SG2024 | BITS Midwest Inc

Services Guide

This Services Guide contains provisions that define, clarify, and govern the services described in the quote that has been provided to you (the “Quote”). If you do not agree with the terms of this Services Guide, you should not sign the Quote and you must contact us for more information.

This Services Guide is our “owner’s manual” that generally describes all managed services provided or facilitated by BITS Midwest, Inc. (“BITS Midwest,” “we,” “us,” or “our”); however, only those services specifically described in the Quote will be facilitated and/or provided to you (collectively, the “Services”).

Activities or items that are not specifically described in the Quote will be out of scope and will not be included unless otherwise agreed to by us in writing.

This Services Guide contains important provisions pertaining to the auto-renewal of the Services in the Quote, as well as fee increases that may occur from time-to-time. Please read this Services Guide carefully and keep a copy for your records.

Initial Assessments

If an Initial Assessment or Diagnostic Services are listed in the Quote, then we will assess your managed information technology environment (the “Environment”) to determine the readiness for, and compatibility with, ongoing managed services. Our initial assessment services are comprised of:

Audit to determine general Environment readiness and functional capability
Review of hardware and software configurations
Review of current vendor service / warranty agreements for Environment hardware and software
Basic security vulnerability check
Basic backup and file recovery solution audit
ISP suitability audit
Print output audit
Office telephone vendor service audit
Asset inventory
Email and website hosting audit
IT support process audit
Onboarding and offboarding procedure assessment

If deficiencies are discovered during the auditing process (such as outdated equipment or unlicensed software), we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of the Services and provide you with options to correct the deficiencies. Please note, unless otherwise expressly agreed by us in writing, auditing services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the auditing process. Issues that are discovered in the Environment after the auditing process is completed may be addressed in one or more subsequent quotes.

Onboarding Services

If onboarding services are listed in the Quote, then one or more of the following services will be provided to you.

Uninstall any monitoring tools or other software installed by previous IT service providers.
Compile a full inventory of all protected servers, workstations, and laptops.
Uninstall any previous endpoint protection and install our managed security solutions (as indicated in the Quote).
Install remote support access agents (i.e., software agents) on each managed device to enable remote support.
Configure Windows® and application patch management agent(s) and check for missing security updates.
Uninstall unsafe applications or applications that are no longer necessary.
Optimize device performance including disk cleanup and endpoint protection scans.
Review firewall configuration and other network infrastructure devices.
Review status of battery backup protection on all mission critical devices.
Stabilize network and assure that all devices can securely access the file server.
Review and document current server configuration and status.
Determine existing business continuity strategy and status; prepare backup file recovery and incident response option for consideration.
Review password policies and update user and device passwords.
As applicable, make recommendations for changes that should be considered to the managed environment.

This list is subject to change if we determine, in our discretion, that different or additional onboarding activities are required.
If deficiencies are discovered during the onboarding process, we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of our monthly managed services. Please note, unless otherwise expressly stated in the Quote, onboarding-related services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the onboarding process.
The duration of the onboarding process depends on many factors, many of which may be outside of our control—such as product availability/shortages, required third party vendor input, etc. As such, we can estimate, but cannot guarantee, the timing and duration of the onboarding process. We will keep you updated as the onboarding process progresses.

Ongoing / Recurring Services

Ongoing/recurring services are services that are provided to you on an ongoing basis and, unless otherwise indicated in a Quote, are billed to you monthly. Some ongoing/recurring services will begin with the commencement of onboarding services; others will begin when the onboarding process is completed. Please direct any questions about start or “go live” dates to your technician.

Managed Services

The following Services, if listed in the Quote, will be provided to you.

Managed User – MS00100

Our Managed User offering is designed to support your workforce enabling maximum productivity through their technology. We offer level 1,2, and 3 support for technical difficulties they encounter.

Proactive Inclusions

Quarterly Reporting and Planning
Reactive Inclusions
Level 1/2/3 Support
Root Cause Analysis

Exclusions

Supporting use cases outside of designed standards or norms is excluded
Training on system or software use.

Notes

Service Hours: Standard Business Hours with Excluded Holidays
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Workstation – MS00110

The Managed Workstation offering is designed to support physical workstations in the infrastructure; Offering support, administration, maintenance, and software-level repair of the units. We maintain patch compliance, third party software, and maximize operating condition. Our remote monitoring and maintenance software provides operating condition status reports to us, as well as proactively alerts us to system malfunction for proactive remediation.

Proactive Inclusions

Managed Patching

Weekly Windows patches
Common third-party software patches

Supported third party software list available by request

Device Replacement Services*

*When device is managed by Intune
*Limit Once Per Station Per 3 years

Spare system management
Yearly device lifecycle planning
Quarterly Reporting

Reactive Inclusions

Level 1/2/3 Support
OS Repairs
Hardware diagnosis
Root Cause Analysis
Limited manufacturer warranty support

Notes

End of Life Operating Systems are not supported. E.g. Windows 7
Support of workstations beyond 6 years old is best effort only
Supporting use cases outside of designed standards or norms is excluded
Manufacturer warranty support is limited to 1 hour per device per year.
Service Hours: Standard Business Hours for P2-P4 with Excluded Holidays, Extended Hours P1 Support
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Windows Server – MS00120

The Managed Windows Server offering is designed to support physical or virtual expressions of servers running Microsoft Windows Server in the infrastructure; Offering support, administration, maintenance, and software-level repair of the units. We maintain patch compliance, third party software, and maximize operating condition. Our remote monitoring and maintenance software provides operating condition status reports to us, as well as proactively alerts us to system malfunction for proactive remediation.

Proactive Inclusions

Managed Patching

Monthly Windows patches

Yearly server lifecycle planning
Quarterly Reporting

Reactive Inclusions

Level 1/2/3 Support

OS Repairs
Hardware diagnosis

Root Cause Analysis
Limited manufacturer warranty support

Notes

End of Life Operating Systems are not supported. E.g. Windows Server 2008
Support of servers beyond 6 years old is best effort only
Supporting use cases outside of designed standards or norms is excluded
Manufacturer warranty support is limited to 1 hour per device per year.
Service Hours: Standard Business Hours with Excluded Holidays
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Virtual Infrastructure – MS00150

The Managed Virtual Infrastructure Offering is designed to support administration, maintenance, and support of common virtualization platforms. Supported platforms are VMWare vSphere, Proxmox, XCP-NG, and Microsoft Hyper-V

Proactive Inclusions

Semi-Annual Firmware/OS Patching for supported platforms
Zero Day vulnerablility response
System uptime and status monitoring
Resource monitoring
Quarterly reporting

Reactive Inclusions

Level 1/2/3 Support
System Administration
Root Cause Analysis
Limited vendor support

Notes

End of Live platforms and OS versions are not supported
Service Hours: Standard Business Hours with Excluded Holidays
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed LAN – MS00200

The Managed LAN product provides administration, maintenance, and repair of local area network equipment. Switches, Access Points, and Media Converters.

Proactive Inclusions

Quarterly firmware management of networking equipment
Zero-Day vulnerablility support
VLAN and Port management
Wireless Network configuration and administration
Yearly lifecycle planning
Network Diagram and Documentation Maintenance

Reactive Inclusions

Level 1/2/3 support of switches, access points, and media converters
Wifi changes
Port and VLAN changes

Included Equipment

BITS Management Device (BMD)

Provided monitoring services and device access

Notes

Repair of cabling beyond simple re-termination of Cat-5e,Cat-6, and Cat-6a connectors and jacks is excluded
Firmware versions are chosen installed at BITS Midwest’s discretion.
Accepted manufacturers: Ubiquiti, Meraki, TP-Link Omada, HP/Aruba
Licensing costs are not included
Architectural changes to network or edge structure are excluded from service and will be handled by project
Service Hours: Standard Business Hours with Excluded Holidays
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Edge – MS00250

The Managed Edge Service provides administration, maintenance, and repair of firewalls, SD-Wan, and VPN devices both physical and virtual.

Proactive Inclusions

Edge Connectivity Documentation Management
Quarterly Firmware Updates for approved firmwares
Zero-Day rush response for CVE-7+ vulnerabilities

Reactive Inclusions

ISP Uptime Monitoring
VPN Monitoring
QOS Management
Rule and Route Management
Content Filtering Management (Maximum of 2 Tiers)
IDS/IDP Management
Tier 1/2/3 Support
Root Cause Analysis
Hardware Replacement

Notes

Accepted Manufacturers: Ubiquiti, Meraki, Sophos, pfSense, OPNSense, FortiNet, and Palo Alto
Manufacturer warranty support limited to 1 hour per device per year
Architectural changes to network or edge structure are excluded from service and will be handled by project
Service Hours: Standard Business Hours for P2-P4 with Excluded Holidays, Extended Hours P1 Support
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Microsoft 365 Essentials – MS00500

The Managed Microsoft 365 Essentials offering is designed to provide support, administration, and repair of the most highly utilized areas of Microsoft 365: General administration, Entra ID, Exchange Online, and Microsoft Teams.

Proactive Inclusions

Entra ID management
Exchange Online management
Microsoft Teams management
Yearly Microsoft 365 Assessment
Quarterly Reporting
Microsoft 365 System Documentation

Reactive Inclusions

Level 1/2/3 support

General Microsoft 365 Administration
Entra ID support
Conditional Access and MFA Administration
Exchange Online Administration
Microsoft Teams Administration

Notes

Administration of other areas within Microsoft 365 are excluded
Changes to the current Microsoft 365 architecture are excluded and will be handed by separate project(s)
Service Hours: Standard Business Hours for P2-P4 with Excluded Holidays, Extended Hours P1 Support
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Microsoft 365 Security Basic – MS00510

The Managed Microsoft 365 Security Basic offering offers administration, maintenance, and repair of the Defender for Endpoint and Defender for 365 services within Microsoft 365.

Proactive Inclusions

Defender for 365 Email Security Management

Anti-Spam/Anti-Phishing management
Safe-Links policy management
Safe-Attachments policy management
Quarantine policy management
Mailflow Rule management

Defender for Endpoint Anti-Virus and EDR Management

Deployment monitoring
Status monitoring
Policy management and updates

Quarterly Reporting
Quarterly Security Status Meeting
Zero-Day Support

Reactive Inclusions

Level 1/2/3 Support
Whitelist/blacklist management
False positive support
Incident response

Included Applications and Licensing

Keeper Password Manager

Notes

Remediation and recovery from cyber-attacks beyond removal of the intruding software or party.
Service Hours: Standard Business Hours for P2-P4 with Excluded Holidays, Extended Hours P1 Support
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed SharePoint Online – MS00520

The Managed SharePoint Online offering is designed to provide support, administration, and repair of Microsoft SharePoint Online Sites

Proactive Inclusions

Architecture Management
Quarterly Reporting
Maintain SharePoint Documentation

Reactive Inclusions

Level 1/2/3 support

General SharePoint Administration
System and user Troubleshooting
Root Cause Analysis

Notes

Administration of other areas within Microsoft 365 are excluded
Changes to the current Microsoft 365 architecture are excluded and will be handed by separate project(s)
Architectural Changes beyond simple new Site expressions are excluded from this service and billable as a separate project
Service Hours: Standard Business Hours with Excluded Holidays
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Microsoft 365 Backups by DropSuite – MS00599

MSN00599 (Non-Profit)

Our Managed Microsoft 365 Backups leverage the DropSuite Microsoft 365 backup system. DropSuite backup Licensing is included in the pricing of this service.

Proactive Inclusions

System Administration
Backup of Mailboxes, Contacts, Calendars, OneDrives, and SharePoint Sites.
Semi-Annual restore testing
Monthly Reporting
Backup Error Remediation

Reactive Inclusions

Data restoration assistance
Level 1/2/3 support

Included Applications and Licensing

DropSuite Microsoft 365 Backup License

Notes

Mass restoration due to cyber-attack is limited to 2 hours per year. Additional time will be billed at our current hourly rates
Service Hours: Standard Business Hours with Excluded Holidays
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Google Workspace Essentials – MS00600

The Managed Google Workspace Essentials offering is designed to provide support, administration, and repair of the most highly utilized areas of Google Workspace: General administration, Identity, Gmail, and Google Drive.

Proactive Inclusions

IAM (Identity and Access Management) management
Gmail management
Google Drive management
Yearly Google Workspace Assessment
Quarterly Reporting

Reactive Inclusions

Level 1/2/3 support
General Google Workspace Administration
IAM (Identity and Access Managment) support
Context Aware Access and MFA Administration
Gmail Administration
Google Drive Administration

Notes

Administration of other areas within Google Workspace are excluded
Heavy changes to the current Google Workspace architecture are excluded and will be handed by separate project(s)
Service Hours: Standard Business Hours for P2-P4 with Excluded Holidays, Extended Hours P1 Support
Request Method: Requests by call to our support desk, or email to support@bitsmw.com

Managed Google Workspace Backups by DropSuite – MS00699

MSN00699 (Non-Profit)

Our Managed Google Workspace leverage the DropSuite Google Workspace backup system. DropSuite backup Licensing is included in the pricing of this service.

Proactive Inclusions

System Administration
Backup of Mailboxes, Contacts, Calendars, OneDrives, and SharePoint Sites.
Semi-Annual restore testing
Monthly Reporting
Backup Error Remediation

Reactive Inclusions

Data restoration assistance
Level 1/2/3 support
Included Applications and Licensing
DropSuite Microsoft 365 Backup License

Blocks of Hours / Allocated Consulting Hours

If you purchase one or more blocks of technical support or consulting hours from BITS Midwest, then we will provide our professional information technology consulting services to you from time to time on an ongoing, “on demand” basis (“Services”).

The specific scope, timing, term, and pricing of the Services (collectively, “Specifications”) will be determined between you and us at the time that you request the Services from us.

You and we may finalize the Specifications (i) by exchanging emails confirming the relevant terms, or (ii) by you agreeing to an invoice, purchase order, or similar document we send to you that describes the Specifications (an “Invoice”), or in some cases, (iii) by us performing the Services or delivering the applicable deliverables in conformity with the Specifications.

If we provide you with an email or an Invoice that contains details or terms for the Services that are different than the terms of the Quote, then the terms of the email or Invoice (as applicable) will control for those Services only.

A Service will be deemed completed upon our final delivery of the applicable portions of Specifications unless a different completion milestone is expressly agreed upon in the Specifications (“Service Completion”). (For example, sales of hardware will be deemed completed when the hardware is delivered to you; licensing will be completed when the licenses are provided to you, etc.) Any defects or deviations from the Specifications must be pointed out to us, in writing, within ten (10) days after the date of Service Completion. After that time, any issues or remedial activities related to the Services will be billed to you at our then-current hourly rates.

Unless we agree otherwise in writing, Services will be provided only during our normal business hours. Services provided outside of our normal business hours are subject to increased fees and technician availability and require your and our mutual consent to implement.

The priority given to implementing the Services will be determined our reasonable discretion, considering any milestones or deadlines expressly agreed upon in an invoice or email from BITS Midwest. If no specific milestone or deadline is agreed upon, then the Services will be performed in accordance with your needs, the specific requirements of the job(s), and technician availability.

End User Security Awareness Training – TR00100

Online, on-demand training videos (multi-lingual).
Online, on-demand quizzes to verify employee retention of training content.
Baseline testing to assess the phish-prone percentage of users; simulated phishing email campaigns designed to educate employees about security threats.

Please see Anti-Virus; Anti-Malware and Breach / Cyber Security Incident Recovery sections below for important details.

Software Licensing

(applies to all software licensed by or through BITS Midwest)

All software provided to you by or through BITS Midwest is licensed, not sold, to you (“Software”). In addition to any Software-related requirements described in BITS Midwest’s Master Services Agreement, Software may also be subject to end user license agreements (EULAs), acceptable use policies (AUPs), and other restrictions all of which must be strictly followed by you and any of your authorized users.

When installing/implementing software licenses in the managed environment or as part of the Services, we may accept (and you agree that we may accept) any required EULAs or AUPs on your behalf. You should assume that all Software has an applicable EULA and/or AUP to which your authorized users and you must adhere. If you have any questions or require a copy of the EULA or AUP, please contact us.

Virtual Chief Information Officer (vCIO) – PS00100

The VCIO product provides a fractional resource to act as the main point of contact for certain business-related IT issues and concerns.

Assist in creation of information/data-related plans and budgets.
Provide strategic guidance and consultation across different technologies.
Create company-specific best standards and practices.
Provide education and recommendations for business technologies.
Participate in scheduled meetings to maintain goals.
Maintain technology documentation.
Assess and make recommendations for improving technology usage and services.

Covered Equipment / Hardware / Software

Managed Services will be applied to the devices on which we install software monitoring agents (“Covered Hardware”). You will be provided with an updated list of Covered Hardware once all software agents have been installed. The list of Covered Hardware may be modified by mutual consent (email is sufficient for this purpose); however, we reserve the right to modify the list of Covered Hardware at any time if we discover devices that were not previously included in the list of Covered Hardware and which are receiving Services. We will provide technical support for Covered Devices; however, all Covered Devices must be covered, at all times and at your cost, under a then-current manufacturer’s service plan

We will provide support for any software applications that are licensed through us. Such software (“Supported Software”) will be supported on a “best efforts” only and any support required beyond Level 2-type support will be facilitated with the applicable software vendor/producer. Coverage for non-Supported Software is outside of the scope of the Quote and will be provided to you on a “best-efforts” basis and a time and materials basis with no guarantee of remediation. Should our technicians provide you with advice concerning non-Supported Software, the provision of that advice should be viewed as an accommodation, not an obligation, to you.

If we are unable to remediate an issue with non-Supported Software, then you will be required to contact the manufacturer/distributor of the software for further support. Please note: Manufacturers/distributors of such software may charge fees, some of which may be significant, for technical support; therefore, we strongly recommend that you maintain service or support contracts for all non-Supported Software (“Service Contract”). If you request that we facilitate technical support for non-Supported Software, then if you have a Service Contract in place, our facilitation services will be provided at no additional cost to you.

Should our technicians provide you with general advice concerning non-Supported Software, the provision of that advice should be viewed as an accommodation to you, and not as a continuing obligation or guarantee by BITS Midwest to continue to provide such support or advice to you.

In this Services Guide, Covered Hardware and Supported Software will be referred to as the “Environment” or “Covered Equipment.”

Physical Locations Covered by Services

Services will be provided remotely unless, in our discretion, we determine that an onsite visit is required. BITS Midwest visits will be scheduled in accordance with the priority assigned to the issue (below) and are subject to technician availability. Unless we agree otherwise, all onsite Services will be provided at Client’s primary business location. Additional fees may apply for onsite visits: Please review the Service Level section below for more details.

Term; Termination

The Services will commence, and billing will begin, on the date indicated in the Quote (“Commencement Date”) and will continue through the initial term listed in the Quote (“Initial Term”). We reserve the right to delay the Commencement Date until all onboarding/transition services (if any) are completed, and all deficiencies / revisions identified in the onboarding process (if any) are addressed or remediated to BITS Midwest’s satisfaction.

The Services will continue through the Initial Term until terminated as provided in the Agreement, the Quote, or as indicated in this section (the “Service Term”).

Auto-Renewal. Unless otherwise expressly stated in the Quote, the term of any managed Service that is provided to you on an ongoing and recurring basis and which is invoiced monthly (a “Managed Service”) will, unless terminated earlier as per the MSA, automatically renew for contiguous terms equal to the initial term of the Managed Service unless either party notifies the other of its intention to not renew the Managed Service no less than thirty (30) days before the end of the then-current Managed Service term. For the purposes of clarity, the term of non-Managed Services (such as one-time projects, break/fix assignments, temporary, non-recurring services, etc.) are not subject to auto-renewal.

Per Seat Licensing: Regardless of the reason for the termination of the Services, you will be required to pay for all per seat licenses (such as, if applicable, Microsoft NCE licenses) that we acquire on your behalf. Please see “Per Seat License Fees” in the Fees section below for more details.

Removal of Software Agents; Return of Firewall & Backup Appliances: Unless we expressly direct you to do so, you will not remove or disable, or attempt to remove or disable, any software agents that we installed in the managed environment or any of the devices on which we installed software agents. Doing so without our guidance may make it difficult or impracticable to remove the software agents, which could result in network vulnerabilities and/or the continuation of license fees for the software agents for which you will be responsible, and/or the requirement that we remediate the situation at our then-current hourly rates, for which you will also be responsible. Depending on the particular software agent and the costs of removal, we may elect to keep the software agent in the managed environment but in a dormant and/or unused state.

Within ten (10) days after being directed to do so, Client will remove, package and ship, at Client’s expense and in a commercially reasonable manner, all hardware, equipment, and accessories provided to Client by BITS Midwest that were used in the provision of the Services. If you fail to timely return all equipment to us, or if the equipment is returned to us damaged (normal wear and tear excepted), then we will have the right to charge you, and you hereby agree to pay, the replacement value of all such unreturned or damaged equipment.

Minimum Requirements / Exclusions

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements:

Server hardware must be under current warranty coverage.
All equipment with Microsoft Windows® operating systems must be running then-currently supported versions of such software and have all of the latest Microsoft service packs and critical updates installed.
All software must be genuine, licensed, and vendor-supported.
Server file systems and email systems (if applicable) must be protected by licensed and up-to-date virus protection software.
If a physical server exists, the managed environment must have a currently licensed, vendor-supported server-based backup solution that can be monitored.
All wireless data traffic in the managed environment must be securely encrypted.
All servers must be connected to working UPS devices.
Recovery coverage assumes data integrity of the backups or the data stored on the backup devices. We do not guarantee the integrity of the backups or the data stored on the backup devices. Server restoration will be to the point of the last successful backup.
Client must provide all software installation media and key codes in the event of a failure.
Any costs required to bring the Environment up to these minimum standards are not included in this Services Guide.
Client must provide us with exclusive administrative privileges to the Environment.
Client must not affix or install any accessory, addition, upgrade, equipment, or device on to the firewall, server, or NAS appliances (other than electronic data) unless expressly approved in writing by us.

Exclusions. Services that are not expressly described in the Quote will be out of scope and will not be provided to Client unless otherwise agreed, in writing, by BITS Midwest. Without limiting the foregoing, the following services are expressly excluded, and if required to be performed, must be agreed upon by BITS Midwest in writing:

Customization of third party applications, or programming of any kind.
Support for operating systems, applications, or hardware no longer supported by the manufacturer.
Support for Mac OS devices of any kind, including but not limited to iMacs, Mac Minis, and MacBooks.
Data/voice wiring or cabling services of any kind.
Battery backup replacement.
Equipment relocation.
The cost to bring the managed environment up to these minimum requirements (unless otherwise noted in the Quote).
The cost of repairs to hardware or any supported equipment or software, or the costs to acquire parts or equipment, or shipping charges of any kind.

Service Levels

Automated monitoring is provided on an ongoing (i.e., 24x7x365) basis. Response, repair, and/or remediation services (as applicable) will be provided only during our published business hours excluding legal holidays and BITS Midwest-observed holidays as listed below), unless otherwise specifically stated in the Quote or as otherwise described below.

We will respond to problems, errors, or interruptions in the provision of the Services during business hours in the timeframe(s) described below. Severity levels will be determined by BITS Midwest in our discretion after consulting with the Client. All remediation services will initially be attempted remotely; BITS Midwest will provide onsite service only if remote remediation is ineffective and, under all circumstances, only if covered under the Service plan selected by Client.

Priority	Trouble / Severity	Response Time
1	Critical / Service Not Available (e.g., all users and functions unavailable)	Response within two (2) business hours after notification.
2	Significant Degradation (e.g., large number of users or business critical functions affected)	Response within four (4) business hours after notification.
3	Limited Degradation (e.g., limited number of users or functions affected, business process can continue)	Response within eight (8) business hours after notification.
4	Small Service Degradation (e.g., business process can continue, one user affected)	Response within two (2) business days after notification.
5	Long Term Project, Preventative Maintenance	Response within four (4) business days after notification.

* All time frames are calculated as of the time that we are notified of the applicable issue / problem by Client through our designated support portal, help desk, or by telephone at the telephone number listed in the Quote. Notifications received in any manner other than described herein may result in a delay in the provision of remediation efforts.

Support During Off-Hours/Non-Business Hours. Technical support provided outside of our normal business hours is offered on a case-by-case basis and is subject to technician availability. If BITS Midwest agrees to provide off-hours/non-business hours support (“Non-Business Hour Support”), then that support will be provided on a time and materials basis (which is not covered under any Service plan), and will be billed at our currently published hourly rates.

Service Credits. Our service level target is 90% as measured over a calendar month (“Target Service Level”). If we fail to adhere to the Target Service Level and Client timely brings that failure to our attention in writing (as per the requirements of the MSA), then Client will be entitled to receive a pro-rated service credit equal to 1/30 of that calendar month’s recurring service fees (excluding hard costs, licenses, etc.) for each day on which the Target Service Level is missed. Under no circumstances shall credits exceed 30% of the total monthly recurring service fees under an applicable Quote.

Fees

The fees for the Services will be as indicated in the Quote.

Changes to Environment. Initially, you will be charged the monthly fees indicated in the Quote. Thereafter, if the managed environment changes, or if the number of authorized users accessing the managed environment changes, then you agree that the fees will be automatically and immediately modified to accommodate those changes.

Appointment Cancellations. You may cancel or reschedule any appointment with us at no charge by providing us with notice of cancellation at least 2 business hours in advance. If we do not receive timely a notice of cancellation/re-scheduling, or if you are not present at the scheduled time or if we are otherwise denied access to your premises at a pre-scheduled appointment time, then you agree to pay us a cancellation fee equal to one (1) hour of our normal consulting time (or non-business hours consulting time, whichever is appropriate), calculated at our then-current hourly rates.

Microsoft Licensing Fees. The Services require that we purchase certain “per seat” licenses from Microsoft (which Microsoft refers to as New Commerce Experience or “NCE Licenses”) in order to provide you with one or more of the following applications: Microsoft 365, Dynamics 365, Windows 365, and Microsoft Power Platform (each, an “NCE Application”). To leverage the discounts offered by Microsoft for these applications and to pass those discounts through to you, we may purchase NCE Licenses for one (1) year terms for the NCE Applications required under the Quote. As per Microsoft’s requirements, NCE Licenses cannot be canceled once they are purchased and cannot be transferred to any other customer. For that reason, you understand and agree that regardless of the reason for termination of the Services, you are required to pay for all applicable NCE Licenses in full for the entire term of those licenses. Provided that you have paid for the NCE Licenses in full, you will be permitted to use those licenses until they expire, even if you move to a different managed service provider.

Additional Terms & Policies

Authenticity

Everything in the managed environment must be genuine and licensed—including all hardware, software, etc. If we ask for proof of authenticity and/or licensing, you must provide us with such proof. All minimum hardware or software requirements as indicated in a Quote or this Services Guide (“Minimum Requirements”) must be implemented and maintained as an ongoing requirement of us providing the Services to you.

Monitoring Services; Alert Services

Unless otherwise indicated in the Quote, all monitoring and alert-type services are limited to detection and notification functionalities only. Monitoring levels will be set by BITS Midwest, and Client shall not modify these levels without our prior written consent.

Configuration of Third Party Services

Certain third party services provided to you under this Services Guide may provide you with administrative access through which you could modify the configurations, features, and/or functions (“Configurations”) of those services. However, any modifications of Configurations made by you without our knowledge or authorization could disrupt the Services and/or or cause a significant increase in the fees charged for those third party services. For that reason, we strongly advise you to refrain from changing the Configurations unless we authorize those changes. You will be responsible for paying any increased fees or costs arising from or related to changes to the Configurations.

Modification of Environment

Changes made to the Environment without our prior authorization or knowledge may have a substantial, negative impact on the provision and effectiveness of the Services and may impact the fees charged under the Quote. You agree to refrain from moving, modifying, or otherwise altering any portion of the Environment without our prior knowledge or consent. For example, you agree to refrain from adding or removing hardware from the Environment, installing applications on the Environment, or modifying the configuration or log files of the Environment without our prior knowledge or consent.

Co-Managed Environment

In co-managed situations (e.g., where you have designated other vendors or personnel, or “Co-managed Providers,” to provide you with services that overlap or conflict with the Services provided by us), we will endeavor to implement the Services in an efficient and effective manner; however, (a) we will not be responsible for the acts or omissions of Co-Managed Providers, or the remediation of any problems, errors, or downtime associated with those acts or omissions, and (b) in the event that a Co-managed Provider’s determination on an issue differs from our position on a Service-related matter, we will yield to the Co-Managed Provider’s determination and bring that situation to your attention

Anti-Virus; Anti-Malware

Our anti-virus / anti-malware solution will generally protect the Environment from becoming infected with new viruses and malware (“Viruses”); however, Viruses that exist in the Environment at the time that the security solution is implemented may not be capable of being removed without additional services, for which a charge may be incurred. We do not warrant or guarantee that all Viruses and malware will be capable of being detected, avoided, or removed, or that any data erased, corrupted, or encrypted by malware will be recoverable. To improve security awareness, you agree that BITS Midwest or its designated third party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.

Breach/Cyber Security Incident Recovery

Unless otherwise expressly stated in the Quote, the scope of the Services does not include the remediation and/or recovery from a Security Incident (defined below). Such services, if requested by you, will be provided on a time and materials basis under our then-current hourly labor rates. Given the varied number of possible Security Incidents, we cannot and do not warrant or guarantee (i) the amount of time required to remediate the effects of a Security Incident (or that recovery will be possible under all circumstances), or (ii) that all data or systems impacted by the incident will be recoverable or remediated. For the purposes of this paragraph, a Security Incident means any unauthorized or impermissible access to or use of the Environment, or any unauthorized or impermissible disclosure of Client’s confidential information (such as user names, passwords, etc.), that (i) compromises the security or privacy of the information or applications in, or the structure or integrity of, the managed environment, or (ii) prevents normal access to the managed environment, or impedes or disrupts the normal functions of the managed environment.

Environmental Factors

Exposure to environmental factors, such as water, heat, cold, or varying lighting conditions, may cause installed equipment to malfunction. Unless expressly stated in the Quote, we do not warrant or guarantee that installed equipment will operate error-free or in an uninterrupted manner, or that any video or audio equipment will clearly capture and/or record the details of events occurring at or near such equipment under all circumstances.

Fair Usage Policy

Our Fair Usage Policy (“FUP”) applies to all services that are described or designated as “unlimited” or which are not expressly capped in the number of available usage hours per month. An “unlimited” service designation means that, subject to the terms of this FUP, you may use the applicable service as reasonably necessary for you to enjoy the use and benefit of the service without incurring additional time-based or usage-based costs. However, unless expressly stated otherwise in the Quote, all unlimited services are provided during our normal business hours only and are subject to our technicians’ availabilities, which cannot always be guaranteed. In addition, we reserve the right to assign our technicians as we deem necessary to handle issues that are more urgent, critical, or pressing than the request(s) or issue(s) reported by you. Consistent with this FUP, you agree to refrain from (i) creating urgent support tickets for non-urgent or non-critical issues, (ii) requesting excessive support services that are inconsistent with normal usage patterns in the industry (e.g., requesting support in lieu of training), (iii) requesting support or services that are intended to interfere, or may likely interfere, with our ability to provide our services to our other customers.

Hosted Email

You are solely responsible for the proper use of any hosted email service provided to you (“Hosted Email”).

Hosted Email solutions are subject to acceptable use policies (“AUPs”), and your use of Hosted Email must comply with those AUPs—including ours. In all cases, you agree to refrain from uploading, posting, transmitting or distributing (or permitting any of your authorized users of the Hosted Email to upload, post, transmit or distribute) any prohibited content, which is generally content that (i) is obscene, illegal, or intended to advocate or induce the violation of any law, rule or regulation, or (ii) violates the intellectual property rights or privacy rights of any third party, or (iii) mischaracterizes you, and/or is intended to create a false identity or to otherwise attempt to mislead any person as to the identity or origin of any communication, or (iv) interferes or disrupts the services provided by BITS Midwest or the services of any third party, or (v) contains Viruses, trojan horses or any other malicious code or programs. In addition, you must not use the Hosted Email for the purpose of sending unsolicited commercial electronic messages (“SPAM”) in violation of any federal or state law. BITS Midwest reserves the right, but not the obligation, to suspend Client’s access to the Hosted Email and/or all transactions occurring under Client’s Hosted Email account(s) if BITS Midwest believes, in its discretion, that Client’s email account(s) is/are being used in an improper or illegal manner.

Patch Management

We will keep all managed hardware and managed software current with critical patches and updates (“Patches”) as those Patches are released generally by the applicable manufacturers. Patches are developed by third party vendors and, on rare occasions, may make the Environment, or portions of the Environment, unstable or cause the managed equipment or software to fail to function properly even when the Patches are installed correctly. We will not be responsible for any downtime or losses arising from or related to the installation or use of any Patch. We reserve the right, but not the obligation, to refrain from installing a Patch if we are aware of technical problems caused by a Patch, or we believe that a Patch may render the Environment, or any portion of the Environment, unstable.

Backup (BDR) Services

All data transmitted over the Internet may be subject to malware and computer contaminants such as viruses, worms and trojan horses, as well as attempts by unauthorized users, such as hackers, to access or damage Client’s data. Neither BITS Midwest nor its designated affiliates will be responsible for the outcome or results of such activities.

BDR services require a reliable, always-connected internet solution. Data backup and recovery time will depend on the speed and reliability of your internet connection. Internet and telecommunications outages will prevent the BDR services from operating correctly. In addition, all computer hardware is prone to failure due to equipment malfunction, telecommunication-related issues, etc., for which we will be held harmless. Due to technology limitations, all computer hardware, including communications equipment, network servers and related equipment, has an error transaction rate that can be minimized, but not eliminated. BITS Midwest cannot and does not warrant that data corruption or loss will be avoided, and Client agrees that BITS Midwest shall be held harmless if such data corruption or loss occurs. Client is strongly advised to keep a local backup of all of stored data to mitigate against the unintentional loss of data.

Procurement

Equipment and software procured by BITS Midwest on Client’s behalf (“Procured Equipment”) may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible. By procuring equipment or software for Client, BITS Midwest does not make any warranties or representations regarding the quality, integrity, or usefulness of the Procured Equipment. Certain equipment or software, once purchased, may not be returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall be Client’s responsibility in the event that a return of the Procured Equipment is requested. BITS Midwest is not a warranty service or repair center. BITS Midwest will facilitate the return or warranty repair of Procured Equipment; however, Client understands and agrees that (i) the return or warranty repair of Procured Equipment is governed by the terms of the warranties (if any) governing the applicable Procured Equipment, for which BITS Midwest will be held harmless, and (ii) BITS Midwest is not responsible for the quantity, condition, or timely delivery of the Procured Equipment once the equipment has been tendered to the designated shipping or delivery courier.

Business Review / IT Strategic Planning Meetings

We strongly suggest that you participate in business review/strategic planning meetings as may be requested by us from time to time. These meetings are intended to educate you about recommended (and potentially crucial) modifications to your IT environment, as well as to discuss your company’s present and future IT-related needs. These reviews can provide you with important insights and strategies to make your managed IT environment more efficient and secure. You understand that by suggesting a particular service or solution, we are not endorsing any specific manufacturer or service provider.

VCTO or VCIO Services

The advice and suggestions provided by us in our capacity as a virtual chief technology or information officer will be for your informational and/or educational purposes only. BITS Midwest will not hold an actual director or officer position in Client’s company, and we will neither hold nor maintain any fiduciary realtionship with Client. Under no circumstances shall Client list or place BITS Midwest on Client’s corporate records or accounts.

Sample Policies, Procedures.

From time to time, we may provide you with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”). The Sample Policies are for your informational use only, and do not constitute or comprise legal or professional advice, and the policies are not intended to be a substitute for the advice of competent counsel. You should seek the advice of competent legal counsel prior to using or distributing the Sample Policies, in part or in whole, in any transaction. We do not warrant or guarantee that the Sample Policies are complete, accurate, or suitable for your (or your customers’) specific needs, or that you will reduce or avoid liability by utilizing the Sample Policies in your (or your customers’) business operations.

No Third Party Scanning

Unless we authorize such activity in writing, you will not conduct any test, nor request or allow any third party to conduct any test (diagnostic or otherwise), of the security system, protocols, processes, or solutions that we implement in the managed environment (“Testing Activity”). Any services required to diagnose or remediate errors, issues, or problems arising from unauthorized Testing Activity are not covered under the Quote, and if you request us (and we elect) to perform those services, those services will be billed to you at our then-current hourly rates.

Obsolescence

If at any time any portion of the managed environment becomes outdated, obsolete, reaches the end of its useful life, or acquires “end of support” status from the applicable device’s or software’s manufacturer (“Obsolete Element”), then we may designate the device or software as “unsupported” or “non-standard” and require you to update the Obsolete Element within a reasonable time period. If you do not replace the Obsolete Element reasonably promptly, then in our discretion we may (i) continue to provide the Services to the Obsolete Element using our “best efforts” only with no warranty or requirement of remediation whatsoever regarding the operability or functionality of the Obsolete Element, or (ii) eliminate the Obsolete Element from the scope of the Services by providing written notice to you (email is sufficient for this purpose). In any event, we make no representation or warranty whatsoever regarding any Obsolete Element or the deployment, service level guarantees, or remediation activities for any Obsolete Element.

Licenses

If we are required to re-install or replicate any software provided by you as part of the Services, then it is your responsibility to verify that all such software is properly licensed. We reserve the right, but not the obligation, to require proof of licensing before installing, re-installing, or replicating software into the managed environment. The cost of acquiring licenses is not included in the scope of the Quote unless otherwise expressly stated therein.

Acceptable Use Policy

The following policy applies to all hosted services provided to you, including but not limited to (and as applicable) hosted applications, hosted websites, hosted email services, and hosted infrastructure services (“Hosted Services”).

BITS Midwest does not routinely monitor the activity of hosted accounts except to measure service utilization and/or service uptime, security-related purposes and billing-related purposes, and as necessary for us to provide or facilitate our managed services to you; however, we reserve the right to monitor Hosted Services at any time to ensure your compliance with the terms of this Acceptable Use Policy (this “AUP”) and our master services agreement, and to help monitor and ensure the safety, integrity, reliability, or security of the Hosted Services.

Similarly, we do not exercise editorial control over the content of any information or data created on or accessible over or through the Hosted Services. Instead, we prefer to advise our customers of inappropriate behavior and any necessary corrective action. If, however, Hosted Services are used in violation of this AUP, then we reserve the right to suspend your access to part or all of the Hosted Services without prior notice.

Violations of this AUP. The following constitute violations of this AUP:

Harmful or illegal uses. Use of a Hosted Service for illegal purposes or in support of illegal activities, to cause harm to minors or attempt to contact minors for illicit purposes, to transmit any material that threatens or encourages bodily harm or destruction of property or to transmit any material that harasses another is prohibited.

Fraudulent activity. Use of a Hosted Service to conduct any fraudulent activity or to engage in any unfair or deceptive practices, including but not limited to fraudulent offers to sell or buy products, items, or services, or to advance any type of financial scam such as “pyramid schemes,” “Ponzi schemes,” and “chain letters” is prohibited.

Forgery or impersonation. Adding, removing, or modifying identifying network header information to deceive or mislead is prohibited. Attempting to impersonate any person by using forged headers or other identifying information is prohibited. The use of anonymous remailers or nicknames does not constitute impersonation.

SPAM. BITS Midwest has a zero tolerance policy for the sending of unsolicited commercial email (“SPAM”). Use of a Hosted Service to transmit any unsolicited commercial or unsolicited bulk e-mail is prohibited. You are not permitted to host, or permit the hosting of, sites or information that is advertised by SPAM from other networks. To prevent unnecessary blacklisting due to SPAM, we reserve the right to drop the section of IP space identified by SPAM or denial-of-service complaints if it is clear that the offending activity is causing harm to parties on the Internet, if open relays are on the hosted network, or if denial of service attacks are originated from the hosted network.

Internet Relay Chat (IRC). The use of IRC on a hosted server is prohibited.

Open or “anonymous” proxy. Use of open or anonymous proxy servers is prohibited.

Cryptomining. Using any portion of the Hosted Services for mining cryptocurrency or using any bandwidth or processing power made available by or through a Hosted Services for mining cryptocurrency, is prohibited.

Hosting spammers. The hosting of websites or services using a hosted server that supports spammers, or which causes (or is likely to cause) our IP space or any IP space allocated to us or our customers to be listed in any of the various SPAM databases, is prohibited. Customers violating this policy will have their server immediately removed from our network and the server will not be reconnected until such time that the customer agrees to remove all traces of the offending material immediately upon reconnection and agree to allow BITS Midwest to access the server to confirm that all material has been completely removed. Any subscriber guilty of a second violation may be immediately and permanently removed from the hosted network for cause and without prior notice.

Email/message forging. Forging any email message header, in part or whole, is prohibited.

Unauthorized access. Use of the Hosted Services to access, or to attempt to access, the accounts of others or to penetrate, or attempt to penetrate, BITS Midwest’s security measures or the security measures of another entity’s network or electronic communications system, whether or not the intrusion results in the corruption or loss of data, is prohibited. This includes but is not limited to accessing data not intended for you, logging into or making use of a server or account you are not expressly authorized to access, or probing the security of other networks, as well as the use or distribution of tools designed for compromising security such as password guessing programs, cracking tools, or network probing tools.

IP infringement. Use of a Hosted Service to transmit any materials that infringe any copyright, trademark, patent, trade secret or other proprietary rights of any third party, is prohibited.

Collection of personal data: Use of a Hosted Service to collect, or attempt to collect, personal information about third parties without their knowledge or consent is prohibited.

Network disruptions and sundry activity. Use of the Hosted Services for any activity which affects the ability of other people or systems to use the Hosted Services or the internet is prohibited. This includes “denial of service” (DOS) attacks against another network host or individual, “flooding” of networks, deliberate attempts to overload a service, and attempts to “crash” a host.

Distribution of malware. Intentional distribution of software or code that attempts to and/or causes damage, harassment, or annoyance to persons, data, and/or computer systems is prohibited.

Excessive use or abuse of shared resources. The Hosted Services depend on shared resources. Excessive use or abuse of these shared network resources by one customer may have a negative impact on all other customers. Misuse of network resources in a manner which impairs network performance is prohibited. You are prohibited from excessive consumption of resources, including CPU time, memory, and session time. You may not use resource-intensive programs which negatively impact other customers or the performances of our systems or networks.

Allowing the misuse of your account. You are responsible for any misuse of your account, even if the inappropriate activity was committed by an employee or independent contractor. You shall not permit your hosted network, through action or inaction, to be configured in such a way that gives a third party the capability to use your hosted network in an illegal or inappropriate manner. You must take adequate security measures to prevent or minimize unauthorized use of your account. It is your responsibility to keep your account credentials secure.

To maintain the security and integrity of the hosted environment, we reserve the right, but not the obligation, to filter content, DNS requests, or website access for any web requests made from within the hosted environment.

Revisions to this AUP. We reserve the right to revise or modify this AUP at any time. Changes to this AUP shall not be grounds for early contract termination or non-payment.