii) confirmation that the restoration point(s) is/are available to receive the backed up data.

MS - Disk Encryption

Implementation and facilitation of a top-tier, disk encryption solution from our designated Third Party Provider.

  • Data Protection
  • Encryption Algorithms
  • Pre-Boot Authentication
  • Remote Wipe
  • Compliance

MS - DNS Protection

Implementation and facilitation of a top-tier, DNS filtering solution from our designated Third Party Provider. Must have the correct firewall license for this service to be used.

  • Content Filtering
  • Malware and Phishing Protection
  • Compliance and Security

MS - Email AI Pro
  • Real-time defense against business email compromise MS - Email AI Pro's unique API-based architecture lets its AI engine study historical email and learn users’ unique communication patterns. It can then identify anomalies in message metadata and content, to find and block socially engineered attacks in real time. This approach based on historical patterns is far more accurate than traditional policy based strategies for detecting socially engineered and account-takeover attacks.
  • Protection against account takeover and insider risk Account takeover lets hackers secretly study their target and plan their attack. Gateway defenses never see the internal attacks that are launched from these compromised accounts, so they can't detect them. MS - Email AI Pro stops phishing attacks used to harvest credentials for account takeover. It detects anomalous email behavior and alerts IT, then finds and removes all fraud emails sent from compromised accounts.

MS - Email Sec Adv

Implementation and facilitation of a trusted email threat protection solution from our designated Third Party Provider.

  • Managed email protection from phishing, business email compromise (BEC), SPAM, and email-based malware.
  • Friendly Name filters to protect against social engineering impersonation attacks on managed devices.
  • Protection against social engineering attacks like whaling, CEO fraud, business email compromise or W-2 fraud.
  • Protects against newly registered and newly observed domains to catch the first email from a newly registered domain.
  • Protects against display name spoofing.
  • Protects against “looks like” and “sounds like” versions of domain names.
  • Protects against incorrect DKIM records.
  • Protects against incurred SPF records.
  • Protects against missing PTR records.
  • Protects against GeoIP location.

Please see Anti-Virus; Anti-Malware and Breach / Cyber Security Incident Recovery sections below for important details.

All hosted email is subject to the terms of our Hosted Email Policy and our Acceptable Use Policy.

MS - IaaS

As part of our IaaS service, we will monitor and maintain managed infrastructure as follows:

  • IaaS works on the principle of virtualization. An IaaS platform lets you select the type and configuration of the infrastructure you require. The system then automatically creates digital versions of the underlying infrastructure. These virtualized computing resources mimic the behavior of physical resources. For you and your applications, everything works the same as it would on a physical device.

MS - Internet Services

Implementation and facilitation of a top-tier, Internet Service Provider from our designated Third Party Provider.

  • Internet services refer to the various offerings and functionalities provided to users over the internet. These services are diverse and cover a wide range of functions, communication, entertainment, information, and productivity.

MS - IT Auditing

Implementation and facilitation of a top-tier, IT auditing solution from our designated Third Party Provider.

  • IT Auditing is commonly used in corporate and enterprise environments where data security, regulatory compliance, and risk management are paramount concerns. It helps organizations maintain control over their data, prevent data breaches, and demonstrate compliance with data protection and privacy regulations.
  • Minimize the risk of data breaches
  • Achieve and prove compliance

MS - MFA

Implementation and facilitation of a multi-factor authentication solution from our designated Third Party Provider.

  • Advanced multifactor authentication with advanced admin features.
  • Secures on-premises and cloud-based applications.
  • Permits custom access policies based on role, device, location.
  • Identifies and verifies device health to detect “risky” devices

MS - M365 MDR
  • 24/7 protection of incoming and ongoing cyberattacks with MDR for Microsoft 365
  • Suspicious Login Identification
  • Suspicious Mail Forwarding
  • Privilege Escalation
  • Account Isolation
  • 24/7 Security Operations Center (SOC)
  • Assisted Rule Removal

MS - Password MGR

Implementation and facilitation of a password management protection solution from our designated Third Party Provider.

  • Password Vault: Securely store and organize passwords in a secure digital location accessed through your browser or an app.
  • Password Generation: Generate secure passwords with editable options to meet specific criteria.
  • Financial Information Vault: Securely store and organize financial information such as bank accounts and credit card information in a secure digital location accessed through your browser or an app.
  • Contact Information Vault: Store private addresses and personal contact information within your vault accessed through your browser or an app.
  • Browser App: Browser extension permits easy access to your information including the vaults, financial information, contact information, and single sign-on through the app.
  • Smart-Phone App: Mobile phone app enables access to your vault and stored information on your mobile device.

MS - Pen Test

Penetration testing (or “pen” testing) simulates a cyberattack against your IT infrastructure to identify exploitable vulnerabilities. Unlike ongoing vulnerability scanning services that provide a constant, static level of network scanning, pen testing may involve several stages of reconnaissance and actual attack methodologies (such as brute force attacks and/or SQL injection attacks) and may include unconventional and targeted attacks that occur during business and non-business hours. Pen testing may consist of any of the following:

  • External Pen Testing: exposes vulnerabilities in your internet-facing systems, networks, firewalls, devices, and/or web applications that could lead to unauthorized access.
  • Internal Pen Testing: Validates the effort required for an attacker to overcome and exploit your internal security infrastructure after access is gained.
  • PCI Pen Testing: Using the goals set by the PCI Security Standards Council, this test involves both external and internal pen testing methodologies.
  • Web App Pen Testing: Application security testing using attempted infiltration through a website or web application utilizing PTES and the OWASP standard testing checklist.

Please see additional terms for Penetration Testing below.

MS - Remote Workforce

Implementation and facilitation of a top-tier, remote workforce solution from our designated Third Party Provider.

  • Remote Desktop Control: Remote Workforce enables users to remotely access and control a computer or mobile device from another location.

MS - Sec Awa Tra

Implementation and facilitation of a security awareness training solution from our designated Third-Party Provider.

  • Unlimited dark web monitoring
  • Simulated phishing
  • Weekly Micro Training
  • Cybersecurity training courses
  • Monthly Security Newsletter
  • Employee Vulnerability Assessment
  • Annual Risk Assessment
  • Policy & Procedure Templates

MS - SIEM

Implementation and facilitation of an industry leading SIEM solution from our designated Third Party Provider.

The SIEM service utilizes threat intelligence to detect threats that can exploit potential vulnerabilities against your managed network.

  • Initial Assessment. Prior to implementing the SIEM service, we will perform an initial assessment of the managed network at your premises to define the scope of the devices/network to be monitored (the “Initial Assessment”).
  • Monitoring. The SIEM service detects threats from external facing attacks as well as potential insider threats and attacks occurring inside the monitored network. Threats are correlated against known baselines to determine the severity of the attack.
  • Alerts & Analysis. Threats are reviewed and analyzed by third-party human analysts to determine true/false positive dispositions and actionability. If it is determined that the threat was generated from an actual security-related or operationally deviating event (an “Event”), then you will be notified of that Event.

Events are triggered when conditions on the monitored system meet or exceed predefined criteria (the “Criteria”). Since the Criteria are established and optimized over time, the first thirty (30) days after deployment of the SIEM services will be used to identify a baseline of the Client’s environment and user behavior. During this initial thirty (30) day period, Client may experience some “false positives” or, alternatively, during this period not all anomalous activities may be detected.

Note: The SIEM service is a monitoring and alert-based system only; remediation of detected or actual threats are not within the scope of this service and may require Client to retain ITNS’s services on a time and materials basis.

MS - SMTP Relay

Implementation and facilitation of a top-tier, remote workforce solution from our designated Third Party Provider.

  • An SMTP relay (Simple Mail Transfer Protocol relay) is a mail server or service that helps route email messages between different email servers or across networks. It acts as an intermediary for the transmission of email, allowing emails to be sent from one email server to another, especially when those servers are not directly connected. SMTP relays are commonly used to ensure the reliable and efficient delivery of email messages.

MS - Vul Scan

Implementation and facilitation of an industry-recognized vulnerability scanning solution from our designated Third Party Provider.

Vulnerability scanning identifies holes in the managed network that could be exploited. External vulnerability scans (which pertain to the IP address assigned to each customer location through the Client’s ISP) are run monthly. Internal vulnerability scans (which pertain to all systems inside the managed network) are run at least annually.

Vulnerability results will be discussed during business review meetings with Client. Vulnerability reports will be made available on request.

Please see additional terms for vulnerability scanning below.

MS - Website

Implementation and facilitation of an industry-recognized managed word press from our designated Third Party Provider.

  • Automatic Updates
  • Security
  • Hosting and Infrastructure Management
  • Performance Optimization
  • Backups
  • Technical Support Monday-Friday between 8AM-5PM CST excluding major holidays.
  • Content Management
  • Scalability

ITNS-VoIP

Implementation and facilitation of an industry-recognized VoIP solution from our designated Third Party Provider.

Features include:

  • Scalable VoIP-based telephone service with call transferring, voicemail, caller ID, call hold, conference calling, and call waiting functionalities.
  • Central control panel provides access to VoIP-related configurations, including physical address registration, call routing, updating greetings, and ability to turn on/off service features.
  • Service includes a single concurrent call path per quantity
  • Ability to use mobile app dialing

Important: There are additional terms related to the VoIP service, including your use of E911 features, toward the end of this Services Guide. Please read them carefully. You may be required to sign an additional consent form indicating your understanding and acceptance of the limitations of 911 dialing using the VoIP services.

Professional Services

Includes all labor charges for the installation and configuration of quoted hardware and or software.

Includes all labor charges for setup of new workstations, or replacement of existing workstations.

  • Labor covers:

    • New computers / additional computers added during the term of the Quote;
    • Replacement of existing computers that are four (4) or more years old (as determined by the manufacturer’s serial number records);
    • Replacement of existing computers that lost/stolen or irreparably damaged and/or out of warranty but not yet four years old;
    • Operating systems upgrades – subject to hardware compatibility.
  • Remote support provided during normal business hours for managed devices and covered software.
  • Tiered-level support provides a smooth escalation process and helps to ensure effective solutions.

The following restrictions apply:

  • This service is not available for used or remanufactured computers; and,
  • New/replacement computers must be business-grade machines (not home) from a major manufacturer like Dell, HPE, or Lenovo.

Covered Environment

Managed Services will be applied to the number of devices indicated in the Quote (“Covered Hardware”). The list of Covered Hardware may be modified by mutual consent (email is sufficient for this purpose); however, we reserve the right to modify the list of Covered Hardware at any time if we discover devices that were not previously included in the list of Covered Hardware and which are receiving Services, or as necessary to accommodate changes to the quantity of Covered Hardware.

Unless otherwise stated in the Quote, Covered Devices will only include technology assets (such as computers, servers, and networking equipment) owned by the Client’s organization. As an accommodation, ITNS may provide guidance in connecting a personal device to the Client’s organization’s technology, but support of personal devices is generally not included in the Scope of Services.

If the Quote indicates that the Services are billed on a “per user” basis, then the Services will be provided for up to two (2) Business Devices used by the number of users indicated in the Quote. A “Business Device” is a device that (i) is owned or leased by Client and used primarily for business, (ii) is regularly connected to Client’s managed network, and (iii) has installed on it a software agent through which we (or our designated Third Party Providers) can monitor the device.

We will provide support for any software applications that are licensed through us. Such software (“Supported Software”) will be supported on a “best effort” basis only and any support required beyond Level 2-type support will be facilitated with the applicable software vendor/producer. Coverage for non-Supported Software is outside of the scope of the Quote and will be provided to you on a “best-effort” basis and a time and materials basis with no guarantee of remediation. Should our technicians provide you with advice concerning non-Supported Software, the provision of that advice should be viewed as an accommodation, not an obligation, to you.

If we are unable to remediate an issue with non-Supported Software, then you will be required to contact the manufacturer/distributor of the software for further support. Please note: Manufacturers/distributors of such software may charge fees, some of which may be significant, for technical support; therefore, we strongly recommend that you maintain service or support contracts for all non-Supported Software (“Service Contract”). If you request that we facilitate technical support for non-Supported Software and if you have a Service Contract in place, our facilitation services will be provided at no additional cost to you.

In this Services Guide, Covered Hardware and Supported Software will be referred to as the “Environment” or “Covered Equipment.”

Minimum Requirements / Exclusions

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements, all of which must be provided/maintained by Client at all times:

  • Server hardware must be under current warranty coverage.
  • All equipment with Microsoft Windows® operating systems must be running then-currently supported versions of such software and have all the latest Microsoft service packs and critical updates installed.
  • All software must be genuine, licensed, and vendor- or OEM-supported.
  • Server file systems and email systems (if applicable) must be protected by licensed and up-to-date virus protection software.
  • The managed environment must have a currently licensed, vendor-supported server-based backup solution that can be monitored.
  • All wireless data traffic in the managed environment must be securely encrypted.
  • All servers must be connected to working UPS devices.
  • Recovery coverage assumes data integrity of the backups or the data stored on the backup devices. We do not guarantee the integrity of the backups or the data stored on the backup devices. Server restoration will be to the point of the last successful backup.
  • Client must provide all software installation media and key codes in the event of a failure.
  • Any costs required to bring the Environment up to these minimum standards are not included in this Services Guide.
  • Client must provide us with exclusive administrative privileges to the Environment.
  • Client must not affix or install any accessory, addition, upgrade, equipment, or device on to the firewall, server, or NAS appliances (other than electronic data) unless expressly approved in writing by us.

Exclusions. Services that are not expressly described in the Quote will be out of scope and will not be provided to Client unless otherwise agreed, in writing, by ITNS. Without limiting the foregoing, the following services are expressly excluded, and if required to be performed, must be agreed upon by ITNS in writing:

  • Customization of third party applications, or programming of any kind.
  • Support for operating systems, applications, or hardware no longer supported by the manufacturer.
  • Data/voice wiring or cabling services of any kind.
  • Battery backup replacement.
  • Equipment relocation.
  • The cost to bring the managed environment up to these minimum requirements (unless otherwise noted in the Quote).
  • The cost of repairs to hardware or any supported equipment or software, or the costs to acquire parts or equipment, or shipping charges of any kind.

Minimum Requirements / Exclusions

Automated monitoring is provided on an ongoing (i.e., 24x7x365) basis. Response, repair, and/or remediation services (as applicable) will be provided only during our business hours (currently M-F, 8 AM – 5 PM Central Time, excluding legal holidays and ITNS-observed holidays as listed below), unless otherwise specifically stated in the Quote or as otherwise described below. We will respond to problems, errors, or interruptions in the provision of the Services during business hours in the timeframe(s) described below.

Severity levels will be determined by ITNS in our discretion after consulting with the Client. All remediation services will initially be attempted remotely; ITNS will provide onsite service only if remote remediation is ineffective and, under all circumstances, only if covered under the Service plan selected by Client.

Trouble / Severity Response Time

Critical / Service Not Available

(e.g., all users and functions unavailable)

Response within two (2) business hours
after notification.

Significant Degradation

(e.g., large number of users or business
critical functions affected)

Response within four (4) business hours
after notification.

Critical / Service Not Available

(e.g., all users and functions unavailable)

Response within two (2) business hours
after notification.

Limited Degradation

(e.g., limited number of users or functions
affected, business process can continue).

Response within eight (8) business hours
after notification.

Small Service Degradation

(e.g., business process can continue, one user affected).

Response within two (2) business days
after notification.

Long Term Project,
Preventative Maintenance

Response within four (4) business days
after notification.

* All time frames are calculated as of the time that we are notified of the applicable issue / problem by Client through our designated support portal, help desk, or by telephone at the telephone number listed in the Quote. Notifications received in any manner other than described herein may result in a delay in the provision of remediation efforts.

Support During Off-Hours/Non-Business Hours: Technical support provided outside of our normal business hours is offered on a case-by-case basis and is subject to technician availability. If ITNS agrees to provide off-hours/non-business hours support (“Non-Business Hour Support”), then that support will be provided on a time and materials basis (which is not covered under any Service plan), and will be billed to Client at 1.5x our then-current hourly rates.

All services are billed in 60 minute increments, and partial increments are rounded to the next highest increment. A one (1) hour minimum applies to all Non-Business Hour Support.

ITNS-Observed Holidays: ITNS observes the following holidays:

  • New Year’s Day
  • Memorial Day
  • Independence Day
  • Labor Day
  • Thanksgiving Day
  • The day following Thanksgiving Day
  • Christmas Eve
  • Christmas Day
  • New Year’s Eve – Half Day

Service Credits: Our service level target is 90% as measured over a calendar month (“Target Service Level”). If we fail to adhere to the Target Service Level and Client timely brings that failure to our attention in writing (as per the requirements of our Master Services Agreement), then Client will be entitled to receive a pro-rated service credit equal to 1/30 of that calendar month’s recurring service fees (excluding hard costs, licenses, etc.) for each day on which the Target Service Level is missed. Under no circumstances shall credits exceed 30% of the total monthly recurring service fees under an applicable Quote.

Fees

The fees for the Services will be as indicated in the Quote.

Reconciliation. Fees for certain Third Party Services that we facilitate or resell to you may begin to accrue prior to the “go-live” date of other applicable Services. (For example, Microsoft Azure or AWS-related fees begin to accrue on the first date on which we start creating and/or configuring certain hosted portions of the Environment; however, the Services that rely on Microsoft Azure or AWS may not be available to you until a future date). You understand and agree that you will be responsible for the payment of all fees for Third Party Services that are required to begin prior to the “go-live” date of Services, and we reserve the right to reconcile amounts owed for those fees by including those fees on your monthly invoices.

Changes to Environment. Initially, you will be charged the monthly fees indicated in the Quote. Thereafter, if the managed environment changes, or if the number of authorized users accessing the managed environment changes, then you agree that the fees will be automatically and immediately modified to accommodate those changes.

Travel Time. If onsite services are provided, we will travel up to 20 minutes from our office to your location at no charge. Time spent traveling beyond 20 minutes (e.g., locations that are beyond 20 minutes from our office, occasions on which traffic conditions extend our drive time beyond 20 minutes one-way, etc.) will be billed to you at our then current hourly rates. In addition, you will be billed for all tolls, parking fees, and related expenses that we incur if we provide onsite services to you.

Appointment Cancellations. You may cancel or reschedule any appointment with us at no charge by providing us with notice of cancellation at least one business day in advance. If we do not receive timely a notice of cancellation/re-scheduling, or if you are not present at the scheduled time or if we are otherwise denied access to your premises at a pre-scheduled appointment time, then you agree to pay us a cancellation fee equal to two (2) hours of our normal consulting time (or non-business hours consulting time, whichever is appropriate), calculated at our then-current hourly rates.

Access Licensing. One or more of the Services may require us to purchase certain “per seat” or “per device” licenses (often called “Access Licenses”) from one or more Third Party Providers. (Microsoft “New Commerce Experience” licenses as well as Cisco Meraki “per device” licenses are examples of Access Licenses.) Access Licenses cannot be canceled once they are purchased and often cannot be transferred to any other customer. For that reason, you understand and agree that regardless of the reason for termination of the Services, fees for Access Licenses are non-mitigatable and you are required to pay for all applicable Access Licenses in full for the entire term of those licenses. Provided that you have paid for the Access Licenses in full, you will be permitted to use those licenses until they expire.

Term; Termination

The Services will commence, and billing will begin, on the date indicated in the Quote (“Commencement Date”) and will continue through the initial term listed in the Quote (“Initial Term”). We reserve the right to delay the Commencement Date until all onboarding/transition services (if any) are completed, and all deficiencies / revisions identified in the onboarding process (if any) are addressed or remediated to ITNS’s satisfaction.

The Services will continue through the Initial Term until terminated as provided in the Agreement, the Quote, or as indicated in this Service Guide (the “Service Term”).

Per Seat/Per Device Licensing: Regardless of the reason for the termination of the Services, you will be required to pay for all per seat or per device licenses that we acquire on your behalf. Please see “Access Licensing” in the Fees section above for more details.

Removal of Software Agents; Return of Firewall & Backup Appliances: Unless we expressly direct you to do so, you will not remove or disable, or attempt to remove or disable, any software agents that we installed in the managed environment or any of the devices on which we installed software agents. Doing so without our guidance may make it difficult or impracticable to remove the software agents, which could result in network vulnerabilities and/or the continuation of license fees for the software agents for which you will be responsible, and/or the requirement that we remediate the situation at our then-current hourly rates, for which you will also be responsible. Depending on the particular software agent and the costs of removal, we may elect to keep the software agent in the managed environment but in a dormant and/or unused state.

Within ten (10) days after being directed to do so, you must remove, package and ship, at your expense and in a commercially reasonable manner, all hardware, equipment, and accessories leased, loaned, rented, or otherwise provided to you by ITNS “as a service.” If you fail to timely return all such equipment to us, or if the equipment is returned to us damaged (normal wear and tear excepted), then we will have the right to charge you, and you hereby agree to pay, the replacement value of all such unreturned or damaged equipment.

If you're struggling to put together a comprehensive network security plan, our FREE eBook is an excellent guide.