Services Guide | Get IT Right Solutions

Managed Services Guide

Get IT Right Solutions, Inc.

1. INTRODUCTION

This Services Guide describes the standard services, tools, and deliverables (“Services”) offered by Get IT Right Solutions (“Get IT Right”). It is intended to provide clarity regarding what is included, what is optional, and what is excluded unless specifically listed in an applicable Quote or Statement of Work.

This Guide is incorporated by reference into any applicable Quote, Statement of Work, or Service Order (“Service Documents”). In the event of any conflict between this Guide and a Quote, the Quote will control for the specific engagement.

2. INITIAL ASSESSMENT / DIAGNOSTIC SERVICES

Before we take over ongoing support, we typically perform an Initial Assessment of your technology environment to understand its condition, risks, and readiness for managed services.

Depending on your environment and your Quote, this may include:

Inventory and review of servers, workstations, laptops, network gear, and other devices
Review of operating systems, key applications, and configuration baselines
Confirmation of license status and vendor support/warranty coverage where available
Basic security review, including visible vulnerabilities and obvious misconfigurations
Evaluation of your current backup and data-recovery arrangements
Internet connectivity and ISP performance checks
Review of printing, telephony, and other supporting infrastructure
High-level review of email, website hosting, DNS, and related services
Review of your IT support process (how issues are reported, tracked, and escalated)

If we identify material issues—such as unsupported operating systems, failing hardware, or critical security gaps—we will:

Explain how those issues may impact stability, security, or our ability to support you; and
Provide options and recommendations to remediate them.

The Initial Assessment does not include actually fixing those issues unless this is specifically included in your Quote.

No assessment can guarantee that all problems or vulnerabilities will be found. Items that surface after onboarding may require additional projects or Quotes.

3. ONBOARDING SERVICES

Onboarding is the transition phase where we prepare your environment for ongoing management and support. During onboarding, we typically:

Work with your designated contact(s) to gather necessary information such as network documentation, vendor logins, and system credentials.
Remove or disable legacy monitoring or remote-access tools from prior providers when feasible.
Install Get IT Right remote monitoring and management agents on covered servers,
workstations, and other supported devices.
Deploy and configure the antivirus / endpoint protection solutions included in your Quote or Services bundle.
Configure patch management and security update policies.
Remove obsolete or unsafe applications when approved.
Review firewall and core network device configurations for major issues.
Confirm that mission-critical devices have adequate power protection (e.g., UPS) where applicable.
Validate baseline system performance (disk space, CPU, memory, event logs, etc.).
Evaluate existing backup and recovery processes and deploy our backup solution where applicable.
Review password practices and assist with implementing updated policies as needed.
Document key aspects of your environment for ongoing support (IP addressing, server roles, applications, accounts, etc.).
Provide recommendations for improvements that may enhance security, reliability, or performance.

Onboarding timelines vary depending on access, responsiveness, vendor lead times, hardware availability, and the size or complexity of your environment. We will keep you informed of progress throughout the process.plex

4. INCLUDED MANAGED SERVICES

The following services may be included in your managed services package depending on your Quote. This list defines the universe of services that can be assigned to Basic, Standard, or Premium bundles and may also be delivered à la carte.

Unless otherwise noted, recurring services are billed monthly.

4.1 24x7 Monitoring & Alerting

Get IT Right deploys monitoring agents on supported devices and systems to track health, performance, and availability.

24×7 endpoint security monitoring (EDR/MDR) is delivered by third-party security providers.
All other monitoring occurs during business hours unless stated otherwise in your Quote.

Monitoring may include:

System uptime and performance checks
Hardware health alerts (where supported)
Basic network device monitoring
Generation of actionable alerts and ticket creation

Monitoring alone does not guarantee remediation unless it is included in your applicable service tier.

4.2 Patch Management

Automated operating system and application patching for supported devices, including:

Windows OS updates
Supported third-party application updates
Patch testing and phased rollouts
Remediation of failed patches where feasible

Unsupported operating systems or applications are excluded (see Exclusions).

4.3 Endpoint Protection (Antivirus, EDR, MDR)

We deploy and manage modern endpoint security solutions including:

Next-generation antivirus
Endpoint Detection & Response (EDR)
24×7 Managed Detection & Response (MDR) delivered by a third-party SOC
Automated threat containment (where supported)
Incident ticket creation for verified threats

Important: Threat detection and response functions rely on our third-party MDR provider. While these tools significantly reduce risk, no solution guarantees detection or prevention of all threats.

4.4 Email Security & Identity Threat Detection

Includes:

Spam, phishing, and malware filtering
Impersonation protection
Identity-based alerting for Microsoft 365 authentication eventsSelective 24×7 ITDR monitoring (depending on tier and MDR provider)
Optional 8×5 ITDR monitoring for lower-tier plans

Administration of supported tenant security settings is included.

4.5 Backup & Disaster Recovery

Backup services may include:

Endpoint and server backups
Cloud-to-Cloud backup for Microsoft 365 and Google Workspace
Monitoring of backup success/failure
Periodic restore tests (frequency defined in your Quote)

Disaster recovery activities (failover, continuity planning, or full rebuilds) may require additional project-based services.

4.6 Network Management

Support and administration for supported network infrastructure, including:

Firewalls
Wireless access points
VPN configurations
Basic routing and segmentation

Services may include firmware updates, configuration management, and troubleshooting.

ISP or telecommunications issues remain the responsibility of the provider.

4.7 User Support & Helpdesk

Remote support during business hours for:

Workstation troubleshooting
Peripheral and printer issues
Software triage
Basic SaaS and productivity suite support
MFA assistance and password resets

On-site work may incur additional fees unless included in your tier.

4.8 Vendor Management

We may communicate with third-party vendors on your behalf, including ISPs, SaaS application vendors, or cloud providers.

Vendor management is a courtesy service; Get IT Right is not responsible for vendor performance or SLA compliance.

4.9 Microsoft 365 & Google Workspace Administration

Includes:

User lifecycle management (provisioning, changes, removal)
License assignment and troubleshooting
Basic security configuration
Mail flow diagnostics
Group, team, and permission adjustments

Restructuring, cross-tenant migrations, or complex transformations require a separate SOW.

4.10 Mobile Device Management (MDM)

Where deployed, services include:

Enrollment and configuration of supported devices
Application of security policies
Authorized device wipe requests
Basic troubleshooting

Advanced workflows or integrations require project engagement.

4.11 SOC, SIEM, and MDR Services

Where included, these services are provided via third-party platforms and may include:

Log ingestion and correlation
24×7 security event monitoring
Threat detection and triage
Escalation to Get IT Right when necessary

These services operate under the provider’s SLAs and capabilities.

4.12 vCIO Services

Strategic advisory services may include:

Annual or quarterly business/IT reviews
Roadmap and modernization planning
Budget forecasting
High-level risk assessments
Best-practice recommendations

vCIO services do not include legal, compliance, or policy drafting.

4.13 Compliance Support

Get IT Right provides:

Tools supporting CCPA and baseline compliance efforts
Assistance with deployment and configuration of compliance software
Help generating reports from deployed tools

We do not provide legal compliance interpretation, gap assessments, audits, or certification. Regulated organizations must engage appropriate compliance professionals.

4.14 Remote Infrastructure Maintenance & Support

For supported servers, network devices, and cloud systems:

Uptime/performance monitoring
OS/security updates
Basic configuration changes
Vendor coordination for supported devices

Onsite service (if included) is scheduled based on severity and availability.

4.15 Security Information & Event Monitoring (SIEM)

When SIEM services are included in your Quote:

Logs and events are collected, normalized, and analyzed from designated sources (servers, firewalls, cloud platforms, etc.)
Threat intelligence and correlation rules detect potentially malicious patterns
A baseline period (typically ~30 days) establishes normal behavior
Analysts review qualifying events and provide escalation notifications as needed

SIEM identifies suspicious activity but does not perform remediation. Remediation actions occur through MDR services or separate project work.

4.16 Multi-Factor Authentication (MFA)

MFA services include:

Selection and deployment of MFA platforms compatible with your environment
Configuration of MFA policies (user requirements, authentication methods, conditional access rules)
User onboarding support for MFA enrollment
Assistance diagnosing MFA-related access issues

You are responsible for enforcing MFA compliance within your organization and preventing circumvention of MFA policies.

4.17 Vulnerability Scanning

Where included, vulnerability scanning services may provide:

External scans of public-facing systems
Internal scans of supported networked devices
Reporting of identified vulnerabilities
Recommendations for remediation or project-based remediation proposals

Scans identify issues at a point in time; they cannot guarantee complete detection of all securityvulnerabilities.

4.18 Voice Over IP (VoIP) Services

If your Quote includes VoIP services:

You receive a cloud-based phone system with features such as call routing, voicemail, conferencing, and mobile/softphone options
Administrative portals allow configuration of extensions and call-handling rules
E911 services are provided subject to VoIP provider limitations

You must maintain accurate address registration for each phone number used for emergency calls.

VoIP may not function during power outages, internet disruption, or certain equipment failures.

5. PROFESSIONAL SERVICES & BLOCK HOURS

If you purchase professional services—such as project work, consulting, migrations, or a block of hours—those services are delivered as requested and approved by you.

Professional Services include:

Advanced troubleshooting
Network/server configuration
Cloud migrations or restructuring
Security hardening
Implementation of new systems or platforms

Scope confirmation:

For each engagement, we will confirm scope and objectives via email, SOW, or invoice description.
Time spent is deducted from the available block and documented on invoices or time sheets.

Scheduling & Availability:

Work is typically performed during standard business hours.
After-hours work may be available at elevated rates and based on technician availability.

Quality Review Window:

Any concerns about deliverables must be raised within 10 days of completion; afterward, further work is treated as new billable effort.

6. Hardware-as-a-Service (HaaS)

Where your Quote includes Hardware-as-a-Service, Get IT Right provides designated hardware—such as firewalls, switches, backup appliances, or endpoint protection devices—on a subscription basis.

Operational responsibilities:

Get IT Right maintains and replaces HaaS hardware that fails under normal use.
Devices are monitored and updated in accordance with applicable service tiers.
At the end of the service term, devices must be returned in good working condition (normal wear and tear acceptable).

Loss, theft, or non-returned devices:

Replacement fees may apply according to your MSA or Quote.

7. Policies & Procedures Applicable to Services

7.1 Software Licensing (Operational Use)

To support or deploy software in your environment, the following operational requirements apply:

All software must be legally licensed.
You must maintain proof of ownership for software you provide.
We may accept license terms or EULAs on your behalf when performing installations.

7.2 Covered Environment Standards

Our services apply to the systems, users, devices, and locations identified as part of your Covered Environment.

Operational expectations:

Adding or removing users/devices may adjust service needs or configuration steps.
Personal/BYOD devices receive best-effort assistance unless explicitly included.
Non-standard or unsupported systems may require additional vendor contracts or project-based work.

7.3 On-Site Service

Services are delivered remotely unless on-site work is necessary or included in your plan.

7.4 Evolving Technologies

We may recommend newer alternatives that provide equal or improved function.

7.5 Minimum Requirements for Support

Your environment must meet baseline support standards such as:

Supported hardware and operating systems
Functional endpoint protection and backup
Proper wireless and power protection

7.6 Service Exclusions

Unless your Quote explicitly states otherwise, the following are not included in standard managed services:

Custom software development or scripting beyond light automation
Support for hardware or software no longer supported by its manufacturer
Low-voltage cabling or physical construction work
Battery replacements for UPS or laptop batteries
Office moves or equipment relocation beyond basic tasks
Hardware purchases and replacement parts
Recovery from disasters or security incidents beyond the scope of standard services

These items can often be addressed via separate projects or Quotes.

8. Service Levels & Support Hours

We provide automated monitoring 24×7. Actual remediation and support are delivered during our business hours unless otherwise agreed.

8.1 Severity Levels & Target Response Times

These are targets, not guarantees, but we strive to meet or exceed them consistently.

8.2 After-Hours Support

After-hours or holiday support, where available:

Is typically billed at higher hourly rates according to our Standard Hourly Rate sheet
May require scheduled maintenance windows
Is subject to technician availability

9. Termination & Offboarding

When services end, Get IT Right will:

Remove management agents
Reset or remove credentials
Disable or transfer cloud services
Provide limited transition assistance
Collect loaned or HaaS equipment

10. Additional Policies

10.1 Security Tools & Incident Recovery

Our tools reduce risk but cannot guarantee complete protection.

If a security incident occurs:

We will assist with investigation and containment within the scope of your service tier.
Broader forensics, regulatory notifications, or enterprise-level IR require separate projects.

10.2 Environmental Factors

Performance and reliability of equipment can be negatively affected by heat, cold, moisture, dust,

inadequate power, or poor physical security. We are not responsible for issues caused by

environmental conditions outside reasonable operating ranges.

10.3 Fair Use of “Unlimited” Services

If any service is described as “unlimited” (for example, unlimited helpdesk), this means there is no fixed hourly cap under normal, reasonable use.

It does not mean:

Unlimited use for training, non-essential work, or misuse of urgent priority levels
Unlimited support for systems outside the Covered Environment

If usage is excessive or abusive compared to typical clients, we may require adjustments to the scope or pricing.

10.4 Hosted Email & Acceptable Use

If we manage your hosted email:

You must follow all applicable acceptable use policies.
You may not use email services to send unlawful content or spam.
We may suspend email services if we detect activities that threaten the security, stability, or reputation of the service.

10.5 Backup & BDR Disclaimers

Backup and recovery reliability depends on many external factors. While we design solutions to minimize risk:

Zero-loss outcomes cannot be guaranteed
Recovery time and success vary based on circumstances

Operational guidance only—legal disclaimers remain in the MSA.

10.6 Procurement

When we procure hardware or software for you:

We pass through manufacturer warranties whenever possible.
Delivery times and availability are governed by vendors and logistics providers, not by us.
Certain items may be non-refundable or subject to restocking fees.

We are not a warranty repair center, but we can help coordinate RMA or warranty claims as a billable service where needed.

10.7 Business Review / Strategic Planning

We strongly recommend periodic IT business review meetings to:

Review service reports and ticket trends
Discuss security, compliance, and risk posture
Adjust roadmaps and budgets based on your business goals

These meetings help align technology decisions with your objectives and reduce surprises.

10.8 Sample Policies & Templates

From time to time, we may share sample policies or templates (for example, acceptable use policies, incident-response plans, or onboarding checklists). These are examples only and are not legal advice. You should have your own legal counsel review and adapt them for your organization.

10.9 Penetration Testing & Vulnerability Scanning

You are responsible for notifying third-party monitoring services, building security, and any other relevant parties before sanctioned testing begins so that alarms are not mistaken for real attacks.

We are not liable for reactions by third parties (e.g., law enforcement, monitoring centers) to properly scoped and authorized tests.

10.10 No Unauthorized Third-Party Scanning

Please do not authorize outside parties to perform penetration tests or security scans on systems we manage without prior written notice. Uncoordinated testing can create service disruptions and false positives and may not give you accurate results. Remediation of issues caused by unauthorized tests may be billable.

10.11 Obsolescence

10.12 Licensing Proof

If we need to reinstall or replicate software you own, we may require proof of licensing before proceeding. The cost of additional or replacement licenses is your responsibility.

10.13 VoIP – 911 / E911 Limitations

This Services Guide explains how Get IT Right delivers and manages technical services. It works together with—and is subordinate to—your Master Services Agreement and applicable Quotes or Statements of Work.