This Services Guide contains provisions that define, clarify, and govern the scope of the services described in the quote that has been provided to you (the “Quote”), as well as the policies and procedures that we follow (and to which you agree) when we provide a service to you or facilitate a service for you. If you do not agree with the terms of this Services Guide, you should not sign the Quote and you must contact us for more information.

This Services Guide is our “owner’s manual” that generally describes all managed services provided or facilitated by New England Systems, Inc. (“NSI,” “we,” “us,” or “our”); however, only those services specifically described in the Quote will be facilitated and/or provided to you (collectively, the “Services”).  

This Services Guide is governed under our Master Services Agreement (“MSA”). You may locate our MSA through the link in your Quote or, if you want, we will send you a copy of the MSA by email upon request. Capitalized terms in this Services Guide will have the same meaning as the capitalized terms in the MSA, unless otherwise indicated below.

Activities or items that are not specifically described in the Quote will be out of scope and will not be included unless otherwise agreed to by us in writing.

Please read this Services Guide carefully and keep a copy for your records.

Initial Assessment

In the Initial Assessment phase of our services, we audit your managed information technology environment (the “Environment”) to determine the readiness for, and compatibility with, ongoing managed services. Our assessment services may be comprised of some or all of the following:

• Audit to determine general Environment readiness and functional capability
• Email / O365
• File server / SharePoint
• Workstations and workstation management
• Basic security check
• Server infrastructure
• Backup and disaster recovery solution
• Power management
• Perimeter and back-office security
• Remote access solution
• Network and wireless infrastructure
• ISP and related information

If deficiencies are discovered during the assessment process (such as outdated equipment or unlicensed software), we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of the Services and provide you with options to correct the deficiencies. Please note, unless otherwise expressly agreed by us in writing, assessment services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the assessment process. Issues that are discovered in the Environment after the assessment process is completed may be addressed in one or more subsequent quotes.

Onboarding Services

In the Onboarding phase of our services, we will prepare your IT environment for the monthly managed services described in the Quote. During this phase, we will work with your Authorized Contact(s) to review the information we need to prepare the targeted environment, and we may also:

• Information gathering to include any of the following:
  • Domain registrar information including logins
  • External DNS hosting including logins
  • SSL certificate and login information
  • ISP information
  • Serial numbers of existing equipment
• Access information including
  • Firewall passwords
  • Server and domain passwords
  • Switch passwords
  • UPS passwords
  • Wireless access point passwords
  • O365 passwords
  • Any other portal passwords
• Setup of Agents and Monitoring
  • Automated Updates
  • Automated Reboot Schedule
• Transfer of management
  • SonicWall transfer to our admin portal
  • O365 transfer (can only be completed at anniversary date)
• Setup of additional services
  • Security Awareness Training
  • Backup/Disaster recovery services
• Asset tagging equipment

This list is subject to change if we determine, in our discretion, that different or additional onboarding activities are required.

If deficiencies are discovered during the onboarding process, we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of our monthly managed services. Please note, unless otherwise expressly stated in the Quote, onboarding-related services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the onboarding process.  

The duration of the onboarding process depends on many factors, many of which may be outside of our control—such as product availability/shortages, required third party vendor input, etc. As such, we can estimate, but cannot guarantee, the timing and duration of the onboarding process. We will keep you updated as the onboarding process progresses.

Ongoing / Recurring Services

Ongoing/recurring services are services that are provided to you on an ongoing basis and, unless otherwise indicated in a Quote, are billed to you monthly. Ongoing services generally begin upon the completion of onboarding services; therefore, any delays or interruptions to the onboarding services may delay the commencement of ongoing/recurring services.  

Managed Services

Reasonable efforts will be made to provide the following services, if listed in the quote.

Remote Monitoring and Management

Software agents install on Covered Equipment (defined below) report status and IT-related events to our NOC team. These agents also provide a means of automating patching, performing maintenance, generating usage reports and a means of our technicians to remotely manage the Covered Equipment.  

More specifically, we can monitor your servers for:

• Most Hardware failures
• Device Offline
• Failed backups
• Failed updates
• Low Diskspace
• High CPU Utilization

*NOTE: if a major failure occurs causing an outage during business hours, your employees will notice the failure before our alerting system. If this occurs, please call our office immediately at 203-723-4431.

Advanced Security – EDR

Implementation and facilitation of an endpoint malware and advanced threat protection solution utilizing an Endpoint Protection Platform (EPP) from our designated Third-Party Provider.

• Real-Time Threat Detection: Our EDR solution continuously monitors endpoints for suspicious activities. Using advanced algorithms and machine learning, it identifies potential threats in real-time, ensuring immediate response to any security incidents.
• Automated Response Capabilities: Upon detecting a threat, the system automatically initiates a response. This may include isolating the affected endpoint, removing malicious files, or reversing unauthorized changes, thereby minimizing the impact on your business operations.
• Behavioral AI Technology: Utilizing behavioral AI technology which goes beyond traditional signature-based approaches. It analyzes patterns and behaviors, enabling it to detect and block even the most sophisticated, previously unknown threats.
• 24/7 Monitoring: Our EPP provides round-the-clock monitoring. We ensure that any alerts are investigated and resolved.
• Comprehensive Reporting and Analytics: We provide detailed reports and analytics, giving you insights into the security landscape of your endpoints. This includes information on detected threats, response actions taken, and recommendations for enhancing your security posture.
• Easy Integration and Scalability: Our service seamlessly integrates with your existing IT infrastructure and other security tools.

Remote Help Desk Services

• Remote support provided during normal business hours for managed devices and covered software
• Tiered-level support provides a smooth escalation process and helps to ensure effective solutions

Remote Infrastructure Maintenance & Support

• Configuration, monitoring, and preventative maintenance services provided for the managed IT infrastructure
• If remote efforts are unsuccessful then NSI will dispatch a technician to the Client’s premises to resolve covered incidents (timing of onsite support is subject to technician availability and scheduling)

Updates and patching

• Remotely deploy updates, bug fixes, minor enhancements, and security updates as deemed necessary on all managed hardware.
• Deploy, manage, and monitor the installation of approved service packs, security updates and some basic firmware updates as deemed necessary on applicable managed hardware.
• Troubleshoot automated patching issues.

Please note: We will keep all managed hardware and managed software current with critical patches and updates (“Patches”) as those Patches are released generally by the applicable manufacturers. Patches are developed by third party vendors and, on rare occasions, may make the Environment, or portions of the Environment, unstable or cause the managed equipment or software to fail to function properly even when the Patches are installed correctly. We will not be responsible for any downtime or losses arising from or related to the installation or use of any Patch. We reserve the right, but not the obligation, to refrain from installing a Patch if we are aware of technical problems caused by a Patch, or we believe that a Patch may render the Environment, or any portion of the Environment, unstable.

Backup

Implementation and facilitation of a backup and file recovery solution from our designated Third Party Provider.  

Our continuity backup solution, if included in the quote, provides:

• Continuous data protection
• File backup
• Local Virtual Machine exports if required
• Bare metal restores (restrictions apply)
• Scheduling of backup and retention policies
• Block-level encryption (AES-256)

Please note: Additional fees may apply in the event that the amount of backed up data grows and requires and larger server or additional server.

Backup Retention

Our default backup retention policy is 1 year. This process starts when we start with our continuity backup solution. If the client requires data retention prior to using our continuity backup solution, please contact your previous managed services provider to obtain your historical data.

Note: Workstations, laptops, mobile devices, and all forms of removeable storage (including removeable storage connected to the server) are not included in our backup service.  

Backup Monitoring Services

Implementation and facilitation of a backup monitoring solution from our designated Third Party Provider. Features include:

• Management, monitoring, and verification of backups on both local and cloud backups
• Troubleshooting backup failures
• Site DR testing

Backup Recovery Services

Backup recovery services can be requested during NSI’s normal business hours. Requests for recovery services can be made by phone 203-723-4431 or by email tc@nsiserv.com. If you are in urgent need of a restore, please be sure to contact NSI by phone at 203-723-4431.

Recovery times can vary but we will endeavor to restore backed up data as quickly as possible following our receipt of a request to do so; however, in all cases data restoration services are subject to technician availability. Generally, we can restore between 0 and 100MB of data within 4 hours of your request. Data restoration of larger amounts of data will be handled in accordance with technician availability. If you are in urgent need of a restore, please be sure to contact NSI by phone at 203-723-4431.

Firewalls

Firewall(s) monitored and maintained for your organization’s specific bandwidth, remote access, and user needs.  

Helps to prevent hackers from accessing internal network(s) from outside the network(s), while providing secure remote network access.

Only firewalls recommended, quoted, installed and configured by NSI will be covered by the master services agreement; otherwise, we will endeavor to assist the client with their current firewall until a NSI replacement firewall is quoted, installed and configured.  

For NSI to provide notification regarding warranty and subscription renewals and to ensure the correct services related to the client’s firewalls, the firewalls must be configured to use our portal. If an existing approved firewall is in place, it would need to be transferred to NSI’s portal. In some cases, this requires the client to contact their previous provider and request a transfer.  

Email Threat Protection

Implementation and facilitation of a trusted email threat protection solution from our designated Third Party Provider.  

Our email threat protection helps protect your organization against advanced attacks, with native email security that automatically stops attack progression. In addition, this protection attempts to combat sophisticated attacks using email and collaboration signals. These tools are always be enhanced, updated and changed to provide you with best in class protection, however, all of these tools can and will be bypassed by the ever-growing attacks.  

End user security awareness training

NSI’s advanced Security Awareness Training program, if included in the quote, provides baseline testing to assess the phish-prone percentage of users; simulated phishing email campaigns designed to trigger online education for employees to keep them aware of different types of security threats. The service can include:

• Unlimited Phishing Security Tests
• Automated Security Awareness Program (ASAP)
• Security ‘Hints & Tips’
• Multiple training levels
• Automated Training Campaigns
• Assessments
• AI-Recommended Training
• Phishing Reply Tracking
• User Provisioning via Active Directory or SCIM Integration
• SSO Integration
• Industry Benchmarking
• Virtual
• Advanced Reporting
• Regular Email Exposure Checks
• Social Engineering Indicators (SEI)
• AI-Driven Phishing
• AI-Recommended Optional Learning

Multi-Factor Authentication

Implementation and facilitation of a multi-factor authentication solution from our designated Third Party Provider.  

An industry best practice security method that requires users to identify themselves using two or more methods, usually a password and a code sent to a smartphone. This recommended security method is used as an extra layer of protection to help ensure the security of accounts beyond just a username and password.  

Password Manager

Implementation and facilitation of a password management protection solution from our designated Third Party Provider.  

• Securely store and organize passwords in a secure digital password vault accessed through your browser or an app.
• Generate secure passwords with editable options to meet specific criteria.
• Browser extension permits easy access to all of your information including the password vaults.
• Mobile phone app enables access to your password vault and stored information on your mobile device.  

Wi-Fi Services

Wireless Access Points and controllers monitored and maintained for your organization’s specific needs.  

Only Wi-Fi services recommended, quoted and configured by NSI will be covered by the master services agreement; otherwise, we will endeavor to assist the client with their current Wi-Fi services until NSI replacement equipment is purchased, installed and configured.  

For NSI to provide notification regarding warranty and subscription renewals and to ensure the correct services related to the client’s Wi-Fi, the equipment must be configured to use our portal. If exiting approved equipment is in place, it would need to be transferred to NSI’s portal. In some cases, this requires the client to contact their previous provider and request a transfer.  

NSI will provide remote support services during normal business hours to assist with device connectivity issues. (Support services will be provided on a “reasonable efforts” basis only, and Client understands that some end-user devices may not connect to the wireless network, or they may connect but not perform well).  

Account Manager/Virtual Chief Technology Officer

An NSI appointed Account Manager will be the client’s main point of contact for

• Business-related IT issues and concerns
• Assisting in creation of information/data-related plans and budgets
• Providing strategic guidance and consultation across different technologies
• Creating company-specific best standards and practices
• Providing business related education and recommendations of technologies
• Participating in scheduled meetings to maintain goals
• Maintaining technology documentation
• Assessing and making recommendations for improving technology usage and services

Fixed Fee or Hourly Billing

If you purchase services from NSI as fixed fee or as hourly billing, then we will provide our professional information technology consulting services to you. The specific scope, timing, term, and pricing of the Services (collectively, “Specifications”) will be determined between you and us at the time that you request the Services from us.

You and we may finalize the Specifications (i) by exchanging emails confirming the relevant terms, or (ii) by you agreeing to an invoice, purchase order, or similar document we send to you that describes the Specifications (an “Invoice”), or in some cases, (iii) by us performing the Services or delivering the applicable deliverables in conformity with the Specifications.  

If we provide you with an email or an Invoice that contains details or terms for the Services that are different than the terms of than the Quote, then the terms of the Invoice will control for those Services only.  

A Service will be deemed completed upon our final delivery of the applicable portions of Specifications unless a different completion milestone is expressly agreed upon in the Specifications (“Service Completion”). (For example, sales of hardware will be deemed completed when the hardware is delivered to you; licensing will be completed when the licenses are provided to you, etc.) Any defects or deviations from the Specifications must be pointed out to us, in writing, within ten (10) days after the date of Service Completion. After that time, any issues or remedial activities related to the Services will be billed to you at our then-current hourly rates.

Unless we agree otherwise in writing, Services will be provided only during our normal business hours. Services provided outside of our normal business hours are subject to increased fees and technician availability and require your and our mutual consent to implement.  

The priority given to implementing the Services will be determined by our reasonable discretion, considering any milestones or deadlines expressly agreed upon in an invoice or email from NSI. If no specific milestone or deadline is agreed upon, then the Services will be performed in accordance with your needs, the specific requirements of the job(s), and technician availability.

Payment for fixed fee services will be as stated below unless otherwise agreed upon:

• Fixed fee services up to $5K are billed upon completion.

• Fixed fee services over $5K are billed 50% upon signing and 50% upon completion.

HaaS Equipment/BDR Hardware/Loaner Equipment

HaaS Equipment We will provide you with the HaaS Equipment, BDR Hardware or Loaner Equipment (HaaS Equipment) described in the Quote.

Deployment. We will deploy the HaaS Equipment within the timeframe stated in the Quote, provided that you promptly provide all information that we reasonably request from you to complete deployment. This deployment guaranty does not apply to any software, other managed services, or hardware devices other than the HaaS Equipment. If you wish to delay the deployment of the HaaS Equipment, then you may do so provided that you give us written notice of your election to delay no later than five (5) days following the date you sign the Quote. Deployment shall not extend beyond two (2) months following the date on which you sign the Quote. You will be charged at the rate of fifty percent (50%) of the monthly recurring fees for the HaaS-related services during the period of delay. Following deployment, we will charge you the full monthly recurring fee (plus other usage fees as applicable) for the full term indicated in the Quote.

Equipment Hardware Repair or Replacement. NSI will repair or replace HaaS Equipment by the end of the business day following the business day on which the applicable problem is identified by, or reported to, NSI and has been determined by NSI to be incapable of being remediated remotely.

This warranty does not include the time required to rebuild your system, such as the time required to configure a replacement device, rebuild a RAID array, reload the operating system, reload and configure applications, and/or restore from backup (if necessary).

If NSI fails to meet the warranties in this section and the failure materially and adversely affects your hosted environment (“Hosted System”), you are entitled to a credit in the amount of 5% of the monthly fee per hour of downtime (after the initial one (1) hour allocated to problem identification), up to 100% of your monthly fee for the affected HaaS Equipment. In no event shall a credit exceed 100% of the applicable month’s monthly fee for the affected equipment.

Periodic Replacement of HaaS Equipment. From time to time and in our discretion, we may decide to swap out older HaaS Equipment for updated or newer equipment. (Generally, equipment that is five years old or older may be appropriate for replacement). If we elect to swap out HaaS Equipment due to normal, periodic replacement, then we will notify you of the situation and arrange a mutually convenient time for such activity.

Return of HaaS Equipment. Unless we expressly direct you to do so, you will not remove or disable, or attempt to remove or disable, any software agents that we installed in the HaaS Equipment. Doing so could result in network vulnerabilities and/or the continuation of license fees for the software agents for which you will be responsible, and/or the requirement that we remediate the situation at our then-current hourly rates, for which you will also be responsible. Within ten (10) days after the termination of HaaS-related Services, Client will provide NSI access to the premises at which the HaaS Equipment is located so that all such equipment may be retrieved and removed by us. If you fail to provide us with timely access to the HaaS Equipment or if the equipment is returned to us damaged (normal wear and tear excepted), then we will have the right to charge you, and you hereby agree to pay, the replacement value of all such unreturned or damaged equipment.

Usage. You will use all NSI-hosted or NSI-supplied equipment and hardware for your internal business purposes only. You shall not sublease, sublicense, rent or otherwise make the HaaS Equipment available to any third party without our prior written consent. You agree to refrain from using the Infrastructure in a manner that unreasonably or materially interferes with our other hosted equipment or hardware, or in a manner that disrupts or that is likely to disrupt the services that we provide to our other clientele. We reserve the right to throttle or suspend your access and/or use of the HaaS Equipment if we believe, in our sole but reasonable judgment, that your use of the Infrastructure is violates the terms of the Quote, this Services Guide, or the Agreement.

Insurance: It is the sole responsibility of the Client to cover the replacement cost of all HaaS equipment in any event deemed coverable under insurance available in the geographic area where the equipment resides. The Client will maintain sufficient insurance to cover all HaaS equipment provided by NSI.  

Covered Equipment / Hardware / Software

Managed Services will be applied to the number of devices indicated in the Quote (“Covered Hardware”). The list of Covered Hardware may be modified by mutual consent (email is sufficient for this purpose); however, we reserve the right to modify the list of Covered Hardware at any time if we discover devices that were not previously included in the list of Covered Hardware and which are receiving Services, or as necessary to accommodate changes to the quantity of Covered Hardware.

Unless otherwise stated in the Quote, Covered Devices will only include technology assets (such as computers, servers, and networking equipment) owned by the Client’s organization. Please note: Managed Services will not be applied to personal devices and support of personal devices is generally not included in the Scope of Services.  

We provide the Services on a fixed fee basis up to a maximum number of users or devices. A “Business Device” is a device that (i) is owned or leased by Client and used primarily for business, (ii) is regularly connected to Client’s managed network, and (iii) has installed on it a software agent through which we (or our designated Third Party Providers) can monitor the device.

We will provide support for any software applications that are licensed through us. Such software (“Supported Software”) will be supported on a “best effort” basis only and any support required beyond Level 2-type support will be facilitated with the applicable software vendor/producer. Coverage for non-Supported Software is outside of the scope of the Quote and will be provided to you on a “best-effort” basis and a time and materials basis with no guarantee of remediation. Should our technicians provide you with advice concerning non-Supported Software, the provision of that advice should be viewed as an accommodation, not an obligation, to you.

If we are unable to remediate an issue with non-Supported Software, then you will be required to contact the manufacturer/distributor of the software for further support. Please note: Manufacturers/distributors of such software may charge fees, some of which may be significant, for technical support; therefore, we strongly recommend that you maintain service or support contracts for all non-Supported Software (“Service Contract”). If you request that we facilitate technical support for non-Supported Software and if you have a Service Contract in place, our facilitation services will be provided at no additional cost to you.

Physical Locations Covered by Services

Services will be provided remotely unless, in our discretion, we determine that an onsite visit is required. NSI visits will be scheduled in accordance with the priority assigned to the issue (below) and are subject to technician availability. Unless we agree otherwise, all onsite Services will be provided at Client’s primary business location. Additional fees may apply for onsite visits: Please review the Service Level section below for more details.  

Minimum Requirements / Exclusions

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements:  

• Server hardware must be under current warranty coverage.
• All equipment with Microsoft Windows® operating systems must be running then currently supported versions of such software and have all the latest Microsoft service packs and critical updates installed.
• All software must be genuine, licensed, and vendor supported.
• Server file systems and email systems (if applicable) must be protected by NSI approved licensed and up-to-date virus protection software.
• The managed environment must have NSI’s server-based backup solution sufficiently sized to the client’s needs
• All wireless data traffic in the managed environment must be securely encrypted. • There must be an outside static IP address assigned to a network device, allowing NSI with remote access.  
• All servers must be connected to working UPS devices.
• Recovery coverage assumes data integrity of the backups, or the data stored on the backup devices. We do not guarantee the integrity of the backups, or the data stored on the backup devices. Server restoration will be to the point of the last successful backup.  
• Client must provide all software installation media and key codes in the event of a failure.
• Any costs required to bring the Environment up to these minimum standards are not included in this Services Guide.
• Any costs required for labor for additional work stations are not included in this Services Guide or Managed Services.

Client must provide us with exclusive administrative privileges to the Environment.

Client must not affix or install any accessory, addition, upgrade, equipment, or device on to the firewall, server, or NAS appliances (other than electronic data) unless expressly approved in writing by us.  

Exclusions.  

Services that are not expressly described in the Quote will be out of scope and will not be provided to Client unless otherwise agreed, in writing, by NSI. Without limiting the foregoing, the following services are expressly excluded, and if required to be performed, must be agreed upon by NSI in writing:

Customization of third-party applications, or programming of any kind.

Support for operating systems, applications, or hardware (including printers) no longer supported by the manufacturer.

Data/voice wiring or cabling services of any kind.

Battery backup replacement.

Equipment relocation.

The cost to bring the managed environment up to these minimum requirements (unless otherwise noted in the Quote).

The cost of repairs to hardware or any supported equipment or software, or the costs to acquire parts or equipment, or shipping charges of any kind.

Support for any equipment where NSI has recommended replacement.

Installation and setup of USED equipment (laptops, desktops, networking equipment) is not covered under this agreement and will be treated as a billable service.

Service Levels

Automated monitoring is provided on an ongoing (i.e., 24x7x365) basis. Response, repair, and/or remediation services (as applicable) will be provided only during our business hours (currently M-F, 8 AM – 5 PM Eastern Time, excluding legal holidays and NSI-observed holidays as listed below), unless otherwise specifically stated in the Quote or as otherwise described below.

We will respond to problems, errors, or interruptions in the provision of the Services during business hours in the timeframe(s) described below. Severity levels will be determined by NSI in our discretion. All remediation services will initially be attempted remotely; NSI will provide onsite service only if remote remediation is ineffective and, under all circumstances, only if covered under the Service plan selected by Client.  

* All time frames are calculated as of the time that NSI is notified of the applicable issue / problem by Client through NSI’s support email tc@nsiserv.com or by telephone at the telephone number listed in the Quote. For Critical / Service not available and Significant Degradation, a telephone call to our office main number is the required form of notification for NSI to meet the response times (email will not be accepted). Notifications received in any manner other than described herein may result in a delay in the provision of remediation efforts.  

Non-scheduled Technical Support During Off-Hours/Non-Business Hours: Non-Scheduled technical support provided outside of our normal business hours is offered on a case-by-case basis and is subject to technician availability. If NSI agrees to provide off-hours/non-business hours support (“Non-Business Hour Support”), then that support will be provided on a time and materials basis (which is not covered under any Service plan), and will be billed to Client at 2x our then-current hourly rates. A two (2) hour minimum applies to all Non-Business Hour Support.  

NSI-Observed Holidays: NSI observes the following holidays:

• New Year’s Day
• Memorial Day
• Independence Day
• Labor Day
• Thanksgiving Day
• The day following Thanksgiving Day
• Christmas Day

Fees

Reconciliation. Fees for certain Third Party Services that we facilitate or resell to you may begin to accrue prior to the “go-live” date of other applicable Services. (For example, Microsoft Azure or AWS-related fees begin to accrue on the first date on which we start creating and/or configuring certain hosted portions of the Environment; however, the Services that rely on Microsoft Azure or AWS may not be available to you until a future date). You understand and agree that you will be responsible for the payment of all fees for Third Party Services that are required to begin prior to the “go-live” date of Services, and we reserve the right to reconcile amounts owed for those fees by including those fees on your monthly invoices.

Changes to Environment. Initially, you will be charged the monthly fees indicated in the Quote. Thereafter, if the managed environment changes, or if the number of authorized users accessing the managed environment changes, then you agree that the fees will be automatically and immediately modified to accommodate those changes.  

Travel Time. If onsite services are provided, we will travel up to 45 minutes from our office to your location at no charge. Time spent traveling beyond 45 minutes (e.g., locations that are beyond 45 minutes from our office, occasions on which traffic conditions extend our drive time beyond 45 minutes one-way, etc.) will be billed to you at our then current hourly rates. In addition, you will be billed for all tolls, parking fees, and related expenses that we incur if we provide onsite services to you.

Appointment Cancellations. You may cancel or reschedule any appointment with us at no charge by providing us with notice of cancellation at least one business day in advance. If we do not receive timely a notice of cancellation/re-scheduling, or if you are not present at the scheduled time or if we are otherwise denied access to your premises at a pre-scheduled appointment time, then you agree to pay us a cancellation fee equal to two (2) hours of our normal consulting time (or non-business hours consulting time, whichever is appropriate), calculated at our then-current hourly rates.

Access Licensing. One or more of the Services may require us to purchase certain “per seat” or “per device” licenses (often called “Access Licenses”) from one or more Third Party Providers. (Microsoft “New Commerce Experience” licenses as well as Cisco Meraki “per device” licenses are examples of Access Licenses.) Access Licenses cannot be canceled once they are purchased and often cannot be transferred to any other customer. For that reason, you understand and agree that regardless of the reason for termination of the Services, fees for Access Licenses are non-mitigatable and you are required to pay for all applicable Access Licenses in full for the entire term of those licenses. Provided that you have paid for the Access Licenses in full, you will be permitted to use those licenses until they expire.

Term; Termination

The Services will commence once billing is setup and the initial payment has been received or on the date indicated in the Quote (“Commencement Date”), whichever is later, and will continue through the initial term listed in the Quote (“Initial Term”). We reserve the right to delay the Commencement Date until all onboarding/transition services (if any) are completed, and all deficiencies / revisions identified in the onboarding process (if any) are addressed or remediated to NSI’s satisfaction.  

The Services will continue through the Initial Term until terminated as provided in the Agreement, the Quote, or as indicated in this section (the “Service Term”).

Per Seat/Per Device Licensing: Regardless of the reason for the termination of the Services, you will be required to pay for all per seat or per device licenses that we acquire on your behalf. Please see “Access Licensing” in the Fees section above for more details.

Removal of Software Agents; Return of Firewall & Backup Appliances: Unless we expressly direct you to do so, you will not remove or disable, or attempt to remove or disable, any software agents that we installed in the managed environment or any of the devices on which we installed software agents. Doing so without our guidance may make it difficult or impracticable to remove the software agents, which could result in network vulnerabilities and/or the continuation of license fees for the software agents for which you will be responsible, and/or the requirement that we remediate the situation at our then-current hourly rates, for which you will also be responsible. Depending on the particular software agent and the costs of removal, we may elect to keep the software agent in the managed environment but in a dormant and/or unused state.

Within ten (10) days after being directed to do so, Client will remove, package and ship, at Client’s expense and in a commercially reasonable manner, all hardware, equipment, and accessories provided to Client by NSI that were used in the provision of the Services. If you fail to timely return all equipment to us, or if the equipment is returned to us damaged (normal wear and tear excepted), then we will have the right to charge you, and you hereby agree to pay, the replacement value of all such unreturned or damaged equipment.

Employee / Staff guide

It is the responsibility of the Client to educate staff about acceptable use policy and the potential for attacks through home networks, public networks (like coffee shops or shared workspaces). Use of Client’s corporate equipment may be vulnerable to attacks from environments where video games, local VPNs and other configurations that may exist. The Client is responsible for the design of such policies and the education and enforcement of such policies.  

Shipping

Courier charges incurred by NSI as well as a handling charge for our staff’s time, to deliver equipment/software/parts/licenses etc. will be charged to the customer. If our staff acts as a courier, the charges will be at the rate of $250 per hour.  

Additional Terms

Authenticity

Everything in the managed environment must be genuine and licensed—including all hardware, software, etc. If we ask for proof of authenticity and/or licensing, you must provide us with such proof. All minimum hardware or software requirements as indicated in a Quote or this Services Guide (“Minimum Requirements”) must be implemented and maintained as an ongoing requirement of us providing the Services to you.

Monitoring Services; Alert Services

Unless otherwise indicated in the Quote, all monitoring and alert-type services are limited to detection and notification functionalities only. Monitoring levels will be set by NSI, and Client shall not modify these levels without our prior written consent.

Remediation

Unless otherwise provided in the Quote, remediation services will be provided in accordance with the recommended practices of the managed services industry. Client understands and agrees that remediation services are not intended to be, and will not be, a warranty or guarantee of the functionality of the Environment, or a service plan for the repair of any particular piece of managed hardware or software.

Configuration of Third Party Services

Certain third party services provided to you under this Services Guide may provide you with administrative access through which you could modify the configurations, features, and/or functions (“Configurations”) of those services. However, any modifications of Configurations made by you without our knowledge or authorization could disrupt the Services and/or or cause a significant increase in the fees charged for those third party services. For that reason, we strongly advise you to refrain from changing the Configurations unless we authorize those changes. You will be responsible for paying any increased fees or costs arising from or related to changes to the Configurations.

Dark Web Monitoring

Our dark web monitoring services utilize the resources of third party solution providers. Dark web monitoring can be a highly effective tool to reduce the risk of certain types of cybercrime; however, we do not guarantee that the dark web monitoring service will detect all actual or potential uses of your designated credentials or information.

Modification of Environment

Changes made to the Environment without our prior authorization or knowledge may have a substantial, negative impact on the provision and effectiveness of the Services and may impact the fees charged under the Quote. You agree to refrain from moving, modifying, or otherwise altering any portion of the Environment without our prior knowledge or consent. For example, you agree to refrain from adding or removing hardware from the Environment, installing applications on the Environment, or modifying the configuration or log files of the Environment without our prior knowledge or consent.

Co-Managed Environment

In co-managed situations (e.g., where you have designated other vendors or personnel, or “Co-managed Providers,” to provide you with services that overlap or conflict with the Services provided by us), we will endeavor to implement the Services in an efficient and effective manner; however, (a) we will not be responsible for the acts or omissions of Co-Managed Providers, or the remediation of any problems, errors, or downtime associated with those acts or omissions, and (b) in the event that a Co-managed Provider’s determination on an issue differs from our position on a Service-related matter, we will yield to the Co-Managed Provider’s determination and bring that situation to your attention.

Anti-Virus; Anti-Malware

Our anti-virus / anti-malware solution will generally protect the Environment from becoming infected with new viruses and malware (“Viruses”); however, Viruses that exist in the Environment at the time that the security solution is implemented may not be capable of being removed without additional services, for which a charge may be incurred. We do not warrant or guarantee that all Viruses and malware will be capable of being detected, avoided, or removed, or that any data erased, corrupted, or encrypted by malware will be recoverable. To improve security awareness, you agree that NSI or its designated third party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.

Breach/Cyber Security Incident Recovery

Unless otherwise expressly stated in the Quote, the scope of the Services does not include the remediation and/or recovery from a Security Incident (defined below). Such services, if requested by you, will be provided on a time and materials basis under our then-current hourly labor rates. Given the varied number of possible Security Incidents, we cannot and do not warrant or guarantee (i) the amount of time required to remediate the effects of a Security Incident (or that recovery will be possible under all circumstances), or (ii) that all data or systems impacted by the incident will be recoverable or remediated. For the purposes of this paragraph, a Security Incident means any unauthorized or impermissible access to or use of the Environment, or any unauthorized or impermissible disclosure of Client’s confidential information (such as user names, passwords, etc.), that (i) compromises the security or privacy of the information or applications in, or the structure or integrity of, the managed environment, or (ii) prevents normal access to the managed environment, or impedes or disrupts the normal functions of the managed environment.

Environmental Factors

Exposure to environmental factors, such as water, heat, cold, or varying lighting conditions, may cause installed equipment to malfunction. Unless expressly stated in the Quote, we do not warrant or guarantee that installed equipment will operate error-free or in an uninterrupted manner, or that any video or audio equipment will clearly capture and/or record the details of events occurring at or near such equipment under all circumstances.

Fair Usage Policy

Our Fair Usage Policy (“FUP”) applies to all services that are described or designated as “unlimited” or which are not expressly capped in the number of available usage hours per month. An “unlimited” service designation means that, subject to the terms of this FUP, you may use the applicable service as reasonably necessary for you to enjoy the use and benefit of the service without incurring additional time-based or usage-based costs. However, unless expressly stated otherwise in the Quote, all unlimited services are provided during our normal business hours only and are subject to our technicians’ availabilities, which cannot always be guaranteed. In addition, we reserve the right to assign our technicians as we deem necessary to handle issues that are more urgent, critical, or pressing than the request(s) or issue(s) reported by you. Consistent with this FUP, you agree to refrain from (i) creating urgent support tickets for non-urgent or non-critical issues, (ii) requesting excessive support services that are inconsistent with normal usage patterns in the industry (e.g., requesting support in lieu of training), (iii) requesting support or services that are intended to interfere, or may likely interfere, with our ability to provide our services to our other customers.  

Hosted Email

You are solely responsible for the proper use of any hosted email service provided to you (“Hosted Email”).  

Hosted Email solutions are subject to acceptable use policies (“AUPs”), and your use of Hosted Email must comply with those AUPs. In all cases, you agree to refrain from uploading, posting, transmitting or distributing (or permitting any of your authorized users of the Hosted Email to upload, post, transmit or distribute) any prohibited content, which is generally content that (i) is obscene, illegal, or intended to advocate or induce the violation of any law, rule or regulation, or (ii) violates the intellectual property rights or privacy rights of any third party, or (iii) mischaracterizes you, and/or is intended to create a false identity or to otherwise attempt to mislead any person as to the identity or origin of any communication, or (iv) interferes or disrupts the services provided by NSI or the services of any third party, or (v) contains Viruses, trojan horses or any other malicious code or programs. In addition, you must not use the Hosted Email for the purpose of sending unsolicited commercial electronic messages (“SPAM”) in violation of any federal or state law. NSI reserves the right, but not the obligation, to suspend Client’s access to the Hosted Email and/or all transactions occurring under Client’s Hosted Email account(s) if NSI believes, in its discretion, that Client’s email account(s) is/are being used in an improper or illegal manner.  

Patch Management

We will keep all managed hardware and managed software current with critical patches and updates (“Patches”) as those Patches are released generally by the applicable manufacturers. Patches are developed by third party vendors and, on rare occasions, may make the Environment, or portions of the Environment, unstable or cause the managed equipment or software to fail to function properly even when the Patches are installed correctly. We will not be responsible for any downtime or losses arising from or related to the installation or use of any Patch. We reserve the right, but not the obligation, to refrain from installing a Patch if we are aware of technical problems caused by a Patch, or we believe that a Patch may render the Environment, or any portion of the Environment, unstable.  

NSI will not be responsible for the installation of any patches in environments that block or hinder the installation of these patches. If patches need to be installed manually due to the configuration of the Client’s environment, out of the direct control of NSI, then the installation of any patches will be at the Client’s expense at the hourly rates specified herein.

Backup (BDR) Services

All data transmitted over the Internet may be subject to malware and computer contaminants such as viruses, worms and trojan horses, as well as attempts by unauthorized users, such as hackers, to access or damage Client’s data. Neither NSI nor its designated affiliates will be responsible for the outcome or results of such activities.

BDR services require a reliable, always-connected internet solution. Data backup and recovery time will depend on the speed and reliability of your internet connection. Internet and telecommunications outages will prevent the BDR services from operating correctly. In addition, all computer hardware is prone to failure due to equipment malfunction, telecommunication-related issues, etc., for which we will be held harmless. Due to technology limitations, all computer hardware, including communications equipment, network servers and related equipment, has an error transaction rate that can be minimized, but not eliminated. NSI cannot and does not warrant that data corruption or loss will be avoided, and Client agrees that NSI shall be held harmless if such data corruption or loss occurs. Client is strongly advised to keep a local backup of all of stored data to mitigate against the unintentional loss of data. If the Client chooses a BDR solution other than the NSI recommended solution, then the Client agrees that NSI holds no responsibility to it’s function, availability, or effectiveness.  

Procurement

Equipment and software procured by NSI on Client’s behalf (“Procured Equipment”) may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible. By procuring equipment or software for Client, NSI does not make any warranties or representations regarding the quality, integrity, or usefulness of the Procured Equipment. Certain equipment or software, once purchased, may not be returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall be Client’s responsibility in the event that a return of the Procured Equipment is requested. NSI is not a warranty service or repair center. NSI will facilitate the return or warranty repair of Procured Equipment; however, Client understands and agrees that (i) the return or warranty repair of Procured Equipment is governed by the terms of the warranties (if any) governing the applicable Procured Equipment, for which NSI will be held harmless, and (ii) NSI is not responsible for the quantity, condition, or timely delivery of the Procured Equipment once the equipment has been tendered to the designated shipping or delivery courier.

Business Review / IT Strategic Planning Meetings

We strongly suggest that you participate in business review/strategic planning meetings as may requested by us from time to time. These meetings are intended to educate you about recommended (and potentially crucial) modifications to your IT environment, as well as to discuss your company’s present and future IT-related needs. These reviews can provide you with important insights and strategies to make your managed IT environment more efficient and secure.   You understand that by suggesting a particular service or solution, we are not endorsing any specific manufacturer or service provider.

VCTO or VCIO Services

The advice and suggestions provided us in our capacity as a virtual chief technology or information officer will be for your informational and/or educational purposes only. NSI will not hold an actual director or officer position in Client’s company, and we will neither hold nor maintain any fiduciary relationship with Client. Under no circumstances shall Client list or place NSI on Client’s corporate records or accounts.  

Sample Policies, Procedures.

From time to time, we may provide you with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”). The Sample Policies are for your informational use only, and do not constitute or comprise legal or professional advice, and the policies are not intended to be a substitute for the advice of competent counsel. You should seek the advice of competent legal counsel prior to using or distributing the Sample Policies, in part or in whole, in any transaction. We do not warrant or guarantee that the Sample Policies are complete, accurate, or suitable for your (or your customers’) specific needs, or that you will reduce or avoid liability by utilizing the Sample Policies in your (or your customers’) business operations.

Penetration Testing; Vulnerability Assessment

You understand and agree that security devices, alarms, or other security measures, both physical and virtual, may be tripped or activated during the penetration testing process, despite our efforts to avoid such occurrences. You will be solely responsible for notifying any monitoring company and all law enforcement authorities of the potential for “false alarms” due to the provision of the penetration testing services, and you agree to take all steps necessary to ensure that false alarms are not reported or treated as “real alarms” or credible threats against any person, place or property. Some alarms and advanced security measures, when activated, may cause the partial or complete shutdown of the Environment, causing substantial downtime and/or delay to your business activities. We will not be responsible for any claims, costs, fees or expenses arising or resulting from (i) any response to the penetration testing services by any monitoring company or law enforcement authorities, or (ii) the partial or complete shutdown of the Environment by any alarm or security monitoring device.  

No Third Party Scanning

Unless we authorize such activity in writing, you will not conduct any test, nor request or allow any third party to conduct any test (diagnostic or otherwise), of the security system, protocols, processes, or solutions that we implement in the managed environment (“Testing Activity”). Any services required to diagnose or remediate errors, issues, or problems arising from unauthorized Testing Activity are not covered under the Quote, and if you request us (and we elect) to perform those services, those services will be billed to you at our then-current hourly rates.

Obsolescence

If at any time any portion of the managed environment becomes outdated, obsolete, reaches the end of its useful life, or acquires “end of support” status from the applicable device’s or software’s manufacturer (“Obsolete Element”), then we may designate the device or software as “unsupported” or “non-standard” and require you to update the Obsolete Element within a reasonable time period. If you do not replace the Obsolete Element reasonably promptly, then in our discretion we may (i) continue to provide the Services to the Obsolete Element using our “best efforts” only with no warranty or requirement of remediation whatsoever regarding the operability or functionality of the Obsolete Element, or (ii) eliminate the Obsolete Element from the scope of the Services by providing written notice to you (email is sufficient for this purpose). In any event, we make no representation or warranty whatsoever regarding any Obsolete Element or the deployment, service level guarantees, or remediation activities for any Obsolete Element.  

Hosting Services

You agree that you are responsible for the actions and behaviors of your users of the Services. In addition, you agree that neither Client, nor any of your employees or designated representatives, will use the Services in a manner that violates the laws, regulations, ordinances, or other such requirements of any jurisdiction.  

In addition, Client agrees that neither it, nor any of its employees or designated representatives, will: transmit any unsolicited commercial or bulk email, will not engage in any activity known or considered to be “spamming” and carry out any “denial of service” attacks on any other website or Internet service; infringe on any copyright, trademark, patent, trade secret, or other proprietary rights of any third party; collect, attempt to collect, publicize, or otherwise disclose personally identifiable information of any person or entity without their express consent (which may be through the person or entity’s registration and/or subscription to Client’s services, in which case Client must provide a privacy policy which discloses any and all uses of information that you collect) or as otherwise required by law; or, undertake any action which is harmful or potentially harmful to NSI or its infrastructure.

Client is solely responsible for ensuring that its login information is utilized only by Client and Client’s authorized users and agents. Client’s responsibility includes ensuring the secrecy and strength of user identifications and passwords. NSI shall have no liability resulting from the unauthorized use of Client’s login information. If login information is lost, stolen, or used by unauthorized parties or if Client believes that any hosted applications or hosted data has been accessed by unauthorized parties, it is Client’s responsibility to notify NSI immediately to request the login information be reset or unauthorized access otherwise be prevented. NSI will use commercially reasonable efforts to implement such requests as soon as practicable after receipt of notice.

Licenses

If we are required to re-install or replicate any software provided by you as part of the Services, then it is your responsibility to verify that all such software is properly licensed. We reserve the right, but not the obligation, to require proof of licensing before installing, re-installing, or replicating software into the managed environment. The cost of acquiring licenses is not included in the scope of the Quote unless otherwise expressly stated therein.

VOIP – Dialing 911 (Emergency) Services

The following terms and conditions apply to your use of any VoIP service that we facilitate for you or that is provided to you by a third party provider of such service. Please note, by using VoIP services you agree to the provisions of the waiver at the end of this section. If you do not understand or do not agree with any of the terms below, you must not subscribe to, use, or rely upon any VoIP service and, instead, you must contact us immediately.

There is an important difference in how 9-1-1 (i.e., emergency) services can be dialed using a VoIP service as compared to a traditional telephone line. Calling emergency services using a VoIP service is referred to as “E911.”

Registration: You are responsible for activating the E911 dialing feature by registering the address where you will use the VoIP service. This will not be done for you, and you must take this step on your own initiative. To do this, you must log into your VoIP control panel and provide a valid physical address. If you do not take this step, then E911 services may not work correctly, or at all, using the VoIP service. Emergency service dispatchers will only send emergency personnel to a properly registered E911 service address.

Location: The address you provide in the control panel is the location to which emergency services (such as the fire department, the police department, etc.) will respond. For this reason, it is important that you correctly enter the location at which you are using the VoIP services. PO boxes are not proper addresses for registration and must not be used as your registered address. Please note, even if your account is properly registered with a correct physical address, (i) there may be a problem automatically transmitting a caller’s physical location to the emergency responders, even if the caller can reach the 911 call center, and (ii) a VoIP 911 call may go to an unstaffed call center administrative line or be routed to a call center in the wrong location. These issues are inherent to all VoIP systems and services. We will not be responsible for, and you agree to hold us harmless from, any issues, problems, incidents, damages (both bodily- and property-related), costs, expenses, and fees arising from or related to your failure to register timely and correctly your physical location information into the control panel.

Address Change(s): If you change the address used for E911 calling, the E911 services may not be available and/or may operate differently than expected. Moreover, if you do not properly and promptly register a change of address, then emergency services may be directed to the location where your services are registered and not where the emergency may be occurring. For that reason, you must register a change of address with us through the VoIP control panel no less than three (3) business days prior to your anticipated move/address change. Address changes that are provided to us with less than three (3) business days notice may cause incorrect/outdated information to be conveyed to emergency service personnel. If you are unable to provide us with at least three (3) business days notice of an address change, then you should not rely on the E911 service to provide correct physical location information to emergency service personnel. Under those circumstances, you must provide your correct physical location to emergency service dispatchers if you call them using the VoIP services.

If you do not register the VoIP service at your location and you dial 9-1-1, that call will be categorized as a “rogue 911 call.” If you are responsible for dialing a rogue 911 call, you will be charged a nonrefundable and non-disputable fee of $250/call.  

Power Loss: If you lose power or there is a disruption to power at the location where the VoIP services are used, then the E911 calling service will not function until power is restored. You should also be aware that after a power failure or disruption, you may need to reset or reconfigure the device prior to utilizing the service, including E911 dialing.

Internet Disruption: If your internet connection or broadband service is lost, suspended, terminated or disrupted, E911 calling will not function until the internet connection and/or broadband service is restored.

Account Suspension: If your account is suspended or terminated, then all E911 dialing services will not function.

Network Congestion: There may be a greater possibility of network congestion and/or reduced speed in the routing of E911 calls as compared to 911 dialing over traditional public telephone networks.

WAIVER: You hereby agree to release, indemnify, defend, and hold us and our officers, directors, representatives, agents, and any third party service provider that furnishes VoIP-related services to you, harmless from any and all claims, damages, losses, suits or actions, fines, penalties, costs and expenses (including, but not limited to, attorneys’ fees), whether suffered, made, instituted or asserted by you or by any other party or person (collectively, “Claims”) arising from or related to the VoIP services, including but not limited to any failure or outage of the VoIP services, incorrect routing or use of, or any inability to use, E911 dialing features. The foregoing waiver and release shall not apply to Claims arising from our gross negligence, recklessness, or willful misconduct.

Last Updated: February 2025