Frequently Asked Questions
Clear answers from our FAQs to help you understand our services, compliance approach, and how we deliver secure, reliable IT solutions.
- Enhanced Security
- Regulatory Compliance
- Operational Efficiency
Ready to Protect Your Business?
Schedule Your Free Consultation Today!
Frequently Asked Questions
Clear answers to help you understand our services, compliance approach, and how we deliver secure, reliable IT solutions.
- Enhanced Security
- Regulatory Compliance
- Operational Efficiency
Ready to Protect Your Small Business?
Schedule Your Free Consultation Today!
Your Questions, Answered
We know IT, cybersecurity, and compliance can feel complex. That’s why we’ve compiled answers to the most common questions about our services, processes, and governance-first approach. Whether you’re exploring Managed IT, Co-Managed IT, GRC solutions, or data protection, you’ll find clarity here—so you can make informed decisions with confidence.
You may also schedule a consultation to get your questions answered directly from one of our experts.
Managed IT
Co-Managed IT
GRC Platform (SaaS)
Risk & Vulnerability Assessments
Data Backup & Recovery
IT Infrastructure & Networking
Microsoft 365 Cloud Solutions
Zoom Workplace, Phone & Fax
IT & Business Consulting
Pricing
Managed IT
- What’s included in your Managed IT program?
Our program covers essential IT services, advanced cybersecurity, complete data protection, and compliance support—all for a flat monthly fee. - Do you provide 24/7 monitoring?
Yes. We use enterprise-grade RMM tools for continuous monitoring, automated patching, and rapid remediation where available. - How do you handle compliance requirements?
We align your IT environment with frameworks like NIST CSF 2.0 and CIS Controls v8, and maintain audit-ready artifacts in our GRC platform. - Can you support remote and hybrid teams?
Absolutely. We secure endpoints, implement MFA, and configure VPNs and secure Microsoft 365 for safe collaboration. - Do you offer predictable pricing?
Yes—our flat-fee model eliminates surprise costs and aligns incentives around prevention.
Co-Managed IT
- Will you replace our internal IT team?
No. We complement your team by providing advanced tools, compliance expertise, and strategic guidance. - What responsibilities do you handle vs. our team?
We manage monitoring, backups, compliance documentation, and strategic planning—your team handles on-site support and business-specific apps. - Do you provide enterprise-grade tools?
Yes. You gain access to advanced RMM, backup, and security platforms without the overhead. - Can you help with compliance audits?
Yes. We provide audit-ready documentation and assist with regulator or client due diligence requests. - Is pricing flexible?
Our co-managed model uses predictable monthly fees based on shared responsibilities.
GRC Platform (SaaS)
- What does the GRC platform include?
Policy management, risk assessments, training, phishing simulations, dark web monitoring, and attestation tracking. - Do you provide guidance or just software?
We include vCIO/vCISO guidance for risk analysis, policy creation, and audit readiness. - Can we track training and policy acknowledgments?
Yes—attestation tracking is built in, with exportable reports for audits. - Does the platform support compliance frameworks?
Yes—NIST CSF 2.0, CIS v8, PCI DSS v4.x, HIPAA, FTC, FINRA, GLBA, CMMC/DFARS and other mappings are included. - Is pricing subscription-based?
Yes—predictable SaaS pricing with optional add-ons for phishing and dark web monitoring.
Risk & Vulnerability Assessments
- What does a Risk & Vulnerability Assessment include?
Our assessments combine technical vulnerability scans, policy reviews, and compliance gap analysis. We evaluate your IT environment against frameworks like NIST CSF 2.0, CIS Controls v8, HIPAA, FTC, FINRA, GLBA, PCI DSS v4.x, and CMMC/DFARS. - How often should we perform these assessments?
We recommend at least annually, or more frequently if you experience significant changes such as new systems, mergers, or regulatory updates. Quarterly vulnerability scans are ideal for high-risk environments. - Will this help with compliance audits?
Yes. We provide audit-ready artifacts including risk registers, prioritized remediation plans, and evidence aligned to regulatory frameworks—making audits and client due diligence easier. - Do you include penetration testing?
No. Our standard vulnerability assessment focuses on automated scans and configuration reviews. We do not provide penetration testing directly. However, we do have an extensive network of peers and penetration testing can be added as an optional service with one of our professional penetration testing peers for deeper validation of exploitability. - How do you deliver the results?
You’ll receive a detailed report with risk scoring, prioritized findings, and actionable remediation steps. We also provide an executive summary for leadership and can track remediation progress in your GRC platform.
Data Backup & Recovery
- What type of backups do you provide?
Full image-based backups for servers, workstations, and Microsoft 365 accounts. - How often are backups performed?
As often as every hour for servers and workstations; Microsoft 365 is backed up hourly. - Do you test backups?
Yes—appliance backups for servers and critical workstations are tested daily; direct to cloud (D2C) backups every 14 days. - Where is backup data stored?
In multi-coastal U.S. data centers for compliance and resilience. - Can you restore entire systems quickly?
Yes—instant local or cloud recovery options reduce downtime from days to hours.
IT Infrastructure & Networking
- Do you provide hardware acquisition and setup?
Yes—computers, servers, routers, switches, and Wi-Fi controllers and other devices all configured to best practices. - Can you segment networks for security?
Yes—we design VLANs and secure wired/wireless networks to reduce attack surfaces. - Do you assist with ISP selection?
Yes—we help choose the right ISP and appropriate Internet services plan and oversee installation for proper configuration. - Will you provide documentation?
Yes—network diagrams, IP/VLAN plans, and admin credentials are included. - Do you offer ongoing monitoring?
Optional—RMM and other security layers can be added for continuous oversight.
Microsoft 365 Cloud Solutions
- Do you handle licensing?
Yes—we’re a Microsoft Cloud Solution Provider (CSP) and manage all Microsoft licensing directly. - How do you secure Microsoft 365?
We implement MFA, Conditional Access, DLP policies, and Defender for Endpoint among other security baseline configurations. - Can you provide compliance dashboards?
Yes—Microsoft Compliance Manager dashboards are purchased as a separate license when needed. However, various compliance reports can be created with the base Microsoft 365 Business Standard and Premium licensing that can be exported from the Microsoft Admin Center and imported into your GRC platform if necessary. - Can you migrate from on-prem or other clouds?
Absolutely—our team handles secure migrations and governance alignment. - Is Microsoft 365 data backed up?
Yes—Exchange, SharePoint, OneDrive, and Teams are backed up hourly.
Zoom Workplace, Phone & Fax
- What does Zoom Phone include?
Cloud PBX, global PSTN coverage, BYOC options, desk phone support, and secure online fax. - Do you handle number porting?
Yes—we manage porting and BYOC migrations. - Is fax integrated?
Yes—Zoom Online Fax uses your Zoom Phone number or dedicated ported number with encryption in transit. - Do you provide training?
Yes—admin and end-user training for adoption and compliance. - Is Zoom HIPAA-ready?
Yes—with proper configuration and a BAA for eligible plans.
IT & Business Consulting
- What does your consulting cover?
Strategy, governance, process optimization, vendor risk, and audit readiness. Other resources are available, just ask. - Do you provide vCIO/vCISO services?
Yes—executive-level guidance without adding headcount. - Can you help with compliance audits?
Absolutely—we prepare artifacts and coach your team for regulator or client reviews. - Do you assist with budgeting?
Yes—lifecycle planning, cost optimization, and contract negotiation. - Is consulting project-based or ongoing?
Both—flexible engagement models to fit your needs.
Pricing
- Do you offer flat-fee pricing?
Yes. All of our core services—including Managed IT, Co-Managed IT, and GRC Platform—are delivered under a predictable flat-fee model. This eliminates surprise costs and aligns incentives around prevention, not break/fix. - Are there any hidden fees or long-term contracts?
No hidden fees. We provide transparent proposals with clearly defined scopes. Contract terms are straightforward, and we offer flexible engagement options based on your business needs. - How is pricing determined for Managed IT Services?
Pricing is based on factors such as the number of endpoints, servers, and users, as well as compliance requirements and service scope. We tailor packages to your environment while maintaining predictable monthly costs. - Do you charge extra for compliance support?
No. Compliance alignment (NIST CSF 2.0, HIPAA, FTC, FINRA, GLBA, PCI DSS, CMMC/DFARS) is built into our governance-first approach. Audit-ready documentation and GRC platform access are included in applicable service tiers. - What about project work or onboarding costs?
Onboarding is included in most service agreements. For complex projects (e.g., infrastructure refresh, migrations, etc.), we provide a separate fixed-price proposal—never hourly surprises.
Managed IT
- What’s included in your Managed IT program?
Our program covers essential IT services, advanced cybersecurity, complete data protection, and compliance support—all for a flat monthly fee. - Do you provide 24/7 monitoring?
Yes. We use enterprise-grade RMM tools for continuous monitoring, automated patching, and rapid remediation where available. - How do you handle compliance requirements?
We align your IT environment with frameworks like NIST CSF 2.0 and CIS Controls v8, and maintain audit-ready artifacts in our GRC platform. - Can you support remote and hybrid teams?
Absolutely. We secure endpoints, implement MFA, and configure VPNs and secure Microsoft 365 for safe collaboration. - Do you offer predictable pricing?
Yes—our flat-fee model eliminates surprise costs and aligns incentives around prevention.
Co-Managed IT
- Will you replace our internal IT team?
No. We complement your team by providing advanced tools, compliance expertise, and strategic guidance. - What responsibilities do you handle vs. our team?
We manage monitoring, backups, compliance documentation, and strategic planning—your team handles on-site support and business-specific apps. - Do you provide enterprise-grade tools?
Yes. You gain access to advanced RMM, backup, and security platforms without the overhead. - Can you help with compliance audits?
Yes. We provide audit-ready documentation and assist with regulator or client due diligence requests. - Is pricing flexible?
Our co-managed model uses predictable monthly fees based on shared responsibilities.
GRC Platform (SaaS)
- What does the GRC platform include?
Policy management, risk assessments, training, phishing simulations, dark web monitoring, and attestation tracking. - Do you provide guidance or just software?
We include vCIO/vCISO guidance for risk analysis, policy creation, and audit readiness. - Can we track training and policy acknowledgments?
Yes—attestation tracking is built in, with exportable reports for audits. - Does the platform support compliance frameworks?
Yes—NIST CSF 2.0, CIS v8, PCI DSS v4.x, HIPAA, FTC, FINRA, GLBA, CMMC/DFARS and other mappings are included. - Is pricing subscription-based?
Yes—predictable SaaS pricing with optional add-ons for phishing and dark web monitoring.
Risk & Vulnerability Assessments
- What does a Risk & Vulnerability Assessment include?
Our assessments combine technical vulnerability scans, policy reviews, and compliance gap analysis. We evaluate your IT environment against frameworks like NIST CSF 2.0, CIS Controls v8, HIPAA, FTC, FINRA, GLBA, PCI DSS v4.x, and CMMC/DFARS. - How often should we perform these assessments?
We recommend at least annually, or more frequently if you experience significant changes such as new systems, mergers, or regulatory updates. Quarterly vulnerability scans are ideal for high-risk environments. - Will this help with compliance audits?
Yes. We provide audit-ready artifacts including risk registers, prioritized remediation plans, and evidence aligned to regulatory frameworks—making audits and client due diligence easier. - Do you include penetration testing?
No. Our standard vulnerability assessment focuses on automated scans and configuration reviews. We do not provide penetration testing directly. However, we do have an extensive network of peers and penetration testing can be added as an optional service with one of our professional penetration testing peers for deeper validation of exploitability. - How do you deliver the results?
You’ll receive a detailed report with risk scoring, prioritized findings, and actionable remediation steps. We also provide an executive summary for leadership and can track remediation progress in your GRC platform.
Data Backup & Recovery
- What type of backups do you provide?
Full image-based backups for servers, workstations, and Microsoft 365 accounts. - How often are backups performed?
As often as every hour for servers and workstations; Microsoft 365 is backed up hourly. - Do you test backups?
Yes—appliance backups for servers and critical workstations are tested daily; direct to cloud (D2C) backups every 14 days. - Where is backup data stored?
In multi-coastal U.S. data centers for compliance and resilience. - Can you restore entire systems quickly?
Yes—instant local or cloud recovery options reduce downtime from days to hours.
IT Infrastructure & Networking
- Do you provide hardware acquisition and setup?
Yes—computers, servers, routers, switches, and Wi-Fi controllers and other devices all configured to best practices. - Can you segment networks for security?
Yes—we design VLANs and secure wired/wireless networks to reduce attack surfaces. - Do you assist with ISP selection?
Yes—we help choose the right ISP and appropriate Internet services plan and oversee installation for proper configuration. - Will you provide documentation?
Yes—network diagrams, IP/VLAN plans, and admin credentials are included. - Do you offer ongoing monitoring?
Optional—RMM and other security layers can be added for continuous oversight.
Microsoft 365 Cloud Solutions
- Do you handle licensing?
Yes—we’re a Microsoft Cloud Solution Provider (CSP) and manage all Microsoft licensing directly. - How do you secure Microsoft 365?
We implement MFA, Conditional Access, DLP policies, and Defender for Endpoint among other security baseline configurations. - Can you provide compliance dashboards?
Yes—Microsoft Compliance Manager dashboards are purchased as a separate license when needed. However, various compliance reports can be created with the base Microsoft 365 Business Standard and Premium licensing that can be exported from the Microsoft Admin Center and imported into your GRC platform if necessary. - Can you migrate from on-prem or other clouds?
Absolutely—our team handles secure migrations and governance alignment. - Is Microsoft 365 data backed up?
Yes—Exchange, SharePoint, OneDrive, and Teams are backed up hourly.
Zoom Workplace, Phone & Fax
- What does Zoom Phone include?
Cloud PBX, global PSTN coverage, BYOC options, desk phone support, and secure online fax. - Do you handle number porting?
Yes—we manage porting and BYOC migrations. - Is fax integrated?
Yes—Zoom Online Fax uses your Zoom Phone number or dedicated ported number with encryption in transit. - Do you provide training?
Yes—admin and end-user training for adoption and compliance. - Is Zoom HIPAA-ready?
Yes—with proper configuration and a BAA for eligible plans.
IT & Business Consulting
- What does your consulting cover?
Strategy, governance, process optimization, vendor risk, and audit readiness. Other resources are available, just ask. - Do you provide vCIO/vCISO services?
Yes—executive-level guidance without adding headcount. - Can you help with compliance audits?
Absolutely—we prepare artifacts and coach your team for regulator or client reviews. - Do you assist with budgeting?
Yes—lifecycle planning, cost optimization, and contract negotiation. - Is consulting project-based or ongoing?
Both—flexible engagement models to fit your needs.
Pricing
- Do you offer flat-fee pricing?
Yes. All of our core services—including Managed IT, Co-Managed IT, and GRC Platform—are delivered under a predictable flat-fee model. This eliminates surprise costs and aligns incentives around prevention, not break/fix. - Are there any hidden fees or long-term contracts?
No hidden fees. We provide transparent proposals with clearly defined scopes. Contract terms are straightforward, and we offer flexible engagement options based on your business needs. - How is pricing determined for Managed IT Services?
Pricing is based on factors such as the number of endpoints, servers, and users, as well as compliance requirements and service scope. We tailor packages to your environment while maintaining predictable monthly costs. - Do you charge extra for compliance support?
No. Compliance alignment (NIST CSF 2.0, HIPAA, FTC, FINRA, GLBA, PCI DSS, CMMC/DFARS) is built into our governance-first approach. Audit-ready documentation and GRC platform access are included in applicable service tiers. - What about project work or onboarding costs?
Onboarding is included in most service agreements. For complex projects (e.g., infrastructure refresh, migrations), we provide a separate fixed-price proposal—never hourly surprises.
📘 Small Business IT Guide — Free Download
Your Step by Step Roadmap to Secure, Reliable, and Compliant IT
Every small business deserves an IT environment that is secure, efficient, and aligned with regulatory and industry best practices.
The Small Business IT Guide is a practical, no‑nonsense resource designed to help business owners understand their risks, close critical security gaps, improve operational efficiency, and make smarter technology decisions.
This free guide includes:
✔️ The essential components of a secure small‑business IT environment
✔️ Common vulnerabilities and how to protect against them
✔️ A simple framework for aligning with NIST CSF best practices
✔️ Practical checklists for risk reduction, backup strategy, and vendor management
✔️ Advice for choosing the right IT partner
“Download Your Free Small Business IT Guide”
Your roadmap to stronger security, better compliance, and smarter IT decisions.
📘 Small Business IT Guide — Free Download
Your Step by Step Roadmap to Secure, Reliable, and Compliant IT
Every small business deserves an IT environment that is secure, efficient, and aligned with regulatory and industry best practices.
The Small Business IT Guide is a practical, no‑nonsense resource designed to help business owners understand their risks, close critical security gaps, improve operational efficiency, and make smarter technology decisions.
This free guide includes:
✔️ The essential components of a secure small‑business IT environment
✔️ Common vulnerabilities and how to protect against them
✔️ A simple framework for aligning with NIST CSF best practices
✔️ Practical checklists for risk reduction, backup strategy, and vendor management
✔️ Advice for choosing the right IT partner
“Download Your Free Small Business IT Guide”
Your roadmap to stronger security, better compliance, and smarter IT decisions.
Ready to Experience Outstanding IT Service Delivery?
Let our experts handle your cybersecurity, compliance, and technology needs while you focus on growing your business.
Partner With ITNS Consulting!
Schedule Your Free Consultation with ITNS Consulting Today!