Services Guide

Policies and procedures governing DP3 managed services

This Services Guide contains provisions that define, clarify, and govern the scope of the services described in the quote that has been provided to you (the "Quote"), as well as the policies and procedures that we follow (and to which you agree) when we provide a service to you or facilitate a service for you. If you do not agree with the terms of this Services Guide, you should not sign the Quote and you must contact us for more information.

This Services Guide is our "owner's manual" that generally describes all managed services provided or facilitated by DP3 Technologies, Inc. ("DP3," "we," "us," or "our"); however, only those services specifically described in the Quote will be facilitated and/or provided to you.

This Services Guide is governed under our Master Services Agreement ("MSA"). Capitalized terms in this Services Guide will have the same meaning as the capitalized terms in the MSA, unless otherwise indicated below.

Activities or items that are not specifically described in the Quote will be out of scope and will not be included unless otherwise agreed to by us in writing.

Please read this Services Guide carefully and keep a copy for your records.

Initial Audit / Diagnostic Services

In most cases, we will conduct an initial audit of your information technology (IT) environment to determine the readiness for, and compatibility with, our proposed ongoing managed services. This audit may be comprised of some or all the following:

  • Audit to determine general Environment readiness and functional capability
  • Review of hardware and software configurations
  • Review of current vendor service / warranty agreements for Environment hardware and software
  • Basic security vulnerability check
  • Basic backup and file recovery solution audit
  • Speed test and ISP audit
  • Print output audit
  • Office telephone vendor service audit
  • Asset inventory
  • Email and website hosting audit
  • IT support process audit

If deficiencies are discovered during the auditing process (such as outdated equipment or unlicensed software), we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of the Services and provide you with options to correct the deficiencies. Please note, unless otherwise expressly agreed by us in writing, auditing services do not include the remediation of any issues, errors, or deficiencies ("Issues"), and we cannot guarantee that all Issues will be detected during the auditing process. Issues that are discovered in the Environment after the auditing process is completed may be addressed in one or more subsequent quotes.

Onboarding Services

Onboarding is the stage during which we prepare your IT environment for the monthly managed services described in the Quote. During this phase, we will work with your Authorized Contact(s) to review the information we need to prepare the targeted environment, and we may also:

  • Uninstall any monitoring tools or other software installed by previous IT service providers ("Prior Tools")
  • Compile a full inventory of all protected servers, workstations, and laptops
  • Uninstall any previous endpoint protection and install our managed security solutions
  • Install remote support access agents on each managed device to enable remote support
  • Configure Windows and application patch management agent(s) and check for missing security updates
  • Uninstall unsafe applications or applications that are no longer necessary
  • Review current device policies (group policies or otherwise)
  • Review firewall configuration and other network infrastructure devices
  • Review status of battery backup protection on all mission critical devices
  • Review email security policies including conditional access policies
  • Review and document current server configuration and status
  • Determine existing business continuity strategy and status
  • Review password policies and update user and device passwords
  • Make recommendations for changes that should be considered to the managed environment

The duration of the onboarding process depends on many factors, many of which may be outside of our control—such as product availability/shortages, required third party vendor input, etc. As such, we can estimate, but cannot guarantee, the timing and duration of the onboarding process. We will keep you updated as the onboarding process progresses.

Ongoing / Recurring Managed Services

The table below describes all managed services provided or facilitated by DP3; however, only those services specifically described in the Quote will be facilitated and/or provided to you (collectively, the "Services"). Please review the Quote to determine which of the managed services listed below will be provided to / facilitated for you.

Backup and File Recovery

Implementation and facilitation of a backup and file recovery solution from our designated Third Party Provider.

  • 24/7 monitoring of backup system, including onsite backup appliance and offsite cloud backup repository
  • Troubleshooting and remediation of failed backup disks
  • Preventive maintenance and management of imaging software
  • Firmware and software updates of backup appliance
  • Monitoring of backup successes and failures
  • Daily recovery verification

Backup Data Security: All backed up data is encrypted in transit and at rest in 256-bit AES encryption.

Backup Retention: On-premise and cloud backups are performed daily and retained on a rolling thirty (30) day basis.

Email Threat Protection

Implementation and facilitation of a trusted email threat protection solution from our designated Third Party Provider.

  • Managed email protection from phishing, business email compromise (BEC), SPAM, and email-based malware
  • Friendly Name filters to protect against social engineering impersonation attacks
  • Protection against social engineering attacks like whaling, CEO fraud, and W-2 fraud
  • Protection against newly registered and newly observed domains
  • Protection against display name spoofing

Endpoint Antivirus & Malware Protection

Implementation and facilitation of an endpoint malware protection solution from our designated Third Party Provider.

  • Artificial intelligence and machine learning to provide comprehensive and adaptive protection
  • Detection of unauthorized behaviors of users, applications, or network servers
  • Blocking of suspicious actions before execution
  • Analyzing suspicious app activity in isolated sandboxes
  • Antivirus and malware protection for managed devices
  • Detection of advanced phishing attacks

End User Security Awareness Training

Implementation and facilitation of a security awareness training solution from an industry-leading third party solution provider.

  • Online, on-demand training videos (multi-lingual)
  • Online, on-demand quizzes to verify employee retention of training content
  • Baseline testing to assess the phish-prone percentage of users
  • Simulated phishing email campaigns designed to educate employees about security threats

Managed Detection & Response (MDR)

Implementation and facilitation of a top-tier MDR solution from our designated Third Party Provider.

  • 24x7 Managed network detection and response
  • Real time and continuous threat hunting
  • Real time threat response
  • 24x7x365 access to a security team for incident response

Remote Monitoring and Management

Software agents installed in Covered Equipment report status and IT-related events on a 24x7 basis; alerts are generated and responded to in accordance with Service Levels.

  • Capacity monitoring, alerting us to severely decreased or low disk capacity
  • Routine operating system inspection and cleansing
  • Review and installation of updates and patches for supported software

Virtual Chief Information Officer (vCIO)

Act as the main point of contact for certain business-related IT issues and concerns.

  • Assist in creation of information/data-related plans and budgets
  • Provide strategic guidance and consultation across different technologies
  • Create company-specific best standards and practices
  • Provide education and recommendations for business technologies
  • Participate in scheduled meetings to maintain goals
  • Maintain technology documentation
  • Assess and make recommendations for improving technology usage and services

Service Levels

Automated monitoring is provided on an ongoing (i.e., 24x7x365) basis. Response, repair, and/or remediation services (as applicable) will be provided only during our business hours (currently M-F, 9 AM – 6 PM Central Time, excluding legal holidays), unless otherwise specifically stated in the Quote.

Severity Level Response Time
Critical / Service Not Available
All users and functions unavailable		 Within 2 business hours
Significant Degradation
Large number of users or business critical functions affected		 Within 4 business hours
Limited Degradation
Limited number of users or functions affected		 Within 8 business hours
Small Service Degradation
Business process can continue, one user affected		 Within 2 business days
Long Term Project / Preventative Maintenance Within 4 business days

All time frames are calculated as of the time that we are notified of the applicable issue/problem by Client through our designated support portal, help desk, or by telephone.

Service Credits

Our service level target is 90% as measured over a calendar month ("Target Service Level"). If we fail to adhere to the Target Service Level and Client timely brings that failure to our attention in writing, then Client will be entitled to receive a pro-rated service credit equal to 1/30 of that calendar month's recurring service fees for each day on which the Target Service Level is missed. Under no circumstances shall credits exceed 30% of the total monthly recurring service fees under an applicable Quote.

Minimum Requirements / Exclusions

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements:

  • Server hardware must be under current warranty coverage
  • All equipment with Microsoft Windows operating systems must be running then-currently supported versions
  • All software must be genuine, licensed, and vendor- or OEM-supported
  • Server file systems and email systems must be protected by licensed and up-to-date virus protection software
  • The managed environment must have a currently licensed, vendor-supported server-based backup solution
  • All wireless data traffic in the managed environment must be securely encrypted
  • All servers must be connected to working UPS devices
  • Client must provide all software installation media and key codes in the event of a failure
  • Client must provide us with exclusive administrative privileges to the Environment

Exclusions

The following services are expressly excluded:

  • Customization of third party applications, or programming of any kind
  • Support for operating systems, applications, or hardware no longer supported by the manufacturer
  • Data/voice wiring or cabling services of any kind
  • Battery backup replacement
  • Equipment relocation
  • The cost of repairs to hardware or any supported equipment or software

Contact Information

For service requests and support:

For the complete Services Guide including all policies and procedures, please contact us directly or refer to the documentation provided with your Quote.