Service Descriptions - DP Tech Group

Effective October 27, 2023. These Service Descriptions supersedes and replaces all prior versions.

Schedule of Services

MANAGED SERVICES

The Services to be performed for Client by Provider are set forth in the Order. Additional Services may be added only by entering into a new Order including those Services.

Server Monitoring and Management – Provider will perform server monitoring and management including, alert monitoring and management of servers, periodic reporting and performance tuning, and prioritization of alerts to identify high-priority incidents. Provider will also perform remote remediation services as needed, and backup software monitoring and management. The Service Fee does not include major hardware / software upgrades or replacements or new server installations.

Desktop Monitoring and Management – Provider will perform desktop monitoring and management including, alert monitoring & management of desktops, prioritization of alerts to identify high-priority incidents, remote remediation services as needed, quarterly configuration backups, quarterly firmware updates as required by manufacturer, and quarterly reporting and performance tuning. The Service Fee does not include hardware replacement or new hardware installations.

Help Desk Services – Provider will provide help desk support via client portal, e-mail, and phone. Provider has the ability to remotely control desktops to support employees. Unless otherwise included in an order, all help desk services will include unlimited remote support as required.

On-site Support – Upon request and subject to the limitations identified in the Order, for Services that are within the scope of this Service Attachment, Provider will also deliver support Services on-site at your location during normal business hours. For on-site support that is not included in the Order, Client, Client will pay Provider’s then-prevailing hourly rate.

Core Security Services – Provider will include in its services monthly Microsoft patch management, antivirus software and management, and remote software installations. Core Security Services also includes new / terminated employee setup and configuration.

Problem Management Services – Provider will undertake problem management as soon as the Provider’s monitoring staff becomes aware of an incident. All incidents, with status or resolution, will be documented by posting updates to the Problem (Incident) Ticket Tracking System assigned to Client (“Problem Tickets”).

MANAGED SECURITY SERVICES

Provider, through its Third-Party Services Providers will make its best effort to ensure the security of Client’s information through third-party security software (“Security Software”). Client designates Provider as its agent to provide the Service to Client, and to enter into any thirdparty relationship to provide the Service to Client. Use of this Service is subject to the applicable Third-party Service Providers agreements regarding terms of use, which Client and Provider agree has been provided by Provider to Client. Client acknowledges that Third-Party Service Providers and their licensors own all intellectual property rights in and to the Security Software. Client will not engage in or authorize any activity that is inconsistent with such ownership. Client acknowledges and agrees to be bound by any applicable Third-Party Service Provider agreements regarding terms or use or end user licensing terms, and Client understands that any applicable agreement regarding terms of use or end user licensing is subject to change without notice.

Firewall, Anti-virus, and Intrusion Detection – Provider will install and configure of firewall traffic policies, apply updated firmware when applicable, and configure changes when needed. With respect to the firewall, Provider will include the following:

Intrusion Prevention – provides real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows.
URL Filtering – blocks known malicious sites, and delivers granular content and URL filtering tools to block inappropriate content.
Gateway Antivirus – continuously updated signatures, identify and block known spyware, viruses, trojans, worms, rogueware and blended threats – including new variants of known viruses.

Security Risk Assessment

Malware and Vulnerability Review – Using one or more tools to determine the existence of malware or vulnerabilities.
Personally Identifiable Information (“PII”) – Review practices related to PII, including location, treatment, and risk mitigation.
Report – Provider’s findings will be included in a Risk Assessment Report.

Network Discovery – generates a visual map of all nodes on your network, making it easy to see where you may be at risk.

Reputation-Based Threat Prevention – Cloud-based web reputation service that aggregates data from multiple feeds to provide real-time protection from malicious sites and botnets, while dramatically improving web processing overhead.

Spam Prevention – Real-time, continuous, and highly reliable protection from spam and phishing attempts.

Application Control – Provides the ability to allow, block, or restrict access to applications based on a user’s department, job function, and time of day.

APT Blocker – detects and stops the most sophisticated attacks including ransomware, zeroday threats, and other advanced malware designed to evade traditional network security defenses.

Data Loss Prevention – works to enforce compliance by scanning text and files to detect sensitive information attempting to exit your network, whether it is transferred via email, web, or FTP.

Threat Detection & Response – Security data collected from the firewall is correlated by enterprise-grade threat intelligence to detect, prioritize and enable immediate action against malware attack.

Intelligent Antivirus – leverages signature-less anti-malware solution that relies on artificial intelligence to automate malware discovery.

DNS Filtering – detects and blocks malicious DNS requests, redirecting users to a safe page with information to reinforce security best practices.

Anti-virus – Provider will provide and install anti-virus software of Provider’s choosing for each Device covered by the Order. While Provider will make reasonable effort to ensure Client Devices and Client’s network are safe from viruses, malware, bugs, hacking, phishing schemes or defective or malicious files, programs or links (“Harmful Content”), of any kind whether now known or hereinafter invented, Provider does not guarantee that Client computers or network cannot be infected by Harmful Content. Where this does happen, Provider will provide commercially reasonable Services to mitigate the Harmful Content. Additional Services will be available upon mutual agreement of the parties.

Remote Access – Provider will install remote access and remote monitoring and management software on Client’s Devices possibly other equipment at Client’s office. Client grants permission to Provider to install any remote access or remote monitoring and management software deemed necessary by Provider.

Client-Side DNS Filtering – Provider will acquire and will assign an appropriate number of licenses to support the deployment of client-side DNS Filtering on all laptop systems. The DNS filtering is designed to detect and block malicious DNS requests, redirecting users to a safe page with information to reinforce security best practices and to protect laptops while away from the corporate network.

Security Awareness Training & Phishing Simulations – Provider will acquire and will assign an appropriate number of licenses to support the client environment. The Service will schedule phishing campaigns to send at random times during a specified period. The campaigns are trackable and fully customizable designed to keep track of every user’s participation, making all cybersecurity education accountable and measurable.

Multi-Factor Authentication Services / Password Credential Management Services – Provider will configure two-factor authentication for compatible software applications, institute single sign-on services for compatible software applications and customized security policies and procedures. After performing a security assessment and assessing the state of Client’s existing policies and procedures pertaining to network security (if any), Provider will work with Client to prepare a new or revised set of policies and procedures that incorporate cutting edge best practices and that take advantage of the other Services delivered by Provider.

Security Operations Center – The Services include:

Advanced Malware Protection supported by Security Operations Center (SOC).
Deployment of advanced malware protection applications to all Windows based devices on customer network.
24×7 SOC service analyzes quarantined applications and files, reducing false positives.
Immediate risk identification – Provides rapid recognition of thousands of viruses and malware attack variants, including cryptomining attacks, as well as the root causes of these malicious behaviors, by quickly identifying and diagnosing corrupt source processes and system settings.
Ransomware rollback – quickly rollback files to previous safe versions through tracking changes in your devices and restoring them to an acceptable risk state.

Security Log Management – Provider will configure log sources to capture and retain information without creating excessive logging, limit user access to log files, avoid logging sensitive or protected information, secure the processes that generate logs, identify and resolve logging errors, and analyze log entries, prioritize entries, and respond to those requiring action.

Security Incident Event Management (SIEM) Services supported by SOC – Provider will deploy SIEM monitoring probes to monitor all critical network devices including; domain controller, firewalls, network switches and routers. When meeting compliance requirement deployment will include all Windows devices as well.

Incident Response – Provider will assist Client in the hours immediately following a data breach to identify the likely source of the breach and to begin formulating an appropriate response to the breach. However, any assistance with data breach-remediation efforts past the first twentyfour (24) hours following a breach – including but not limited to breach-notification planning, indepth forensic examinations of the source of a breach, and significant, post-breach systems reconfiguration – are not within the scope of this Service Attachment. If Client requests Provider’s assistance with such activities, Provider will prepare a separate Service Attachment for Project Services that will specify what the charges will be for such assistance.

CYBERSECURITY RISK ASSESSMENT (CSRA)

Comprehensive Evaluation: Our CSRA process reviews every aspect of your current IT infrastructure, identifying potential vulnerabilities and threats.
Expert Guidance: Our team of experts will not only identify vulnerabilities but also provide actionable recommendations to mitigate risks.
Custom Solutions: The CSRA enables us to design a cybersecurity plan tailored specifically for your organization, taking into account your unique needs, workflow, and objectives.
Informed Decision-making: With the comprehensive insights provided, you’ll be better equipped to make informed decisions regarding your cybersecurity strategy.
Risk Management: We not only identify the risks but also prioritize them, allowing you to manage vulnerabilities in a resource1[1]effective manner.

Network Monitoring

Monitor health of all systems
Scan systems for known Vulnerabilities on monthly basis.
System scans to identify OS security updates and patches.
System scans to identify Third party patching.
Endpoint Protection for Workstations
Remediations services billed at the defined hourly rate.

Cybersecurity Monitoring

Intrusion Detection: Monitors network and system for signs of unauthorized entry.
Alerts & Notifications: Real-time alerts for identified vulnerabilities or active threats.
Endpoint Detection & Response (EDR)
Advanced Security (SOC)
External Penetration Testing on Quarterly basis
Scans systems for known vulnerabilities on monthly basis.
Scan all systems for outstanding security updates and patches
System scans for Third party patching
Scan all third-party applications for outstanding security updates and patches
Security Awareness Training
Provide annual and micro training for all employees on an ongoing basis.
Phishing Campaigns – Provide phishing campaigns and training for all employees on a bi-weekly basis.
Backup and Disaster Recovery Monitoring – This solution will review your current Backup and Disaster Recovery Solution
Remediations services billed at standard hourly rate

Complete Cybersecurity Solution

Intrusion Detection: Monitors network and system for signs of unauthorized entry.
Alerts & Notifications: Real-time alerts for identified vulnerabilities or active threats.
Endpoint Detection & Response (EDR)
Advanced Security (SOC)
External Penetration Testing on Quarterly basis
Scans systems for known vulnerabilities on monthly basis.
Scan all systems for outstanding security updates and patches
System scans for Third party patching
Scan all third-party applications for outstanding security updates and patches
Security Awareness Training
Provide annual and micro training for all employees on an ongoing basis.
Phishing Campaigns – Provide phishing campaigns and training for all employees on a bi-weekly basis.
Password Manager
Advanced DNS Filtering
MFA for Privileged accounts on Server only
Privileged Account Management Solution
Backup and Disaster Recovery Solution
Unlimited Remote and Phone technical Support
Onsite Visits are billed at our standard hourly rate.

HIPAA Compliance Package

Portal for conducting Security Risk Assessment
Portal to keep track of all policies and procedures.
Sample Privacy and Security Policy (to be customized by the client)
HIPAA Annual Training for all employees
Conduct annual Security Risk Assessment (SRA) by client.
Intrusion Detection: Monitors network and system for signs of unauthorized entry.
Alerts & Notifications: Real-time alerts for identified vulnerabilities or active threats.
Endpoint Detection & Response (EDR)
Advanced Security (SOC)
External Penetration Testing on Quarterly basis
Scans systems for known vulnerabilities on monthly basis.
Scan all systems for outstanding security updates and patches
System scans for Third party patching
Scan all third-party applications for outstanding security updates and patches
Security Awareness Training
Provide annual and micro training for all employees on an ongoing basis.
Phishing Campaigns – Provide phishing campaigns and training for all employees on a bi-weekly basis.
Password Manager
Advanced DNS Filtering
MFA for Privileged accounts on Server only
Privileged Account Management Solution
Backup and Disaster Recovery Solution
Unlimited Remote and Phone technical Support
Onsite Visits are billed at our standard hourly rate.

DATA BACKUP AND DISASTER RECOVERY SERVICE

The Services to be performed for Client by Provider are set forth in the Order. Additional Services may be added only by entering into a separate Order including those Services.

Local Backups – Using customer provider hardware and software (backup software), backups will be performed on the basis specified in the Order. Client owns the hardware and software agents (backup software) used to perform the backups. If Client subscribes to periodic Server Maintenance, Provider will review the backups during Maintenance and notify Client of backup failures. Client will notify the Provider of any failures, and upon request, perform simple on-site tasks (e.g., powering down and rebooting hardware).

Remote Backups – Provider, through its Third-Party Service Providers will make its best effort to ensure the protection and recovery of Client’s information. Data files are backed up via a third-party client-side desktop/server software application (the “Application”), encrypted, and then sent to a storage server at third-party vendor’s data center facility. There is no local copy of the backed-up data. Data files can be restored from the cloud but the server itself cannot be recovered or “booted” in the cloud. Therefore, this service is not considered a disaster recovery solution. All data is backed up via a third-party client-side desktop/server software application (the “Application”). Provider will monitor the backups daily, notify Client of any failures, and work with third-party to resolve backup failures.

Cloud Backup – Provider, through its Third-Party Service Providers will make its best effort to ensure the protection and recovery of Client’s information. Data is backed up via a third-party client-side desktop/server application, encrypted, stored locally on a Provider-owned storage device (“Provider Owned Storage”), and then sent to a third-party owned storage server at the Third-Party Services Provider’s data center facility. Provider will monitor the status of all scheduled backup jobs, notify Client of Provider-owned storage failures and corrective actions. Provider will also provide remote administrative services of Data Backup Service as requested by Client. Offsite Backup copies will have one-year retention unless specified in Order. Upon termination of these Services, Provider will request return of the backup hardware and remove the Application from Client systems.

Disaster Recovery
Provider will work with Client to develop a comprehensive disaster-recovery plan that incorporates the Services to be delivered under this Service Attachment.

If Client experiences an event precipitating a major, multi-user loss of data, Client may notify Provider that a data loss event has occurred.

FILE BACKUP AND RECOVERY

Provider will create, monitor, and modify up to the number of file backup jobs listed in the Order. Provider will also notify Client by email of backup drive failures and corrective actions.

Upon request, Provider will remotely restore files, subject to the number of operations listed in the Order.

CLOUD SERVICES

Public Cloud – Provider will move all Client’s data to a cloud computing platform, allow Client to have access to data via virtual desktop from Client’s own devices or device provided by Provider, and manage the cloud environment for Client.

Hybrid Cloud – Provider will move some of Client’s data to a cloud computing platform, and upon Client’s request, place a server on premises at Client’s location. Any Client data being moved shall be agreed to by the parties in writing prior to moving with specific instructions as to identify which data will be moved, managed or unmanaged by Provider. Any Client data being moved or managed shall be specifically identified as to the location of the data on a particular server. Any Client data not being moved, or that is not specifically identified by Client will be considered not managed. Provider shall not be responsible for the identification, classification, or location of the data. Client is solely responsible for its data up to the outermost point of Provider’s firewall with the public internet (the “Demarcation Point”). Once data has been identified, classified, its final location determined, and moved past the Demarcation Point, Provider shall then become responsible for Client data. Provider will also manage the cloud environment for client and provide hardware that will be owned by Provider and will be licensed using an appropriate license agreement.

Private Cloud or Software Subscriptions – Provider will maintain all Client’s data on premise at Client’s location, manage the cloud environment and software subscriptions for Client, provide unmanaged cloud environment and software subscriptions for Client, and provide hardware that will be owned by Provider and will be licensed using an appropriate license agreement.

Third-Party Cloud & SaaS Vendors – Provider will provide, install, and support the Third-Party Cloud or software-as-a-service vendors listed on the Order, including but not limited to Microsoft. Client designates Provider as its agent to provide the Service to Client, and to enter into any third-party relationship to provide the Service to Client. Use of this software is subject to the applicable third-party cloud or software-as-a service vendor’s agreement regarding terms of use, which Client and Provider agree has been provided by Provider to Client. Client agrees to be bound by any applicable third-party cloud or software-as-a-service vendor’s agreements regarding terms or use or end user licensing, and Client understands that any applicable agreement regarding terms of user or end user licensing is subject to change by any Third-Party vendor or software-as-a-service provider without notice.

CYBER TRAINING SERVICES

Provider will implement and managed a managed cybersecurity awareness training platform ordered through a third party on Client’s behalf. The program features:

Enrolling all technology-facing workforce members in the program
Access to a curriculum of industry-leading cybersecurity awareness education which can be customized to meet the unique needs and regulatory requirements of Client
Management reporting and visibility into workforce participation and progress in the training
Regular campaigns to test each workforce member’s ability to recognize and effectively respond to cyberattacks which typically target individuals
Automated enrollment in remedial training for individual workforce members, when appropriate
Management reporting and visibility into workforce performance on testing campaigns
Management reporting and visibility into the improvement in workforce awareness and performance over time
Lowered risk to (Client) from cyberattacks which target unaware and untrained individuals

THESE DESCRIPTIONS ARE SUBJECT TO CHANGE ANY TIME WITHOUT NOTICE

Experience firsthand why business owners are passionate about partnering with us and why they choose to stay 10, 15, 20 years without a contract!

    
 
 
        
   Raj Ambay 
 2024-03-06
 
 
  Running a small business is challenging. But DP Tech has reduced our stress by maintaining our IT infrastructure and provided us with a superb customer service.  In addition, they are proactively monitoring and protecting our data against cyber threats which allows us more time to focus on our core business competencies.   In 30 years of business, DP Tech is one of the best decisions I have made.
  
 
       
   restore-tek cc 
 2024-02-27
 
 
  We’ve partnered with DP Tech for over twelve years. Their prompt responses and expertise have been invaluable. They tailor services for our business [Restore-Tek] and provide personal attention. Whether it’s troubleshooting software glitches, setting up new workstations, or ensuring network security, they’ve been there every step of the way.

Not every problem has an immediate solution, but that doesn’t deter them. If they don’t know how to fix an issue, they roll up their sleeves and dig deeper. They consult with their network of experts, research tirelessly, and explore every avenue until they find the right solution.

When they do find the solution, it’s not just a quick fix. They take the time to explain what went wrong, how they resolved it, and how we can prevent similar issues in the future. Their patience and clarity make all the difference.

For dependable, knowledgeable, and attentive IT support, consider DP Tech. They’ve been our trusted partners for over twelve years, and we confidently recommend their services.
  
 
       
   Vimal Madhani 
 2024-02-25
 
 
  DP Tech Group and their IT Consulting team have been an integral part of our business.  They communicate the importance of data security, technology updates, and new updates in the field to ensure my business is protected but also running very efficiently.   Their Customer support is excellent, quick to respond, patient, and very persistent to resolve any issues.   They truly care about their clients, and it shows.  DP Tech Group is really the best at what they do and I can truly attest much of my growth is because them, i truly view them as part of my team.
  
 
       
   Bob Florio 
 2024-02-21
 
 
  I've worked with both in-house and outsourced IT in my career.  DP Tech was always quick and professional in their support.  They didn't feel like an outsourced service.  They felt like an internal team, which was very helpful to us.   Bob Florio - CFO.
  
 
       
   Renee Culbertson 
 2024-02-19
 
 
  IT Support Specialist Josh D. is amazing to work with!  Very knowledgeable and professional.
  
 
       
   Milan Madhani 
 2024-02-19
 
 
  -We've been a client of DP tech for more than 17 years.

-They've been our managed service provider for over 16 years as well as our dedicated IT Department.

- They also manage our VoIP phones, internet issues, and dealing with tech vendors.

Peace of mind and assurance from day one is their hallmark.  Knowing they've got our back all these years from website development, to website hosting, monthly security updates for our website to cybersecurity and compliance concerns, we've always slept easy with DP Tech on our team.

When our server crashed, we didn't sweat one drop.  We had a disaster recovery solution implemented asap by DP tech, and we were restored within 30 minutes from our backup in the cloud.  The disaster recovery appliance team at DP Tech was outstanding. They set us up on the temporary solution as well as rebuilding our server over the weekend to avoid any downtime.

Since IT costs can be expensive, DP Tech has also worked hard to save us money by reviewing our technology services and recommended better priced solutions.

There are other providers out there, who will just take your monies, and then will forget about you.  That's not DP Tech. Working with them has made us understand that our concern for our security, technology, efficiency, and costs, is as much our concern as it is theirs.
  
 
       
   Brian Katzenbach 
 2024-02-16
 
 
  We have been with DP Tech for years. They have helped through many transitions from moving, new software, new phone systems. Everyone at the company goes above and beyond to get you the best service for the best price.
  
 
       
   Alisha Stocker 
 2024-02-15
 
 
  DP Tech has been an invaluable asset to our firm (Wall Capital Group, Inc.). We have worked with them for over 15 years. They are always quick to respond to email requests or phone calls. Everyone is friendly and knowledgable. I highly recommend Raj, Joy & the team at DP Tech!
  
 
       
   Carlene Brumfield 
 2024-02-15
 
 
  Great service and very quick to respond.
  
 
       
   Ed Mallof 
 2024-02-15
 
 
  I consider myself very fortunate to have found DP Tech Group.  They offer a very personalized IT experience.  I have worked with them for more than 15 years and would highly recommend them.  They are very responsive and take cyber security very seriously.  Everyone at DP Tech is knowledgeable and patient as they help you navigate the challenges of the digital world onsite or remotely.  If I could give out a BEST VENDOR award it would be to them!