The following service description covers incremental details specific to the Total IT Manufacturing offering. For a full description of our overarching Managed Services covering response time expectations, implementation,
onboarding, how we provide support, limitations, and client responsibilities, please refer to the Managed Services Service Description.
1. Server backups are a required add-on service. Server backups and endpoint backups are an additional charge above per user-type pricing.
Total IT Manufacturing User Levels
End User
An end user is an individual with an active, enabled user account in the client’s Active Directory environment that is assigned to a specific human employee or contractor and used to access ITS managed services, including security, endpoint, infrastructure, and service desk support.
From an Active Directory perspective, only enabled user accounts are counted as end users. Service accounts, shared mailboxes, generic accounts, and disabled accounts are excluded unless explicitly included in the client agreement.
Email Only User
An email only user is an individual who is provisioned with a mailbox for sending and receiving email but does not have access to an individually assigned device, workstation login, or broader network resources.
Email only users receive limited ITS managed services focused on email availability and cybersecurity protections such as email security, identity protection, and awareness training. Due to the absence of an assigned device and limited system access, service desk support and endpoint management services are not included.
ITS reserves the right to reassess user classification and adjust pricing if actual service consumption exceeds the assumptions of an email only user, including repeated service desk requests, device access, or expanded system usage.
Shared Shop Floor Workstation (Device and User)
The Shared Shop Floor Workstation Device receives all the infrastructure and endpoint entitlements along with the security tools designed to protect the endpoint. Standard software and hardware along with line of business software installed on the device is supported when the shared user opens tickets.
A Shared Shop Floor Workstation User is a Total IT Manufacturing employee who accesses ITS ‑managed systems through the Shared Shop Floor Workstation Device, rather than through an individually assigned device. These users typically log in for task specific activities such as production reporting, time entry, quality checks, or access to line‑ of‑ business applications. The Shared Shop Floor Workstation User receives a stack of Cybersecurity services that supports the individual user with the assumption of an average of three Shop Floor Workstation Users per Shop Floor Workstation device.
Total IT Manufacturing – VIP Service (optional premium service)
The VIP Service within Total IT Manufacturing is designed to provide premium, white-glove IT support for key personnel, such as executive staff. This offer ensures expedited response times and priority handling of all IT-related requests for VIP key personnel. VIP Service is an additional monthly cost per identified key personnel user. Service Level Objectives are as follows:
| Type | Maximum Response Time | Description |
|---|---|---|
| Urgent Response – P2 | 30 min | A technician will respond to the request and begin working the issue. |
| High Response – P3 | 1 hour | A technician will respond to the request and begin working the issue. |
| Normal Response – P4 | 1 hour | A technician will respond to the request and begin working the issue. |
| Average Speed to Answer (ASA) | 45 seconds | Phone calls will be answered on average within 45 seconds (measured monthly). |
ITS Managed Services Platform
The managed services platform is the operational foundation behind all Total IT solutions, combining standardized tools, processes, and reporting to deliver consistent service across monitoring, maintenance, support, and security. It enables proactive management, visibility, and continuous improvement, with full details provided in the Managed Services Service Description.
24×7 Incident Management
Our 24×7 Incident Management ensures critical alerts and outages are triaged and responded to any time, day or night. Incidents are logged, prioritized by business impact, escalated as needed, and driven through resolution with clear communication until service is restored.
Strategic Advisory (SA) Services
Total IT Manufacturing clients are assigned a Strategic Advisor with industry experience. They have a better understanding of the industry’s preferred software, compliance requirements, and will work with clients on an ongoing basis. SAs offer a regular point of contact for the client. SAs will schedule quarterly Strategic Review meetings and will prepare and maintain a 5 Year Strategic Roadmap. These Strategic Advisory Services are included at no additional cost.
Technology Alignment Engineer (TAE) Services
Total IT Manufacturing clients are also assigned a TAE who will proactively identify issues in a client’s environment before they become incidents impacting users. TAEs ensure the client’s technology environment aligns with ITS recommendations based on industry standards such as NIST and CIS. The TAE works in partnership with the client’s Strategic Advisor to build
and maintain a Technology Roadmap.
Return to Top
Infrastructure Management
Note: Server Backup Service is a required service and is an additional monthly charge beyond the Total IT Manufacturing infrastructure user-based pricing. The additional charges will be based on the client’s environment and the solution contracted with ITS.
Infrastructure Monitoring & Alerting
ITS’s proactive Infrastructure Monitoring and Alerting service combines continuous surveillance with immediate notification to ensure your IT infrastructure remains secure and operational around the clock. By integrating advanced monitoring tools and real-time alert processes, we provide a comprehensive solution designed to preemptively identify and address potential issues before they impact your business.
How It Works
- Components Monitored:
- Server hardware
- Hypervisors (Hyper-V, VMware) and virtual machines
- Network firewalls, routers, switches, wireless access points
- Storage systems
- Other critical infrastructure devices as approved
- System Configuration and Alert Setup:
During the initial implementation, ITS configures monitoring tools to comprehensively track the performance, health, and security of your IT infrastructure components. - Continuous Monitoring with Real-Time Notification:
ITS monitoring systems continuously monitor the infrastructure, identifying threshold breaches, failure states, anomalies, vulnerabilities, or potential failures. - Alert Prioritization and Preemptive Actions:
Alerts are reviewed and prioritized based on their potential impact on business operations.
Patch Management
Patch Management is crucial for proactively maintaining the security and functionality of servers, storage, and networking devices. Our scheduled updates and security patches are carefully planned to minimize disruption while ensuring your systems are compliant and protected against vulnerabilities.
How It Works
- Patch Identification: Our team regularly identifies and evaluates patches for infrastructure components.
- Testing and Approval: Selected patches undergo testing in a controlled environment.
- Customization and Exclusion: Exclusion of specific patches may be necessary in some environments.
- Scheduled Deployment: Patches are scheduled during off-peak hours or maintenance windows.
- Post-Deployment Review: We review deployment results to confirm systems are functioning as expected.
Firewall Management
Firewall Management is essential for safeguarding your network by monitoring and controlling incoming and outgoing traffic based on predetermined access rules.
How It Works
- Firewall Maintenance: We update access rules tailored to your organization’s needs.
- Monitoring: Firewalls are continuously monitored for functionality and performance.
- Scheduled Updates: Firmware updates and patches are applied during maintenance windows.
- Incident Response: We provide response and remediation in the event of a detected threat.
- Post-Update Review: We confirm the firewall is operating effectively after updates.
Endpoint Management
Workstation Monitoring & Alerting
Total IT Manufacturing delivers continuous monitoring and alerting for workstations to maintain performance and identify
security issues.
How It Works
- Real-time Monitoring: We track system health, application performance, and security status in real time.
- Alert Generation: Alerts are generated and classified based on severity.
- Proactive Intervention: Critical alerts trigger immediate intervention.
Frequently Asked Questions
- What types of issues can the monitoring system detect? Hardware malfunctions, disk space issues, and software crashes.
- Will we be notified of all alerts? Notification preferences can be customized.
Workstation Patch Management
Regular updates and security patches for workstations are essential to protect against vulnerabilities and keep software up to date.
How It Works
- Patch Identification and Testing: New patches are monitored and tested.
- Scheduled Deployment: Patches are deployed during off-peak hours.
- Confirmation and Reporting: Systems are verified after deployment.
Frequently Asked Questions
- Does patching include updates and upgrades? Updates are included; upgrades are not.
- What is included in patching? Microsoft Windows updates are included. Third-party products are not.
- How often are patches applied? Usually monthly, with critical patches deployed as needed.
- Can a client opt out of certain patches? Yes, based on compatibility or business requirements.
Windows Workstation Provisioning
Provisioning involves careful setup and configuration of Windows workstations acquired via ITS for new and existing employees.
How It Works
Workstations Provisioned at the ITS Deployment Services Center (DSC):
- Procurement Initiation: Hardware and software setup is determined based on role and department.
- ITS DSC: Workstations are shipped to the center for setup and testing.
- Asset Tracking: Devices are asset tagged and recorded in ITS systems.
- Setup and Testing:
- Workstation powered on and added to ITS deployment systems
- ITS-approved Windows build installed
- Manufacturer updates applied
- Compatibility with essential business applications verified
- Transition support for existing employees receiving replacement devices
- Shipping: Devices are prepared for shipment based on requested priority.
- Delivery and Orientation: Orientation is offered after delivery.
Windows Workstations Shipped Directly to Client Site:
Devices shipped directly to the client require client involvement for initial setup to allow ITS remote access.
Subsidized Workstation Provisioning and Deployment Fees
| Remote | On Site | Please note | |
|---|---|---|---|
| Standard Hardware | $150 | $550 | The same fees apply when reprovisioning existing standard or non-standard hardware, provided it is still within its usable lifecycle. Outdated hardware that no longer meets current technology standards will not be reprovisioned. |
| Non-Standard Hardware | $400 | $700 |
Frequently Asked Questions
- Are shipping charges included in the service? No, shipping is billed separately.
- What information is needed to initiate provisioning? Employee role, software needs, special requirements, and start date.
- How long does provisioning take? Typically targeted for 1–2 days before the employee’s start date.
- Can I repurpose old equipment? No. Replaced end-of-life devices should be decommissioned.
Cybersecurity
Managed Endpoint Detection & Response (EDR)
ITS’s EDR service provides advanced cybersecurity defense mechanisms to detect and respond to cyber threats at endpoints in real time.
How It Works
| Always-On Protection | A small program is installed on each device that watches for suspicious behavior. |
| Smart Threat Detection | The system learns what normal activity looks like and flags suspicious behavior. |
| Automatic Threat Response | The system can isolate affected devices and stop harmful processes automatically. |
| Investigation Tools | Detailed timelines help IT teams understand and investigate incidents. |
| Self-Improving Security | The system gets smarter over time by learning from incidents. |
Implementation Process
- Discovery: Assess the existing security setup and identify goals.
- Setup: Configure the security software to work with the environment.
- Installation: Install monitoring software on client systems.
- Testing: Validate the system under different scenarios.
- Training: Train staff if applicable.
- Ongoing Protection: Continuously monitor and update the system.
The client must provide:
- Access to their systems
- Cooperation during installation
- Confirmation that the setup complies with relevant regulations
Frequently Asked Questions
- What is EDR? Endpoint Detection and Response is a cybersecurity technology that continuously monitors endpoints.
- How is EDR different from antivirus? It goes beyond signature-based detection with behavior and response capabilities.
- How does EDR work? It collects real-time data from endpoints and analyzes it for threats.
- Why is EDR important? It protects against advanced threats and improves incident response.
- What should I look for in an EDR solution? Visibility, detection quality, integration, scalability, and response features.
Managed Security Awareness Training (SAT)
SAT teaches users how to recognize and prevent cyber threats and helps create a human firewall for the business.
Benefits
- Meet Insurance and Compliance Requirements
- Helps fulfill regulations such as GDPR and HIPAA
- Can lower insurance premiums
- Maintains compliance needed for business partnerships
- Reduce Your Risk
- Trained employees are less likely to fall for phishing attacks
- Can significantly reduce security risks
- Even basic programs can provide strong ROI
How It Works
Phishing Testing:
- Employees receive simulated phishing emails
- Tests readiness to identify suspicious messages
- Provides immediate feedback
- Uses realistic threat scenarios
Employee Training:
- Short, interactive online courses
- Quizzes and real-world scenarios
- Topics such as phishing, passwords, browsing safety, and social engineering
Implementation Process
- Scoping: Identify who needs training and which topics to cover.
- Configuration: Set up the training platform.
- Activation: Run an initial session before full rollout.
- Documentation: Create program records.
Support Process
- Help desk support for employees with questions
- Enrollment for new hires
- Removal of departing employees
- Regular reporting on progress
Frequently Asked Questions
- What does the program include? Online lessons, phishing tests, quizzes, and reinforcement.
- How long are training sessions? Typically short and delivered through a cloud-based platform.
- How often should training occur? Annual phishing simulations and quarterly refreshers are recommended.
- What does a phishing simulation look like? It mimics real phishing without malware.
- How is success measured? Dashboards show completion, scores, click rates, and improvement trends.
Managed Email Threat Monitoring and Protection
This service monitors and helps protect the email platform and employee mailboxes from email-borne threats, including phishing, malware, spam, and signs of account compromise.
How It Works
| Email Filtering | Emails are filtered and evaluated in a sandbox before reaching users. |
| Continuous Security Monitoring | Monitors unusual account behavior such as atypical logins or forwarding rules. |
| Threat Detection | Uses filtering, sandboxing, and threat intelligence to identify emerging threats. |
| Automated Alerts | Alerts are generated when suspicious activity or threats are detected. |
| Quarantine & Alerts | Potentially dangerous emails are quarantined and users/administrators are notified. |
| User Reporting | Users are encouraged to report suspicious emails to improve overall effectiveness. |
Frequently Asked Questions
- What is Email Threat Monitoring and Protection? It is a security service that scans messages for malicious links, attachments, spoofing, and suspicious behavior.
- How does it keep my inbox safe? It automatically checks messages and blocks or quarantines suspicious content.
- What threats does it protect against?
- Phishing and spear-phishing
- Malware and ransomware attachments
- Business Email Compromise attempts
- Spoofing attacks
- What happens if a legitimate email is blocked? Users can request release and administrators can whitelist trusted senders.
Managed M365 Shield
M365 Shield is a security monitoring platform designed to protect SaaS applications by detecting and alerting on suspicious activities, unusual data access, and potential threats in real time.
How It Works
- M365 Shield monitors activity across SaaS applications to detect suspicious behavior and reduce breach risk.
- It provides real-time alerts on potential threats such as unusual login attempts or unexpected data access.
- M365 Shield strengthens compliance by offering visibility into user activity and access patterns.
Frequently Asked Questions
- What protection does it include?
- Phishing defense
- Identity monitoring
- Detection of unauthorized access
- Rapid threat response
- Email security and policy enforcement
- How does it help with compliance? It records activity and policy changes to support reporting requirements.
Dark Web Monitoring (DWM)
Dark Web Monitoring checks hidden areas of the internet to see whether important information associated with the business is being discussed or traded.
How It Works
The service scans the dark web regularly to identify signs that a client’s information may be at risk and prioritizes the most serious findings.
Frequently Asked Questions
- Does Dark Web Monitoring include remediation? No. It identifies and alerts on compromised data but does not remove it.
- Is it intended for attack prevention? It identifies data that has already been exposed or compromised.
- What data does it monitor? Emails, domains, computer addresses, and other sensitive details.
- How often are scans performed? Typically daily.
- How are alerts delivered? Alerts can be sent by email, text, or dashboard.
- Can the service remove compromised data? No. ITS can help with remediation through a separate engagement if needed.
- What should I do when I receive an alert? Review it carefully and follow the mitigation guidance.
Managed Multi-Factor Authentication (MFA)
MFA is a critical security layer that requires users to verify their identity through multiple methods.
By requiring a second verification method, MFA significantly reduces the risk of unauthorized access.
Standard Configuration Recommendation
Our standard MFA configuration recommends the following integrations. Implementation services to deploy this configuration are separate, billable professional services.
| Integration | Description |
|---|---|
| Remote Access Application | Integrates with compatible remote access applications such as VPN solutions and Microsoft Remote Desktop Gateway. |
| Microsoft 365 | Uses native Microsoft 365 MFA capabilities and typically requires a smartphone app for the second factor. |
Additional Integration Capabilities
MFA can be extended beyond Microsoft 365, VPN, and Remote Desktop Gateway to strengthen security further.
| Integration | Description |
|---|---|
| Windows Workstation | MFA can be extended to workstation logins. |
| Applications | MFA can integrate with a wide range of business applications beyond the standard configuration. |
| Windows Server | MFA can integrate with interactive Windows Server login. |
Microsoft 365 Licensing: MFA implementations for applications and servers may require Conditional Access features available in certain Microsoft licensing subscriptions. These licenses are not included in the MFA service.
Implementation Process
| 1 | Assess & Strategize | Assess the existing environment and identify integration points. |
| 2 | Finalize Scope | Define the scope and provide a statement of work. |
| 3 | Configure & Integrate | Configure MFA and complete testing. |
| 4 | Enrollment Enablement | Enable users or support self-enrollment. |
| 5 | Provide Training | Provide end-user guides and training. |
| 6 | Activate System | Roll out MFA across the organization. |
| 7 | Steady State | Provide ongoing support and updates. |
Feature List
| Comprehensive Integration Capability | Integration across cloud services, email platforms, remote access systems, applications, and workstation/server logons. |
| Flexible Authentication Options | Supports push notifications, hardware tokens, SMS codes, and voice calls. |
| Alternative Authentication Scenarios | Supports backup methods, temporary codes, passwordless access, and recovery workflows. |
| Single Sign-On (SSO) | Improves user experience by allowing one-time authentication for multiple services. |
| Delegated Admin Control | Allows role-based administrative access for managing MFA settings and users. |
| Granular Access Policies | Supports detailed policy-based access controls. |
Some items may require additional scoping and professional services to integrate.
Frequently Asked Questions
- What if I lose my phone or it breaks? ITS can help temporarily disable MFA or register a new device.
- Can I use the same authentication app for multiple accounts? Yes.
- Will MFA work if I do not have internet or cell service? Authentication apps can often generate offline codes.
- Will MFA affect productivity? MFA adds one quick verification step and is designed to be user-friendly.
- What happens in an emergency if I cannot access my verification method? ITS has procedures for temporary access after identity verification.
Managed Web & DNS Protection
Web & DNS Protection helps defend against web-based threats while controlling internet access.
Features
- Ability to enforce company Acceptable Use Policy (AUP).
- Protection from harmful and malicious websites.
- Visibility and awareness.
How It Works
- Content Filtering: Filters web traffic according to policy.
- DNS Security: Analyzes DNS requests to prevent access to suspicious domains.
- Real-time Blocking: Automatically blocks access attempts to restricted destinations.
- Custom Policies: Filtering rules can be customized.
Implementation Process
- Scoping
- Identify devices and endpoints requiring DNS protection
- Audit DNS usage
- Define authorized use and filtering categories
- Configuration
- Deploy DNS protection tooling
- Configure policies
- Roll out protection across the environment
- Monitor Implementation
- Review DNS traffic
- Adjust the configuration as needed
- Completion
- Update organization-specific DNS guidance
Service Desk
Standard Software & Hardware Support
Total IT Manufacturing Service Desk provides comprehensive assistance for widely used software applications and platforms.
Standard Software Support includes:
- Operating Systems: Windows, macOS, ChromeOS
- Productivity Tools: Microsoft Office Suite and Google Workspace
- Browsers: Microsoft Edge, Google Chrome, Mozilla Firefox
- Email Clients: Microsoft Outlook, Apple Mail, Gmail
- Collaboration Tools: Microsoft Teams, Zoom, Slack, Chat
A note regarding support for AI tools:
- Total IT Manufacturing does not include operational support of AI agents or LLMs beyond basic accessibility assistance.
Standard Hardware Support includes:
- Workstations: Desktop and laptop support for major brands
- Printers and Scanners: Support is limited to network connectivity and application printing issues
- Peripherals: Keyboards, mice, monitors, and external storage devices
How It Works
| Online Portal | A 24/7 self-service platform for logging and tracking issues. |
| Phone Support | Immediate assistance via the support hotline. |
| Email Support | For non-urgent support needs. |
Frequently Asked Questions
- Can Service Desk help with software configuration? Yes, within the supported products listed above.
- Does browser support include plug-ins? Not generally, unless specifically required for a supported line-of-business application.
- Does this replace vendor support? No. Vendor support remains necessary for patches, updates, and escalation.
- What software versions are supported? Vendor-supported versions.
- What hardware models are supported? Vendor-supported models.
- What should we expect for printer support? Support is limited to connectivity and printing issues.
- Is support different after hours? Support remains available 24/7, though prioritization may differ.
Specialized Software Support
Specialized Software Support is designed to accommodate critical line-of-business applications and custom-developed software.
Collaborative Scope Definition:
- Identification of Critical and Custom Software: Clients identify which applications require support.
- Provision of Documentation and Training: Clients provide documentation and training to the support team.
- Agreement on Support Scope: The support scope is defined jointly.
How It Works
Users can contact ITS support by portal, email, or phone for covered specialized software issues.
Ensuring Success Through Client Collaboration:
- Regular Strategy Meetings: Ongoing discussions keep support aligned with client needs.
- Feedback and Iteration: Client feedback supports continuous improvement.
Frequently Asked Questions
- Does specialized software support include updates and upgrades? No, those are project-based.
- Can ITS assist with specialized software configuration? Yes, on a project basis.
- Does this replace vendor support? No.
- What software versions are supported? Only vendor-supported versions.
Cloud Email & File Backup
The Cloud Email & File Backup service provides comprehensive protection for cloud-based user data, whether using Microsoft 365
or Google Workspace.
How It Works
- Integration with Cloud Services: Covers email, calendar, contacts, files, and collaboration content.
- Automated Backups: Backups are performed automatically.
- Secure and Compliant Storage: Data is encrypted and securely stored.
- Flexible Recovery Options: Data can be restored to original or alternate locations.
- Retention: Daily backups are retained for 90 days, then rolled up to weekly backups for the remainder of a 12-month period.
Employee Onboarding and Offboarding
Employee Onboarding and Offboarding provides streamlined processes for integrating new employees into IT systems and securely removing departing employees.
How It Works
- Notification: Clients should notify ITS as early as possible.
- New Employee Setup: ITS prepares accounts and access based on role requirements.
- Exiting Employee Process: ITS revokes access and supports transitions.
- Data Migration: ITS facilitates migration of work-related data.
- Audit and Verification: The process concludes with audit and verification.
Workstation Hardware Break/Fix
When hardware issues arise, Total IT Manufacturing includes Workstation Hardware Break/Fix to provide troubleshooting and repair support.
How It Works
- Issue Reporting: Users report hardware issues by portal, email, or hotline.
- Initial Assessment: ITS performs a remote diagnosis and verifies warranty status.
- On-site Visit or Warranty Management: Physical intervention is scheduled as needed.
- Resolution: ITS repairs or replaces faulty components as appropriate.
- Testing and User Confirmation: ITS validates that the issue is resolved.
- Support and Maintenance: ITS advises on warranty maintenance and replacement strategy.
Frequently Asked Questions
- What hardware issues are covered? A range of issues including drive failures, memory issues, motherboard problems, and power supply failures.
- Are replacement parts included? No, but ITS can help identify and acquire them.
- How quickly can a technician arrive? Typically within 24 to 48 hours depending on location and availability.
- What if a workstation cannot be fixed on-site? It may be taken to a service center for additional repair.
- How does maintaining a warranty help? It generally improves resolution time and access to manufacturer support.
- What if a device is not under warranty? ITS will make reasonable efforts to repair it and recommend replacement if needed.
- Will ITS handle the warranty claim process? Yes, for devices under warranty.
- Can ITS provide temporary workstations? Clients are encouraged to maintain spare devices for this scenario.