Schedule A — Managed IT & Help Desk
Scope
Remote/on‑site support for end‑user devices, servers, and networking equipment.
Monitoring, patch management, endpoint protection, email support, ticketing.
Standard maintenance windows; after‑hours onsite billed at published rates.
Service Levels (SLA)
Critical: Response ≤ 1 hour; High: ≤ 2 hours; Medium/Low: ≤ 1 business day.
Coverage: 8am–6pm local time, Mon–Fri (after‑hours available at premium rates).
Exclusions: third‑party outages, unsupported legacy OS/hardware, Client‑caused issues.
Responsibilities
Net‑Tech: operate help desk, proactive maintenance, monitoring, vendor coordination.
Client: provide access, maintain licensing, follow security guidance, appoint an Authorized Contact.
Fees & Commitments
Monthly fee per user/device (see Order Form).
Optional Commitment: Minimum billable seats and/or quarterly seat audit may apply if specified on the Order Form.
Microsoft NCE: Where M365 or other NCE subscriptions are procured by Net‑Tech, Client remains responsible for the full NCE term per vendor policy, even if services terminate early.
Exclusions
Line‑of‑Business application support beyond connectivity/troubleshooting.
Projects/migrations (handled under Schedule F or separate SOW).
User training beyond quick‑help guidance.
Minimum Compliance Standards
Client must meet and maintain Net‑Tech’s Minimum Compliance Standards (business‑class AV, supported OS, business firewall/Wi‑Fi, backups, etc.). Net‑Tech will provide notice for material updates.
Schedule B — Backup & Disaster Recovery
Scope
Managed backups (local/cloud), restore assistance, DR planning, periodic test restores.
Definition of protected systems, retention, and locations (see Order Form).
RPO/RTO Targets
Targets defined by system tier; documented during onboarding.
Responsibilities
Net‑Tech: configure/monitor backups, report failures, assist recovery.
Client: confirm scope, retention, and test cadence; ensure adequate bandwidth/storage.
Fees
Monthly based on protected data, retention, and offsite copies.
Exclusions
Unapproved/unsupported backup platforms; external data recovery labs.
Schedule C — Cybersecurity Services
Scope
Endpoint protection, EDR, firewall/email security management, vulnerability scanning, zero‑trust controls (e.g., application allow‑listing).
Service Levels
24×7 monitoring; critical incident triage within 1 hour; remediation per playbooks.
Responsibilities
Net‑Tech: deploy/manage tools, tune policies, report material events.
Client: enforce MFA, password policy, user awareness, device ownership/patching for BYOD as applicable.
Fees & Notes
Monthly based on users/devices/modules.
Incident Response billed separately unless included in a bundled plan.
Exclusions
Breach forensics, eDiscovery, counsel — available under separate engagement.
Schedule D — Virtual Risk & Compliance (vRC)
Scope
Risk assessments, gap analyses, 90‑day roadmaps, policy creation/updates.
Alignment to frameworks (e.g., FTC Safeguards, HIPAA, GLBA, PCI‑DSS) as applicable.
Compliance tracker and executive reporting.
Service Levels
Initial roadmap within 30 days of onboarding; quarterly updates thereafter (or as agreed).
Responsibilities
Net‑Tech: advisory deliverables, templated policies, recommendations.
Client: provide documentation, participate in workshops, implement controls.
Fees & Notes
Monthly retainer per tier (Essentials / Advanced / Comprehensive).
Advisory only — not legal advice.
Schedule E — Virtual CISO (vCISO)
Scope
Security strategy & governance, board‑level reporting, program metrics/KPIs.
Vendor risk oversight, cyber‑insurance readiness, incident oversight.
Service Levels
Quarterly leadership presentations; on‑demand advisory within 1 business day; incident oversight within 1 hour of notice.
Responsibilities
Net‑Tech: CISO‑level leadership, roadmap ownership, reporting.
Client: executive sponsorship and stakeholder access to enable decisions.
Fees & Notes
Monthly retainer; project fees for major initiatives (e.g., SOC 2 prep).
Advisory only — not legal advice.
Schedule F — Project‑Based Professional Services
Scope
Projects (migrations, cloud enablement, hardening), delivered under a Statement of Work (SOW).
SLAs & Change Control
Project SLAs defined in the SOW. Changes require a written change order.
Fees
Fixed fee, milestone‑based, or time‑and‑materials, as specified in the SOW.
Acceptance
Acceptance criteria defined in the SOW; deemed acceptance may apply after defined cure periods.