Statement of Services

SOS (Statement of Services)

 

This SOS (Statement of Services) contains provisions that define, clarify, and govern the services described in the quote to which it is attached (the “Quote”). If you do not agree with the terms of this SOS (Statement of Services), you should not sign the Quote, and you must contact us for more information.

This SOS (Statement of Services) is our “owner’s manual” that generally describes and governs all managed services offered and provided by Computer Networks, Inc. and/or Computer Networks of Roanoke, Inc. (“Provider”); however, only those services specifically described in the Quote will be provided to you (collectively, the “Services”). Activities or items that are not specifically described in the Quote will be out of scope and will not be provided to you unless otherwise agreed to by us in writing by accepting a Quote.

This SOS (Statement of Services) contains important provisions pertaining to the auto-renewal of the Services under your Quote, as well as fee increases that may occur from time-to-time. Please read this SOS (Statement of Services) carefully and keep a copy for your records.

 

Onboarding Services

If onboarding services are expressly provided under the Quote, then the following services will be provided to you.

  • Uninstall any monitoring tools or other software installed by previous IT consultants.
  • Compile a full inventory of all protected servers, workstations, and laptops.
  • Uninstall any previous virus protection and install our managed antivirus application.
  • Install remote support access application on each managed device to enable remote support.
  • Install and configure any other Computer Networks management software.
  • Configure patch management application and check for missing security updates.
  • Uninstall unsafe applications or applications that are no longer necessary.
  • Optimize device performance including disk cleanup, antivirus, and spyware scans.
  • Review firewall configuration and other network infrastructure devices.
  • Review status of battery backup protection on all devices.
  • Stabilize network and ensure that all devices can securely access the file server.
  • Review and document current server configuration and status.
  • Determine existing backup strategy and status; prepare backup options for consideration.
  • Review password policies and update user and device passwords.
  • As applicable, make recommendations for changes that should be considered to the managed environment.

The foregoing list is subject to change if we determine, in our discretion, that different or additional onboarding activities are required.

If deficiencies are discovered during the onboarding process, we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of our monthly managed services. Please note, unless otherwise expressly stated in the Quote, onboarding-related services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the onboarding process. Onboarding activities are evaluative and preparatory only and do not alter the MSA’s limitation of responsibility for pre-existing conditions.

Ongoing / Recurring Services

Ongoing/recurring services are services that are provided to you on an ongoing basis and, unless otherwise indicated in a Quote, are billed to you monthly, in advance. Ongoing services generally begin upon the completion of onboarding services; therefore, any delays or interruptions to the onboarding services may delay the commencement of ongoing/recurring services.

The following Services, if expressly listed in the Quote, will be provided to you.

Managed Services-User/Device
Service General Description
Antivirus/Antimalware (Operating System)for PC and Server Provides centrally managed anti-virus and anti-malware protection for covered Windows PCs and servers, including automated updates, scheduled scans, and real-time monitoring. Detected threats are quarantined or remediated where possible. This service reduces risk but does not guarantee prevention of all malware events.
Domain Filtering Applies security-based filtering to restrict your user’s access to known malicious, high-risk, or inappropriate Internet domains using reputation, category, and threat intelligence sources.
Full Disk Encryption (PC) Enables full-disk encryption on supported Windows workstations to protect data at rest in the event of loss or theft. Encryption is centrally managed and subject to hardware and operating system compatibility.
Full Disk Encryption (Server) Provides encryption of server storage volumes to protect data at rest from unauthorized access. Availability depends on operating system and hardware support.
Signature Manager Centralizes creation and management of standardized email signatures for Microsoft 365 users. Provides a controlled uniform look for all staff signatures.
Virtual CIO (vCIO) / Technology Advisory labor

 

 

 

and

 

 

Labor for Remote Monitoring and labor for Onsite Visits

 Provides advisory guidance related to the Client’s network, infrastructure, security posture, and technology roadmap as part of Managed Services. Advice is informational only and does not constitute executive authority, fiduciary responsibility, decision-making authority, or a guarantee of outcomes. Provider does not serve as an officer, director, or employee of Client.

 

Technician labor to respond to service tickets, make repairs, assist users, go onsite to make repairs and to perform any covered service.
Multi-Factor Authentication Implements multi-factor authentication requiring additional verification beyond usernames and passwords when accessing protected systems. MFA significantly reduces unauthorized access risk.
Password Management Store for user’s passwords to keep the user form developing their own solution for remembering passwords.
Patch Management

 

and

 

Remote Monitoring and Management

 Regular and consistent application of Windows and 3rd party patches, big fixes, and updates to software. Does not include Line of Business Software updates.

 

Deploys monitoring agents and network probes to observe system health, performance, and security indicators on covered equipment. Alerts are reviewed and addressed during supported hours.
Security Awareness Training Provides online security awareness training and simulated phishing exercises for designated users. Effectiveness depends on user participation.
Zero  Trust Authentication

 

 

 

and

 

Privileged Account Management (PAM)

 Implements identity-centric access controls based on user identity, device posture, and contextual signals to reduce lateral movement risk. Allows lockdown of PC/Server so that only approved programs can be installed.

 

Controls administrative access by granting time-limited, task-specific privilege elevation and revoking access automatically after use. Allows for locked down access when access is not needed.

 

 

 

Managed Services-per Network
Service General Description
Connect M365 to Rocket Configures and maintains integration between Microsoft 365 services and Security Operations Center (SOC) security monitoring systems to enable centralized alerting and security visibility.
DMARC Implements and manages Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies to reduce email spoofing and phishing and provide visibility into unauthorized sending activity.
Network Discovery Scans Performs periodic internal network scans to identify connected devices, configuration changes, and potential security weaknesses. Scans are observational and do not constitute penetration testing.
Secure Mobile Access to Network Provides encrypted remote access for programs to interact with Microsoft 365.
Security Operations Center (SOC) Provides continuous monitoring of security events using centralized log ingestion and threat intelligence correlation and escalates unresolved threats.

 

 

 

Email & Microsoft Office

Microsoft 365
Service General Description
M365 Microsoft Office 365 Business Premium

 

and

 

M365 Email Anti-Spam

 

and

 

M365 Email Encryption

 Provides Microsoft 365 Business Premium licensing, including productivity applications, collaboration services, identity management, and security features, subject to Microsoft terms.

 

 

 

Filters inbound and outbound email to reduce spam, phishing, and malicious content using reputation-based and heuristic analysis.

 

 

 

Enables message-level encryption to protect email content in transit, subject to recipient compatibility.
M365 Co-Pilot Artificial Intelligence Provides access to Microsoft Copilot AI features within supported Microsoft 365 applications. Users must review AI-generated output.
M365 CMMC Compliance-Preveil Provides secure email and file exchange controls designed to support CMMC compliance requirements. Only for Clients having CMMC requirements.
M365 Management (monthly) Provides ongoing administrative management of Microsoft 365 tenant configuration, users, licensing, and security settings.
M365 Cyber Prevention SaaS Alerts Monitors SaaS environments for indicators of compromise and suspicious behavior and initiate automated or guided response actions.

 

 

Managed Services-Hardware Maintenance
Service General Description
Hardware Maintenance

PC’s

 Provides break/fix maintenance for covered hardware, including diagnosis and repair under normal operating conditions. Repairs may include replacement with functionally equivalent components and exclude upgrades, misuse, or environmental damage.
Hardware Maintenance

Printers & Peripherals

 Provides break/fix maintenance for covered hardware, including diagnosis and repair under normal operating conditions. Repairs may include replacement with functionally equivalent components and exclude upgrades, misuse, environmental damage, and consumables.
Server Hardware Warranty

 

 Maintains manufacturer or third-party warranty coverage for eligible servers to facilitate access to replacement parts and vendor support. Coverage is subject to manufacturer lifecycle limits.

 

Backup and Disaster Recovery
Service General Description
Slide Backup SLIDE Backup & Disaster Recovery (BDR) is a business-continuity solution that protects critical data and systems by creating secure, automated backups and providing a rapid recovery path after cyberattacks, hardware failures, accidental deletion, or natural disasters. Allows for copy of down server to be stood up and used in place of down server during repairs.
PC Backup to Cloud Backs up designated workstation data to a secure cloud repository for disaster recovery purposes.
Optional Items
Service General Description
Android Device Management Provides centralized security and management for supported Android devices accessing the Client environment, including enrollment, policy enforcement, and remote security actions where supported. Device capabilities depend on manufacturer and operating system support.
Multi-Factor Authentication Token (user has no cell phone) Provides physical authentication tokens for users unable to use mobile-based MFA applications. Tokens must be safeguarded by the Client and may be subject to replacement fees. For users with no cell phone or unwilling to use their personal cell.
Onboarding Fee Fee to clean up from previous IT Vendor and to bring network into compliance with current standards set by Microsoft, Vendors, Governmental Regulatory Agencies, and other affected parties.
Secure Mobile Access to Network Provides encrypted remote access for authorized users connecting from off-site locations.
Mobile Device Management Apply security policies and management controls to support mobile devices accessing the Client environment.
Dark Web Monitoring Monitors third-party data sources for indications that Client credentials may be exposed.
Subscription Renewals Manages renewal of eligible hardware and software subscriptions to maintain vendor support eligibility.
Domain Registration & Renewal Coordination (Optional) Provides coordination assistance for domain registration, renewal, or transfer through third-party registrars. Provider does not control registrar systems, availability, or outcomes and does not assume responsibility for domain availability or renewal timing unless expressly agreed in writing.

 

 

 

Security Risk Analysis

Regulatory Compliance
Service General Description
Security Risk Analysis for Regulatory Compliance Provides a point-in-time assessment of security controls relative to applicable regulatory frameworks. The analysis is advisory in nature.
Incident Response Retainer (Optional – Priority Access) Provides optional prepaid priority access to Provider for emergency incident response services, including triage, containment guidance, and recovery coordination for security incidents. Incident Response services are not included in Managed Services and are available only if purchased under a separate written addendum or Quote. No obligation to respond exists absent such purchase.
Penetration Testing / Vulnerability Assessment (Optional – Separate SOW) Provides optional penetration testing or vulnerability assessments under a separate written Statement of Work. These services are not included in Managed Services and are not performed unless expressly purchased.

 

Covered Equipment / Hardware / Software

The Services will be applied to the equipment listed in the Quote (“Covered Hardware” or “Covered Equipment”).

The Services will also apply to the software listed in the Quote (“Supported Software”) provided, however, that all Supported Software must, at all times, be properly licensed, and under a maintenance and support agreement from the Supported Software’s manufacturer unless purchased as a perpetual license. In this SOS (Statement of Services), Covered Hardware and Supported Software will be referred to as the “Environment” or “Covered Equipment.”

Physical Locations Covered by Services

Services will be provided remotely unless, in our discretion, we determine that an onsite visit is required. Onsite visits will be scheduled in accordance with the priority assigned to the issue (below) and are subject to technician availability. Unless we agree otherwise, all onsite Services will be provided at Client’s primary office location listed in the Quote or normally staffed business remote office. Additional fees may apply for onsite visits or home visits: Please review the Service Level section below for more details.

Term; Termination

The Services will commence, and billing will begin, on the date indicated in the Quote (“Commencement Date”) and will continue through the initial term listed in the Quote (“Initial Term”). We reserve the right to delay the Commencement Date until all onboarding/transition services (if any) are completed, and all deficiencies/revisions identified in the onboarding process (if any) are addressed or remediated to Computer Networks’ satisfaction.

The Services will continue through the Initial Term until terminated as provided in the Agreement, the Quote, or as indicated in this section (the “Service Term”).

Early Termination Option: Either party may cancel any Services for any reason within the first one-hundred eighty (180) days of commencement by providing thirty (30) days advance written notice. After this period, all Service terms will be non-cancelable except For Cause or as otherwise described in the MSA.

Non-renewal requires 90 days unless otherwise specified in the Quote, as provided in the MSA.

 

Assumptions / Minimum Requirements / Exclusions

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum:

  • Server hardware must be under current warranty coverage.
  • All equipment with Microsoft Windows® operating systems must be running then-currently supported versions of such software and have all of the latest Microsoft service packs and critical updates installed.
  • All software must be genuine, licensed, and Provider-supported.
  • Server file systems and email systems (if applicable) must be protected by licensed and up-to-date virus protection software.
  • The managed environment (“Environment”) must have a currently licensed, Provider-supported server-based backup solution that can be monitored.
  • All wireless data traffic in the environment must be securely encrypted.
  • There must be an outside, public, static IP address assigned to a network device, allowing remote access.
  • All servers must be connected to working UPS devices.
  • Recovery coverage assumes data integrity of the backups or the data stored on the backup devices. We do not guarantee the integrity of the backups or the data stored on the backup devices. Server restoration will be to the point of the last successful backup.
  • Client must provide all software installation media and key codes in the event of a failure.
  • Any costs required to bring the Environment up to these minimum standards are not included in this SOS (Statement of Services).
  • Client must provide us with exclusive administrative privileges to the Environment.
  • Client must not affix or install any accessory, addition, upgrade, equipment, or device on to the firewall, server, or NAS appliances (other than electronic data) unless expressly approved in writing by us.
  • Client agrees to promptly inform Provider by logging a service call on Provider’s web site, or via telephone, of any Covered Equipment that needs repair or of any other issue affecting the operation of the managed network.
  • Client must inform Provider of any hardware changes, alterations, additions, or deletions at Client’s premises that may affect the operation of hardware that is subject to the terms of the Agreement.
  • Client understands that the addition or removal of software products may materially affect the operation of the Covered Hardware and Client must inform Provider of the addition or removal of software products even if such software is not procured from Provider.
  • Client must work with Provider via telephone while Provider is determining the problem and in the event that Provider believes that Provider is able to repair the problem via telephone or via remote connection, Client must make available necessary personnel to affect the telephone or remote connection fix.
  • Client shall take steps to ensure that neither virus, Spyware, ransomware, malicious software, or any other potentially unwanted programs, nor any other software not previously approved by Provider is loaded on any portion of the system. Extensive or repeated removal of viruses, virus related programs or Spyware shall constitute a billable service.
  • Client must maintain a “broadband” Internet connection. Provider reserves the right to require Client to increase this speed should this speed hamper Provider’s efforts to remotely support Client.
  • Client shall implement and comply with Provider’s “Best Practices” for the proper operation of a computer network, such “Best Practices” to be a combination of industry experience and published industry standards.
  • All software installed on the network shall be a valid, legal copy of the software and no support shall be provided for “bootlegged” or illegal software.
  • Client understands that data cables are necessary for the correct operation of the network and that the responsibility and costs for data cables are solely with the client.

 

Exclusions. Services that are not expressly described in the Quote will be out of scope and will not be provided to Client unless otherwise agreed, in writing, by Computer Networks. Without limiting the foregoing, the following services are expressly excluded, and if required to be performed, must be agreed upon by Computer Networks in writing:

  • Customization of third-party applications, or programming of any kind.
  • Support for operating systems, applications, or hardware no longer supported by the manufacturer.
  • Data/voice wiring or cabling services of any kind.
  • Equipment relocation or moving of Covered Equipment to any new location for any reason.
  • The cost to bring the Environment up to the Minimum Requirements (unless otherwise noted in “Scope of Services” above).
  • Add on of equipment to the environment.
  • Reconfiguration or reinstallation of software or hardware installed by others.
  • Reconfiguration of, or change to, existing Covered Equipment.
  • Improper/excessive usage of the Covered Equipment based on manufacturer’s specifications.
  • Any usage other than normal, usual, and customary usage.
  • The replacement of any missing parts that were originally part of the Covered Equipment.
  • Failure by Client to provide suitable environment such as temperature or humidity.
  • Any alterations, modifications, attachments, or additions not approved in advance by Provider.
  • Service work performed by others leading to failure of Covered Equipment.
  • The restoration of operating systems and/or software after Covered Equipment failure unless covered under the terms of the Agreement.
  • Any damage to equipment while being transported by Provider at request of Client.
  • Acts of God, electrical damage/lightning damage, fire, theft, water, abuse, misuse, or any other external forces.
  • The furnishing supplies or accessories such as toner, ribbons, ink, drums, or other consumable parts.
  • The addition of new Hardware/Software.
  • The loading, unloading, or configuration of QuickBooks.
  • Line of Business (“LOB”) applications – reasonable attempts will be made to assist Client with LOB applications, however, this Agreement does not cover regular support for LOB applications.
  • The replacement of any hardware not included in a valid Agreement.

 

Service Levels

Automated monitoring is provided on an ongoing (i.e., 24x7x365) basis; response, repair, and/or remediation services (as applicable) will be provided only during business hours unless otherwise specifically stated in the Quote. We will respond to problems, errors, or interruptions in the provision of the Services in the timeframe(s) described below. Severity levels will be determined by Computer Networks in our discretion after consulting with the Client. All remediation services will initially be attempted remotely; Computer Networks will provide onsite service only if remote remediation is ineffective and, under all circumstances, only if covered under the Service plan selected by Client.

Provided Client uses the Provider’s Internet based trouble-ticket system or the Provider’s toll-free Emergency Phone call system to log requests for service, Provider agrees to acknowledge Client’s request within 15 minutes and begin the resolution steps as quickly thereafter as possible, in no event to exceed thirty (30) minutes; nights, weekends and holidays excepted.

On-call and after-hours service is not included and therefore not a covered service. When Client logs a trouble-ticket using the Internet based trouble ticket system or leaves a phone message on the toll-free emergency phone line on a night, weekend or holiday, the parties agree that Provider’s efforts to resolve Client’s issue shall be on a best-efforts basis.

Requests for service using any means but the Internet-based trouble ticket system or the toll-free emergency phone system do not qualify for the service levels described in this document. Specifically, emails, text messages, or phone calls directly to Computer Networks’ staff do not meet the criteria for resolution under the Service Level agreement. Provider will address any correspondence, other than the Internet-based trouble-style ticket system or the toll-free emergency phone call system, on the next business day following any such communication.

 

 

 

Response Time1 Normal Business Hours

Monday – Friday, 8 AM to 5 PM

 Extended Hours2

Holidays, Non-Normal Business Hours
Ticket System Initial Remote Support

Onsite if Needed

 A technician will respond, on average, in less than 15 minutes of Client initiating a ticket in the ticketing system during Computer Networks’ normal business hours.

 

 

§ For contact initiated during the normal business hours, a technician will begin working on the issue immediately subject to technician availability.

§ If an issue is not resolved during normal business hours, it will be logged and continued the following day.

§ For contact initiated outside of normal business hours, a ticket will be logged, and work will begin on the next business day.

§ For non-critical issues where a person is required to go onsite, we will schedule an engineer for an onsite visit in accordance with the severity of the problem and, at all times, subject to technician availability.

 A technician will respond, on average, between 4 and 8 hours of Client initiating a ticket in the ticketing system, or leaving an emergency voicemail, any time, or day of week outside of Computer Networks normal business hours.

 

§ For contact initiated after normal business hours, a technician will triage the severity of the request and determine the best course of action to remediate the request. This may range from beginning working on the issue immediately, subject to technician availability, or it may mean a delay until normal business hours, or any time period in between.

§ For non-critical issues where a person is required to go onsite, we will schedule an engineer for an onsite visit in accordance with the severity of the problem and, at all times, subject to technician availability.
Phone Live Answer

and Emergency Voicemail
Email 24-48 Hours Email is not a supported method of contacting us for logging a Service Ticket.
 

1 Response time is calculated from the time that the request for help is received by us though our designated support channels. Requests received in any other manner may result in delayed or non-responses.

2 Extended Hours are not included. If Extended Hours support is provided, Client will be billed for such support at two times (2x) our then-current hourly rates, with a minimum of one (1) hour. All partial hours after the first hour are billed in fifteen (15) minute increments, with partial increments billed to the next higher increment.

 

 

* All time frames are calculated as of the time that Computer Networks is notified of the applicable issue / problem by Client through Computer Networks’ designated support portal, help desk, or by telephone at the telephone number listed in the Quote. Notifications received in any manner other than described herein may result in a delay in the provision of remediation efforts. Help desk support provided outside of our normal support hours will be billed to Client at the hourly rate of two (2) times the then current hourly service rate per hour (2 hour minimum applies).

Fees

The fees for the Services will be as indicated in the Quote.

 

Due Date. At the commencement of the contract, Client shall pay the first month’s fees in advance and the last month’s fees in advance as a deposit. Thereafter, all fees are due upon receipt of an Invoice.

Changes to Environment. Initially you will be charged the monthly fees indicated in the Quote. Thereafter, if the managed environment changes, or if the number of authorized users or devices accessing the managed environment changes, then you agree that the fees will be automatically and immediately modified to accommodate those changes.

Minimum Monthly Fees. The initial Fees indicated in Quote are the minimum monthly fees (“MMF”) that will be charged to you during the term. You agree that the amounts paid by you under the Quote will not drop below the MMF regardless of the number of users or devices to which the Services are directed or applied, unless we agree to the reduction. All MMF modifications to the amount of hardware, devices, or authorized users under the Quote (as applicable) must be in writing and accepted by both parties. MMF and adjustment timing are administered in accordance with the billing provisions of the MSA.

Increases. In addition, we reserve the right to increase our monthly recurring fees; provided, however, if an increase is more than five percent (5%) of the fees charged for the Services in the prior calendar year, then you will be provided with a sixty (60) day opportunity to terminate the Services by providing us with written notice of termination. You will be responsible for the payment of all fees that accrue up to the termination date and all pre-approved, non-mitigatable expenses that we incurred in our provision of the Services through the date of termination. Your continued acceptance or use of the Services after this sixty (60) day period will indicate your acceptance of the increased fees.

Travel Time. If onsite services are provided, we will travel up to 45 minutes from the office of the Provider entity issuing the applicable Quote to your work location(s) at no charge. Time spent traveling beyond 45 minutes (e.g., locations that are beyond 45 minutes from our office, occasions on which traffic conditions extend our drive time beyond 45 minutes one-way, etc.) will be billed to you at our then current hourly rates. In addition, you will be billed for all tolls, parking fees, and related expenses that we incur if we provide onsite services to you. Furthermore, any visits to staff homes are billable at the then prevailing rates.

Appointment Cancellations. You may cancel or reschedule any appointment with us at no charge by providing us with notice of cancellation at least one business day in advance. If we do not receive timely a notice of cancellation/re-scheduling, or if you are not present at the scheduled time or if we are otherwise denied access to your premises at a pre-scheduled appointment time, then you agree to pay us a cancellation fee equal to two (2) hours of our normal consulting time (or non-business hours consulting time, whichever is appropriate), calculated at our then-current hourly rates.

Automated Payment. You may pay your invoices by check, or by ACH, as described below. ACH. When enrolled in an ACH payment processing method, you authorize us to electronically debit your designated checking or savings account, as defined and configured by you in our payment portal, for any payments due under the Quote. This authorization will continue until otherwise terminated in writing by you. We will apply a $35.00 service charge to your account for any electronic debit that is returned unpaid due to insufficient funds or due to your bank’s electronic draft restrictions.

 

Additional Terms

Monitoring Services; Alert Services

Unless otherwise indicated in the Quote, all monitoring and alert-type services are limited to detection and notification functionalities only. Monitoring levels will be set by Computer Networks, and Client shall not modify these levels without our prior written consent.

Remediation

Unless otherwise provided in the Quote, remediation services will be provided in accordance with the recommended practices of the managed services industry. Client understands and agrees that remediation services are not intended to be, and will not be, a warranty or guarantee of the functionality of the Environment, or a service plan for the repair of any particular piece of managed hardware or software.

Configuration of Third-Party Services

Certain third-party services provided to you under this SOS (Statement of Services) may provide you with administrative access through which you could modify the configurations, features, and/or functions (“Configurations”) of those services. However, any modifications of Configurations made by you without our knowledge or authorization could disrupt the Services and/or or cause a significant increase in the fees charged for those third-party services. For that reason, we strongly advise you to refrain from changing the Configurations unless we authorize those changes. You will be responsible for paying any increased fees or costs arising from or related to changes to the Configurations.

Dark Web Monitoring

Our dark web monitoring services utilize the resources of third-party solution providers. Dark web monitoring can be a highly effective tool to reduce the risk of certain types of cybercrime; however, we do not guarantee that the dark web monitoring service will detect all actual or potential uses of your designated credentials or information.

Modification of Environment

Changes made to the Environment without our prior authorization or knowledge may have a substantial, negative impact on the provision and effectiveness of the Services and may impact the fees charged under the Quote. You agree to refrain from moving, modifying, or otherwise altering any portion of the Environment without our prior knowledge or consent. For example, you agree to refrain from adding or removing hardware from the Environment, installing applications on the Environment, or modifying the configuration or log files of the Environment without our prior knowledge or consent.

Consumables. Client shall bear the entire responsibility for the procurement of consumable items necessary for the correct and proper operation of the Covered Hardware. By way of example only, this would include, but not be limited to, toner and ribbons for printers and normally replaced parts on document scanners

Co-Managed Environment:  We will coordinate with your internal IT personnel (“Your Personnel”) as necessary to help ensure that the Services are delivered efficiently and effectively. That said, we are not responsible for the remediation of issues beyond the scope of the Quote caused by any activities undertaken by Your Personnel, such as modifications to hardware or software configurations, installation of software, firmware upgrades, etc., unless we pre-authorized those activities.

Anti-Virus; Anti-Malware

Our anti-virus / anti-malware solution will generally protect the Environment from becoming infected with new viruses and malware (“Viruses”); however, Viruses and other malicious software that exist in the Environment at the time that the security solution is implemented may not be capable of being removed without additional services, for which a charge may be incurred. We do not warrant or guarantee that all Viruses and malware will be capable of being detected, avoided, or removed, or that any data erased, corrupted, or encrypted by malware will be recoverable. In order to improve security awareness, you agree that Computer Networks or its designated third-party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.

Breach/Cyber Security Incident Recovery

Unless otherwise expressly stated in the Quote, the scope of the Services does not include the remediation and/or recovery from a Security Incident (defined below). Such services, if requested by you, will be provided on a time and materials basis under our then-current hourly labor rates. Given the varied number of possible Security Incidents, we cannot and do not warrant or guarantee (i) the amount of time required to remediate the effects of a Security Incident (or that recovery will be possible under all circumstances), or (ii) that all data impacted by the incident will be recoverable. Nothing in this SOS expands or alters the MSA’s provisions regarding billable incident response or optional retainers. For the purposes of this paragraph, a Security Incident means any unauthorized or impermissible access to or use of the Environment, or any unauthorized or impermissible disclosure of Client’s confidential information (such as user names, passwords, etc.), that (i) compromises the security or privacy of the information or applications in, or the structure or integrity of, the Environment, or (ii) prevents normal access to the Environment, or impedes or disrupts the normal functions of the Environment.

Environmental Factors

Exposure to environmental factors, such as water, heat, cold, or varying lighting conditions, may cause installed equipment to malfunction. Unless expressly stated in the Quote, we do not warrant or guarantee that installed equipment will operate error-free or in an uninterrupted manner, or that any video or audio equipment will clearly capture and/or record the details of events occurring at or near such equipment under all circumstances.

Fair Usage Policy

Our Fair Usage Policy (“FUP”) applies to all Services that are described or designated as “unlimited.” An “unlimited” service designation means that, subject to the terms of this FUP, you may use the service as reasonably necessary for you to enjoy the use and benefit of the service without incurring additional time-based or usage-based costs. However, unless expressly stated otherwise in the Quote, all unlimited services are provided during our normal business hours only and are subject to our technicians’ availabilities, which cannot always be guaranteed. In addition, we reserve the right to assign our technicians as we deem necessary to handle issues that are more urgent, critical, or pressing than the request(s) or issue(s) reported by you. Consistent with this FUP, you agree to refrain from (i) creating urgent support tickets for non-urgent or non-critical issues, (ii) requesting excessive support services that are inconsistent with normal usage patterns in the industry (e.g., requesting support in lieu of training), (iii) requesting support or services that are intended to interfere, or may likely interfere, with our ability to provide our services to our other customers.

Hosted Email

You are solely responsible for the proper use of any hosted email service provided to you (“Hosted Email”).

Hosted Email solutions are subject to acceptable use policies (“AUPs”), and your use of Hosted Email must comply with those AUPs. In all cases, you agree to refrain from uploading, posting, transmitting or distributing (or permitting any of your authorized users of the Hosted Email to upload, post, transmit or distribute) any prohibited content, which is generally content that (i) is obscene, illegal, or intended to advocate or induce the violation of any law, rule or regulation, or (ii) violates the intellectual property rights or privacy rights of any third party, or (iii) mischaracterizes you, and/or is intended to create a false identity or to otherwise attempt to mislead any person as to the identity or origin of any communication, or (iv)  interferes or disrupts the services provided by Computer Networks or the services of any third party, or (v) contains Viruses, trojan horses or any other malicious code or programs.  In addition, you must not use the Hosted Email for the purpose of sending unsolicited commercial electronic messages (“SPAM”) in violation of any federal or state law. Computer Networks reserves the right, but not the obligation, to suspend Client’s access to the Hosted Email and/or all transactions occurring under Client’s Hosted Email account(s) if Computer Networks believes, in its discretion, that Client’s email account(s) is/are being used in an improper or illegal manner.

Patch Management

We will keep all managed hardware and managed software current with critical patches and updates (“Patches”) as those Patches are released generally by the applicable manufacturers. Patches are developed by third party Providers and, on rare occasions, may make the Environment, or portions of the Environment, unstable or cause the managed equipment or software to fail to function properly even when the Patches are installed correctly. We will not be responsible for any downtime or losses arising from or related to the installation or use of any Patch. We reserve the right, but not the obligation, to refrain from installing a Patch if we are aware of technical problems caused by a Patch, or we believe that a Patch may render the Environment, or any portion of the Environment, unstable.

 Backup (BDR) Services

All data transmitted over the Internet may be subject to malware and computer contaminants such as viruses, worms, and Trojan horses, as well as attempts by unauthorized users, such as hackers, to access or damage Client’s data. Neither Computer Networks nor its designated affiliates will be responsible for the outcome or results of such activities.

BDR services require a reliable, always-connected internet solution. Data backup and recovery time will depend on the speed and reliability of your internet connection. Internet and telecommunications outages will prevent the BDR services from operating correctly. In addition, all computer hardware is prone to failure due to equipment malfunction, telecommunication-related issues, etc., for which we will be held harmless. Due to technology limitations, all computer hardware, including communications equipment, network servers and related equipment, has an error transaction rate that can be minimized, but not eliminated. Computer Networks cannot and does not warrant that data corruption or loss will be avoided, and Client agrees that Computer Networks shall be held harmless if such data corruption or loss occurs. Client is strongly advised to keep a local backup of all stored data to mitigate against the unintentional loss of data.

Procurement

Equipment and software procured by Computer Networks on Client’s behalf (“Procured Equipment”) may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible. By procuring equipment or software for Client, Computer Networks does not make any warranties or representations regarding the quality, integrity, or usefulness of the Procured Equipment. Certain equipment or software, once purchased, may not be returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall be Client’s responsibility in the event that a return of the Procured Equipment is requested. Computer Networks is not a warranty service or repair center. Computer Networks will facilitate the return or warranty repair of Procured Equipment; however, Client understands and agrees that (i) the return or warranty repair of Procured Equipment is governed by the terms of the warranties (if any) governing the applicable Procured Equipment, for which Computer Networks will be held harmless, and (ii) Computer Networks is not responsible for the quantity, condition, or timely delivery of the Procured Equipment once the equipment has been tendered to the designated shipping or delivery courier.

Business Reviews; IT Strategic Planning

Suggestions and advice rendered to Client are provided in accordance with relevant industry practices, based on Client’s specific needs and Computer Networks’ opinion and knowledge of the relevant facts and circumstances. By rendering advice, or by suggesting a particular service or solution, Computer Networks is not endorsing any particular manufacturer or service provider.

VCTO or VCIO Services

The advice and suggestions provided us in our capacity as a virtual chief technology or virtual chief information officer will be for your informational and/or educational purposes only.  Computer Networks will not hold an actual director or officer position in Client’s company, and we will neither hold nor maintain any fiduciary relationship with Client.  Under no circumstances shall Client list or place the Computer Networks on Client’s corporate records or accounts.

Sample Policies, Procedures.

From time to time, we may provide you with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”). The Sample Policies are for your informational use only, and do not constitute or comprise legal or professional advice, and the policies are not intended to be a substitute for the advice of competent counsel. You should seek the advice of competent legal counsel prior to using or distributing the Sample Policies, in part or in whole, in any transaction. We do not warrant or guarantee that the Sample Policies are complete, accurate, or suitable for your (or your customers’) specific needs, or that you will reduce or avoid liability by utilizing the Sample Policies in your (or your customers’) business operations.

Penetration Testing; Vulnerability Assessment

You understand and agree that security devices, alarms, or other security measures, both physical and virtual, may be tripped or activated during the penetration testing process, despite our efforts to avoid such occurrences. You will be solely responsible for notifying any monitoring company and all law enforcement authorities of the potential for “false alarms” due to the provision of the penetration testing services, and you agree to take all steps necessary to ensure that false alarms are not reported or treated as “real alarms” or credible threats against any person, place, or property. Some alarms and advanced security measures, when activated, may cause the partial or complete shutdown of the Environment, causing substantial downtime and/or delay to your business activities. We will not be responsible for, and will be held harmless and indemnified by you against, any claims, costs, fees or expenses arising or resulting from (i) any response to the penetration testing services by any monitoring company or law enforcement authorities, or (ii) the partial or complete shutdown of the Environment by any alarm or security monitoring device.

No Third-Party Scanning

Unless we authorize such activity in writing, you will not conduct any test, nor request or allow any third party to conduct any test (diagnostic or otherwise), of the security system, protocols, processes, or solutions that we implement in the managed environment (“Testing Activity”). Any services required to diagnose or remediate errors, issues, or problems arising from unauthorized Testing Activity is not covered under the Quote, and if you request us (and we elect) to perform those services, those services will be billed to you at our then-current hourly rates.

Domain Name Services

If you register, renew, or transfer a domain name through Computer Networks, we will submit the request to the applicable domain name services provider (the “Registrar”) on your behalf. Our sole responsibility is to submit the request to the Registrar, and we are not responsible for any errors, omissions, or failures of the Registrar. You will be the Registrant on any such services.

Obsolescence

If at any time any portion of the managed environment becomes outdated, obsolete, reaches the end of its useful life, or acquires “end of support” status from the applicable device’s or software’s manufacturer (“Obsolete Element”), then we may designate the device or software as “unsupported” or “non-standard” and require you to update the Obsolete Element within a reasonable time period. If you do not replace the Obsolete Element reasonably promptly, then in our discretion we may (i) continue to provide the Services to the Obsolete Element using our “best efforts” only with no warranty or requirement of remediation whatsoever regarding the operability or functionality of the Obsolete Element, or (ii) eliminate the Obsolete Element from the scope of the Services by providing written notice to you (email is sufficient for this purpose). In any event, we make no representation or warranty whatsoever regarding any Obsolete Element or the deployment, service level guarantees, or remediation activities for any Obsolete Element.

IP Addresses

Any IP addresses provided to Client by Computer Networks during the Service Term are managed by Computer Networks and Computer Networks will retain these IP addresses after termination of the Services, meaning that they may not be transferred or utilized by Client after termination of the Services.

Hosting Services

You agree that you are responsible for the actions and behaviors of your users of the Services. In addition, you agree that neither Client, nor any of your employees or designated representatives, will use the Services in a manner that violates the laws, regulations, ordinances, or other such requirements of any jurisdiction.

In addition, Client agrees that neither it, nor any of its employees or designated representatives, will: transmit any unsolicited commercial or bulk email, will not engage in any activity known or considered to be “spamming” and  carry out any “denial of service” attacks on any other website or Internet service; infringe on any copyright, trademark, patent, trade secret, or other proprietary rights of any third party; collect, attempt to collect, publicize, or otherwise disclose personally identifiable information of any person or entity without their express consent (which may be through the person or entity’s registration and/or subscription to Client’s services, in which case Client must provide a privacy policy which discloses any and all uses of information that you collect) or as otherwise required by law; or, undertake any action which is harmful or potentially harmful to Computer Networks or its infrastructure.

Client is solely responsible for ensuring that its login information is utilized only by Client and Client’s authorized users and agents. Client’s responsibility includes ensuring the secrecy and strength of user identifications and passwords. Computer Networks shall have no liability resulting from the unauthorized use of Client’s login information. If login information is lost, stolen, or used by unauthorized parties or if Client believes that any hosted applications or hosted data has been accessed by unauthorized parties, it is Client’s responsibility to notify Computer Networks immediately to request the login information be reset or unauthorized access otherwise be prevented. Computer Networks will use commercially reasonable efforts to implement such requests as soon as practicable after receipt of notice.

Licenses

If we are required to re-install or replicate any software provided by you as part of the Services, then it is your responsibility to verify that all such software is properly licensed. We reserve the right, but not the obligation, to require proof of licensing before installing, re-installing, or replicating software into the managed environment. The cost of acquiring licenses is not included in the scope of the Quote unless otherwise expressly stated therein.

 

Last Updated  1/1/2026

 

ALIGNMENT WITH MASTER SERVICES AGREEMENT (MSA)

This Statement of Services (SOS) is incorporated by reference into, and governed by, the Master Services Agreement (MSA). In the event of any conflict or ambiguity:

(a) the Quote controls both the MSA and SOS regarding commercial terms specific to that transaction (e.g., quantities, pricing, discounts, dates).

(b) the SOS controls over the MSA solely for technical scope, service descriptions, SLAs, FUP, exclusions, assumptions, and MMF/device/user adjustment mechanics; and

(c) in all other matters, the MSA controls. If the Quote and SOS conflict, the Quote controls.

INSURANCE (REFERENCE TO MSA)

Client and the Provider entity issuing the applicable Quote shall maintain cyber insurance consistent with the minimums stated in the MSA. Upon reasonable request, certificates of insurance shall be furnished within ten (10) business days.

ACCESS; CREDENTIAL CUSTODY; BYOD

Provider’s possession of credentials is custodial only; ownership and ultimate authority remain with Client. Provider uses least‑privilege, scope‑limited access. Unmanaged or non‑compliant personal devices (BYOD) are excluded from coverage and SLA guarantees and may void warranty claims or service credits where such devices contribute to incidents or degradations.

DECLINED SECURITY RECOMMENDATIONS, SLA EXCLUSIONS

If Client declines or materially delays Provider’s written security recommendations (e.g., enabling MFA, implementing EDR, hardening configurations, replacing unsupported systems), SLA targets, warranties, and service credits will not apply to incidents, degradations, outages, or breaches attributable in whole or in part to those declined recommendations.

DATA OWNERSHIP; PROVIDER TOOLING (NEW)

Client retains ownership of all production data and Client‑owned content. Provider retains ownership of monitoring telemetry, analytics, automation scripts, runbooks, and proprietary tooling created or deployed in delivering the Services.

INCIDENT RESPONSE RETAINER (OPTIONAL)

Client may purchase an optional prepaid Incident Response Retainer under a separate addendum to secure priority emergency engagement for out‑of‑scope incidents (forensics, containment, recovery). Retainer work is billed against the prepaid balance at Provider’s then‑current emergency rates; after‑hours minimums may apply.

MMF CLARIFICATION

The Minimum Monthly Fee (MMF) defined herein is the monthly floor for billing during the term. Upward adjustments occur automatically with Environment growth; reductions below MMF require mutual written agreement. This mechanism is cross‑referenced in the MSA for consistency.

Data Processing & HIPAA: If Provider processes personal data or ePHI, a Data Processing Addendum or Business Associate Agreement will govern such processing.

Any service, activity, capability, feature, or function referenced anywhere in this SOS that is not expressly listed in a Service table and included in the applicable Quote is not a Service and is not included.

Penetration testing and vulnerability assessments are not Services under this SOS unless expressly included in a separate written Quote or Statement of Work.

Unless expressly stated in the Quote, Provider does not provide hosting infrastructure, and any hosting services referenced herein are third-party services for which Provider does not control uptime, redundancy, availability, or performance.

This service is provided only if listed as an Optional Item in the applicable Quote and is limited to the scope described in the Optional Items table.