Privacy Policy

---

Services Guide

This Services Guide contains provisions that define, clarify, and govern the scope of the services described in the quote that has been provided to you (the “Quote”), as well as the policies and procedures that we follow (and to which you agree) when we provide a service to you or facilitate a service for you. If you do not agree with the terms of this Services Guide, you should not sign the Quote, and you must contact us for more information.

This Services Guide is our “owner’s manual” that generally describes all managed services provided or facilitated by ThinkPINK IT, LLC (“ThinkPINK,” “we,” “us,” or “our”); however, only those services specifically described in the Quote will be facilitated and/or provided to you (collectively, the “Services”).  

This Services Guide is governed under our Master Services Agreement (“MSA”). You may locate our MSA through the link in your Quote or, if you want, we will send you a copy of the MSA by email upon request. Capitalized terms in this Services Guide will have the same meaning as the capitalized terms in the MSA, unless otherwise indicated below.

Activities or items that are not specifically described in the Quote will be out of scope and will not be included unless otherwise agreed to by us in writing. 

Please read this Services Guide carefully and keep a copy for your records.

Initial Audit / Diagnostic Services

In the Initial Audit/Diagnostic phase of our services, we audit your managed information technology environment (the “Environment”) to determine the readiness for, and compatibility with, ongoing managed services. Our auditing services may be comprised of some or all of the following:

· Audit to determine general Environment readiness and functional capability

· Review of hardware and software configurations

· Review of current vendor service / warranty agreements for Environment hardware and software

· Basic security vulnerability check

· Basic backup and file recovery solution audit

· Speed test and ISP audit

· Print output audit

· Office telephone vendor service audit

· Asset inventory 

· Email and website hosting audit 

· IT support process audit

If deficiencies are discovered during the auditing process (such as outdated equipment or unlicensed software), we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of the Services and provide you with options to correct the deficiencies. Please note, unless otherwise expressly agreed by us in writing, auditing services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the auditing process. Issues that are discovered in the Environment after the auditing process is completed may be addressed in one or more subsequent quotes.

Onboarding Services

In the Onboarding phase of our services, we will prepare your IT environment for the monthly managed services described in the Quote. During this phase, we will work with your Authorized Contact(s) to review the information we need to prepare the targeted environment, and we may also: 

· Uninstall any monitoring tools or other software installed by previous IT service providers.

· Compile a full inventory of all protected servers, workstations, and laptops.

· Uninstall any previous endpoint protection and install our managed security solutions (as indicated in the Quote).

· Install remote support access agents (i.e., software agents) on each managed device to enable remote support.

· Configure Windows® and application patch management agent(s) and check for missing security updates.

· Uninstall unsafe applications or applications that are no longer necessary.

· Optimize device performance including disk cleanup and endpoint protection scans.

· Review firewall configuration and other network infrastructure devices.

· Review status of battery backup protection on all mission critical devices.

· Stabilize network and assure that all devices can securely access the file server.

· Review and document current server configuration and status.

· Determine existing business continuity strategy and status; prepare backup file recovery and incident response option for consideration.

· Review password policies and update user and device passwords.

· As applicable, make recommendations for changes that should be considered to the managed environment.

This list is subject to change if we determine, at our discretion, that different or additional onboarding activities are required.

If deficiencies are discovered during the onboarding process, we will bring those issues to your attention and discuss the impact of the deficiencies on our provision of our monthly managed services. Please note, unless otherwise expressly stated in the Quote, onboarding-related services do not include the remediation of any issues, errors, or deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the onboarding process. 

The duration of the onboarding process depends on many factors, many of which may be outside of our control—such as product availability/shortages, required third party vendor input, etc. As such, we can estimate, but cannot guarantee, the timing and duration of the onboarding process. We will keep you updated as the onboarding process progresses.

Ongoing / Recurring Services

Ongoing/recurring services are services that are provided to you or facilitated for you on an ongoing basis and, unless otherwise indicated in a Quote, are billed to you monthly. Some ongoing/recurring services will begin with the commencement of onboarding services; others will begin when the onboarding process is completed. Please direct any questions about start or “go live” dates to your account manager. 

Managed Services

SERVICES

GENERAL DESCRIPTION

Backup and File Recovery

Implementation   and facilitation of a backup and file recovery solution from our designated Third   Party Provider. 

· 24/7   monitoring of backup system, including offsite backup, offsite replication,   and an onsite backup appliance (“Backup Appliance”).

· Troubleshooting   and remediation of failed backup disks.

· Preventive   maintenance and management of imaging software.

· Firmware   and software updates of backup appliance.

· Problem   analysis by the network operations team.

· Monitoring   of backup successes and failures.

· Daily   recovery verification.

Backup   Data Security: All backed up data is encrypted in transit and at rest in 256-bit AES   encryption. All facilities housing   backed up data implement physical security controls and logs, including   security cameras, and have multiple internet connections with failover   capabilities.

Backup   Retention: Backed up data will be retained for   the periods indicated below, unless a different time period is expressly   stated in the Quote. This includes both on-premise and cloud backups.

· On-Premise Backups

All   on-premise backups will be stored on a Network Attached Storage (NAS) device,   which will be kept in a secure location with restricted access. On-premise   backups will be performed daily and retained on a rolling thirty (30) day   basis.

· Cloud Backups

All   cloud backups will be stored in a secure, off-site location that meets the   organization's security standards. Cloud backups will be performed daily and   retained on a rolling thirty (30) day basis[A1] .

Backup Alerts: Managed servers will be configured to inform of any backup failures.

Recovery of Data: If you need to recover any of your backed up data, then the following   procedures will apply:

· Service   Hours: Backed   up data can be requested during our normal business hours, which are   currently Monday – Friday 8-5.

· Request Method. Requests to restore backed up data should be made through one of the   following methods:

o Email: support@thinkpinkit.com

o Web portal: https://thinkpinkit.itclientportal.com

o Telephone: 336-553-6482

· Restoration   Time: We will   endeavor to restore backed up data as quickly as possible following our   receipt of a request to do so; however, in all cases data restoration   services are subject to (i) technician availability and (ii) confirmation   that the restoration point(s) is/are available to receive the backed up data. 

Backup Monitoring

Implementation   and facilitation of a backup monitoring solution from our designated Third   Party Provider. Features include:

· Monitoring backup status for certain backup   applications then-installed in the managed environment, such as successful   completion of backup, failure errors, and destination free space   restrictions/limitations.

· Helping ensure adequate access to Client’s data in   the event of loss of data or disruption of certain existing backup   applications.

Note: Backup monitoring is limited to   monitoring activities only and is not a backup and file recovery solution.

Block of Hours / Allocated Consulting Hours

If you   purchase one or more blocks of technical support or consulting hours from ThinkPINK,   then we will provide our professional information technology consulting   services to you from time to time on an ongoing, “on demand” basis   (“Services”).

The   specific scope, timing, term, and pricing of the Services (collectively,   “Specifications”) will be determined between you and us at the time that you   request the Services from us.

You and we   may finalize the Specifications (i) by exchanging emails confirming the   relevant terms, or (ii) by you agreeing to an invoice, purchase order, or   similar document we send to you that describes the Specifications (an   “Invoice”), or in some cases, (iii) by us performing the Services or   delivering the applicable deliverables in conformity with the   Specifications. 

If we   provide you with an email or an Invoice that contains details or terms for   the Services that are different than the terms of the Quote, then the terms   of the email or Invoice (as applicable) will control for those Services only.   

A   Service will be deemed completed upon our final delivery of the applicable   portions of Specifications unless a different completion milestone is   expressly agreed upon in the Specifications (“Service Completion”). (For example, sales of hardware will be   deemed completed when the hardware is delivered to you; licensing will be   completed when the licenses are provided to you, etc.) Any defects or   deviations from the Specifications must be pointed out to us, in writing,   within ten (10) days after the date of Service Completion. After that time, any issues or remedial   activities related to the Services will be billed to you at our then-current   hourly rates.

Unless we   agree otherwise in writing, Services will be provided only during our normal   business hours, which are currently 9 – 6 PM Eastern Time. Services provided outside of our normal   business hours are subject to increased fees and technician availability and   require your and our mutual consent to implement. 

The   priority given to implementing the Services will be determined at our   reasonable discretion, considering any milestones or deadlines expressly   agreed upon in an invoice or email from ThinkPINK. If no specific milestone or deadline is   agreed upon, then the Services will be performed in accordance with your   needs, the specific requirements of the job(s), and technician availability.

Dark Web Monitoring

Implementation   and facilitation of a Dark Web Monitoring solution from our designated Third   Party Provider. 

Credentials   supplied by Client will be added into a system that continuously uses human   and machine-powered monitoring to determine if the supplied credentials are   located on the dark web. 

If   compromised credentials are found, they are reported to Help Desk Services   staff who will review the incident and notify affected end-users.

Dark   web monitoring can be a highly effective tool to reduce the risk of certain   types of cybercrime; however, we do not guarantee that the dark web   monitoring service will detect all actual or potential uses of your   designated credentials or information. 

Email Threat Protection

Implementation   and facilitation of a trusted email threat protection solution from our designated   Third Party Provider. 

· Managed email protection from   phishing, business email compromise (BEC), SPAM, and email-based malware.

· Friendly Name filters to protect   against social engineering impersonation attacks on managed devices.

· Protection against social   engineering attacks like whaling, CEO fraud, business email compromise or W-2   fraud.

· Protects against newly registered   and newly observed domains to catch the first email from a newly registered   domain.

· Protects against display name   spoofing.

· Protects against “looks like” and   “sounds like” versions of domain names.

Please   see Anti-Virus; Anti-Malware and Breach   / Cyber Security Incident Recovery sections below for important   details.

All   hosted email is subject to the terms of our Hosted Email   Policy and our Acceptable   Use Policy.

Endpoint Antivirus & Malware Protection

Implementation   and facilitation of an endpoint malware protection solution from our designated   Third Party Provider. 

· Artificial   intelligence and machine learning to provide a comprehensive and adaptive   protection paradigm to managed endpoints.

· Detection   of unauthorized behaviors of users, applications, or network servers.

· Blocking   of suspicious actions before execution.

· Analyzing   suspicious app activity in isolated sandboxes.

· Antivirus   and malware protection for managed devices such as laptops, desktops, and   servers.

· Protection   against file-based and fileless scripts, as well as malicious JavaScript,   VBScript, PowerShell, macros and more.

· Whitelisting   for legitimate scripts.

· Blocking   of unwanted web content.

· Detection   of advanced phishing attacks.

· Detection   / prevention of content from IP addresses with low reputation.

*   Please see Anti-Virus; Anti-Malware and Breach   / Cyber Security Incident Recovery sections below for important   details.

Extended Detection & Response (XDR)

Implementation   and facilitation of an endpoint malware protection solution with extended   functionalities from our designated Third Party Provider. 

· Automated correlation of data across multiple security   layers*—email, endpoint, server, cloud workload, and the managed network,   enabling faster threat detection.

· Provides extended malware sweeping, hunting, and   investigation.

· Allows whitelisting for legitimate scripts.

· Next-generation   deep learning malware detection, file scanning, and live protection for workstation   operating system.

· Web   access security and control, application security and control, intrusion   prevention system.

· Data   loss prevention, exploit prevention, malicious traffic detection, disk and   boot record protection.

· Managed   detection, root cause analysis, deep learning malware analysis, and live   response.

· On-demand   endpoint isolation, advanced threat intelligence, and forensic data export.

* Requires at least two layers (e.g., endpoint,   email, network, servers, and/or cloud workload.) 

Please see Anti-Virus;   Anti-Malware and Breach   / Cyber Security Incident Recovery sections below for important   details.

End User   Security Awareness Training

Implementation   and facilitation of a security awareness training solution from an   industry-leading third party solution provider. 

[A2] 

· Online,   on-demand training videos (multi-lingual).

· Online,   on-demand quizzes to verify employee retention of training content.

· Baseline   testing to assess the phish-prone percentage of users; simulated phishing   email campaigns designed to educate employees about security threats.

Please see Anti-Virus;   Anti-Malware and Breach   / Cyber Security Incident Recovery sections below for important   details.

Firewall as a Service 

(firewall appliance   provided by ThinkPINK)

· Provide a firewall configured for   your organization’s specific bandwidth, remote access, and user needs. 

· Helps to prevent hackers from   accessing internal network(s) from outside the network(s), while providing   secure and encrypted remote network access; provides antivirus scanning for   all traffic entering and leaving the managed network; provides website   content filtering functionality.

· Firewall appliance is subject to   “Hardware as a Service” terms and conditions located in this Guide.

· Firewall appliance must be returned   to ThinkPINK upon the termination of service. Client will be responsible for   missing or damaged (normal wear and tear excepted) appliance.

Firewall Solution

(firewall appliance   provided / purchased by Client)

· Monitors, updates (software/firmware),   and supports Client-supplied firewall appliance.

· Helps to prevent hackers from   accessing internal network(s) from outside the network(s), while providing   secure and encrypted remote network access; provides antivirus scanning for   all traffic entering and leaving the managed network; provides website   content filtering functionality.

Hardware as a Service (HaaS)

 

The   provisions and descriptions below apply to all hardware, devices, and   accessories that are provided to you on a “hardware as a service” basis.

· Scope.   Provision and deployment of hardware and devices listed in the Quote or other   applicable schedule (“HaaS Equipment”).

· Deployment.   We will deploy the HaaS Equipment within the timeframe stated in the Quote, provided   that you promptly provide all information that we reasonably request from you   to complete deployment.  This deployment guaranty does not apply to any   software, other managed services, or hardware devices other than the HaaS   Equipment. In addition, this deployment time frame may be extended as   necessary to accommodate delays that are outside of our reasonable control,   such as embargoes, labor or supply chain shortages, or other force majeure   events.

· Delayed Deployment.   If you wish to delay the deployment of the HaaS Equipment, then you may do so   if you give us written notice of your election to delay no later than five   (5) days following the date you sign the Quote.  Deployment shall not   extend beyond two (2) months following the date on which you sign the   Quote. You will be charged at the rate   of fifty percent (50%) of the monthly recurring fees for the HaaS-related   services during the period of delay.  Following deployment, we will   charge you the full monthly recurring fee (plus other usage fees as   applicable) for the full term indicated in the Quote.

· Repair/replacement of HaaS Equipment.   ThinkPINK will endeavor to repair or replace HaaS Equipment within five (5)   business days following the business day on which the applicable problem is   identified by, or reported to, ThinkPINK and has been determined by ThinkPINK   to be incapable of being remediated remotely. 

This   warranty does not include the time required to rebuild your system, such as   the time required to configure a replacement device, rebuild a RAID array,   reload the operating system, reload and configure applications, and/or   restore from backup (if necessary). 

· Technical Support for HaaS Equipment.   We will provide technical support for HaaS Equipment in accordance with the Service Levels listed in this Services Guide.

· Usage.   You will use all HaaS Equipment for your internal business purposes only. You shall not sublease, sublicense, rent or   otherwise make the HaaS Equipment available to any third party without our   prior written consent. You agree to   refrain from using the HaaS Equipment in a manner that unreasonably or   materially interferes with our other hosted equipment or hardware, or in a   manner that disrupts or that is likely to disrupt the services that we   provide to our other clientele. We   reserve the right to throttle or suspend your access and/or use of the HaaS   Equipment if we believe, in our sole but reasonable judgment, that your use   of the HaaS Equipment violates the terms of the Quote, this Services Guide,   or the Agreement.

· Return of HaaS Equipment.   Unless we expressly direct you to do so, you shall not remove or disable, or   attempt to remove or disable, any software agents installed in the HaaS   Equipment. Doing so could result in   network vulnerabilities and/or the continuation of license fees for the   software agents for which you will be responsible, and/or the requirement   that we remediate the situation at our then-current hourly rates, for which   you will also be responsible. Within   ten (10) days after the termination of HaaS-related Services, Client will   provide ThinkPINK access to the premises at which the HaaS Equipment is   located so that all such equipment may be retrieved and removed by us. If you fail to provide us with timely   access to the HaaS Equipment or if the equipment is returned damaged (normal   wear and tear excepted), then we will have the right to charge you, and you   hereby agree to pay, the replacement value of all such unreturned or damaged   equipment.

Labor for New / Replacement Workstations

Includes all labor charges for setup   of new workstations, or replacement of existing workstations. 

· Labor covers:

o New   computers / additional computers added during the term of the Quote;

o Replacement   of existing computers that are four (4) or more years old (as determined by   the manufacturer’s serial number records);

o Replacement   of existing computers that lost/stolen or irreparably damaged and/or out of   warranty but not yet four years old;

o Operating   systems upgrades – subject to hardware compatibility.

The following restrictions apply:

· Upgrades or installs of new or   replacement computers are limited to four (4) devices per month unless otherwise   approved in advance by ThinkPINK;

· This service is not available for   used or remanufactured computers; and,

· New/replacement computers must be   business-grade machines (not home) from a major manufacturer like Dell, HPE,   or Lenovo.

Managed Detection & Response (MDR)

Implementation   and facilitation of a top-tier MDR solution from our designated Third Party   Provider. 

· 24x7 Managed network detection and   response.

· Real time and continuous (24x7)   monitoring and threat hunting.

· Real time threat response.

· Alerts handled in accordance with   our Service response times, below.

· Security reports, such as privileged   activities, security events, and network reports, are available upon request.

· 24x7x365 access to a security team   for incident response*

* Remediation   services provided on a time and materials basis. Please see Anti-Virus;   Anti-Malware and Breach   / Cyber Security Incident Recovery sections below for important   details. 

NIST Risk Assessment

Perform a cybersecurity assessment   under NIST CSF using the NIST Risk Management Framework & NIST 800-53.

· Identifies how Client currently   assesses, mitigates, and tracks its cybersecurity requirements[A3] .

· Identifies authorized and   unauthorized devices in the managed network.

· Identifies gaps or deficiencies in   the Client’s operations that would prevent compliance under NIST CSF.

The assessment will cover the   following five core areas of the NIST framework:

The results of the assessment will   be provided in a report that will identify detected risks and your   organization’s current maturity levels (i.e., indicators that   represent the level of capabilities within your organization’s security   program) and will propose actionable activities to help increase relevant   maturity levels and augment your organization’s security posture. 

Please Note:   This service is limited to an assessment/audit only. Remediation of   issues discovered during the assessment, as well as additional solutions   required to bring your managed environment into compliance, are not part of   this service. After the audit is   complete, we will discuss the results with you to determine what steps, if   any, are needed to bring your organization into full compliance.

Password Manager

Implementation   and facilitation of a password management protection solution from our designated   Third Party Provider. 

· Password Vault:   Securely store and organize passwords in a secure digital location accessed   through your browser or an app.

· Password Generation:   Generate secure passwords with editable options to meet specific criteria.

· Financial Information Vault:   Securely store and organize financial information such as bank accounts and   credit card information in a secure digital location accessed through your   browser or an app.

· Contact Information Vault:   Store private addresses and personal contact information within your vault   accessed through your browser or an app.

· Browser App:   Browser extension permits easy access to your information including the   vaults, financial information, contact information, and single sign-on   through the app. 

· Smart-Phone App: Mobile phone app enables access to your   vault and stored information on your mobile device.

Penetration (Pen) Testing

Penetration   testing (or “pen” testing) simulates a cyberattack against your IT   infrastructure to identify exploitable vulnerabilities. Unlike ongoing   vulnerability scanning services that provide a constant, static level of   network scanning, pen testing may involve several stages of reconnaissance   and actual attack methodologies (such as brute force attacks and/or SQL   injection attacks) and may include unconventional and targeted attacks that   occur during business and non-business hours. Pen testing may consist of any   of the following:

External   Pen Testing: exposes vulnerabilities in your internet-facing   systems, networks, firewalls, devices, and/or web applications that could   lead to unauthorized access.

Internal   Pen Testing: Validates the effort required for an attacker to   overcome and exploit your internal security infrastructure after access is   gained.

PCI   Pen Testing: Using the goals set by the PCI Security Standards   Council, this test involves both external and internal pen testing   methodologies.

Web   App Pen Testing: Application   security testing using attempted infiltration through a website or web   application utilizing PTES and the OWASP standard testing checklist. 

Please see additional terms   for Penetration Testing below.

Remote Helpdesk 

· Remote support provided during normal business   hours for managed devices and covered software

· Tiered-level   support provides a smooth escalation process and helps to ensure effective   solutions.

Remote Infrastructure Maintenance & Support

· Configuration,   monitoring, and preventative maintenance services provided for the managed IT   infrastructure

· If remote efforts are unsuccessful, then ThinkPINK   will dispatch a technician to the Client’s premises to resolve covered   incidents (timing of onsite support is subject to technician availability and   scheduling)

Remote Monitoring and Management

Software   agents installed in Covered Equipment (defined below) report status and   IT-related events on a 24x7 basis; alerts are generated and responded to in   accordance with the Service Levels described below. 

· Includes capacity monitoring, alerting us to   severely decreased or low disk capacity (covers standard fixed HDD   partitions, not external devices such as USB or mapped drives)

· Includes routine operating system inspection and   cleansing to help ensure that disk space is increased before space-related   issues occur.

· Review and installation of updates and patches for   supported software.

In addition   to the above, our remote monitoring and management service will be provided   as follows: 

Event

Server

Workstation

Hardware Failures

Yes

No

Device Offline

Yes

No

Failed/Missing Backup

Yes[A4] [A5] 

No

Failed/Missing Updates

Yes

Yes

Low Disk Space

Yes

No

Agent missing/misconfigured

Yes

Yes

Excessive Uptime

Yes

No

Automatic Reboots (weekly)

No

Yes

Security Incident & Event Monitoring (SIEM[A6] )

Implementation   and facilitation of an industry leading SIEM solution from our designated Third   Party Provider. 

The SIEM service utilizes   threat intelligence to detect threats that can exploit potential   vulnerabilities against your managed network.

Ø Initial Assessment. Prior   to implementing the SIEM service, we will perform an initial assessment of   the managed network at your premises to define the scope of the   devices/network to be monitored (the “Initial Assessment”). 

Ø Monitoring. The SIEM service detects  threats from external facing attacks as well as potential insider threats and   attacks occurring inside the monitored network. Threats are correlated   against known baselines to determine the severity of the attack. 

· Alerts & Analysis. Threats are reviewed and   analyzed by third-party human analysts to determine true/false positive   dispositions and actionability. If it is   determined that the threat was generated from an actual security-related or   operationally deviating event (an “Event”), then you will be notified of that   Event. 

Events are   triggered when conditions on the monitored system meet or exceed predefined   criteria (the “Criteria”). Since the Criteria are established and optimized   over time, the first thirty (30) days after deployment of the SIEM services   will be used to identify a baseline of the Client’s environment and user   behavior. During this initial thirty   (30) day period, Client may experience some “false positives” or,   alternatively, during this period not all anomalous activities may be   detected. 

Note:   The SIEM service is a monitoring and alert-based system only; remediation of   detected or actual threats are not within the scope of this service and may   require Client to retain ThinkPINK’s services on a time and materials basis.

Server Monitoring & Maintenance

As part of   our RMM service, we will monitor and maintain managed servers as follows:

· Software agents installed in covered   servers report status and IT-related events on a 24x7 basis; alerts are   generated and responded to in accordance with the Service Levels described   below. 

· Online status monitoring, alerting   us to potential failures or outages

· Capacity monitoring, alerting us to   severely decreased or low disk capacity (covers standard fixed HDD and SSD   partitions, not external devices such as USB or mapped network drives)

· Performance monitoring, alerting us   to unusual processor or memory usage

· Server essential service monitoring,   alerting us to server role-based service failures

· Endpoint protection agent   monitoring, alerting us to potential security vulnerabilities

· Routine operating system inspection   and cleansing

· Secure remote connectivity to the   server and collaborative screen sharing

· Review and installation of updates   and patches for Windows and supported software

· Asset inventory and server   information collection

Two Factor Authentication

Implementation   and facilitation of a two factor authentication solution from our designated Third   Party Provider. 

· Advanced   two factor authentication with advanced admin features.

· Secures   on-premises and cloud-based applications.

· Permits   custom access policies based on role, device, location.

· Identifies   and verifies device health to detect “risky” devices

Server Next-Generation Antivirus 

Implementation   and facilitation of a top-tier, next generation antivirus protection solution   from our designated Third Party Provider. 

Software agents installed in covered   server devices protect against malware and prevents intruder access. Used in   coordination with other endpoint security layers and security solutions to   form a comprehensive defense strategy.

· Next-generation   deep learning malware detection, file scanning, and live protection for   Server OS

· Web   access security and control, application security and control, intrusion   prevention system

· Data   loss prevention, exploit prevention, malicious traffic detection, disk and   boot record protection

Software Licensing 

(applies to all   software licensed by or through ThinkPINK)

All   software provided to you by or through ThinkPINK is licensed, not sold, to   you (“Software”). In addition to any   Software-related requirements described in ThinkPINK’s Master Services   Agreement, Software may also be subject to end user license agreements   (EULAs), acceptable use policies (AUPs), and other restrictions all of which   must be strictly followed by you and any of your authorized users.

When   installing/implementing software licenses in the managed environment or as   part of the Services, we may accept (and you agree that we may accept) any   required EULAs or AUPs on your behalf. You should assume that all Software   has an applicable EULA and/or AUP to which your authorized users and you must   adhere. If you have any questions or require a copy of the EULA or AUP,   please contact us. 

Updates   & Patching

· Remotely   deploy updates (e.g., x.1 to x.2), as well as bug fixes, minor enhancements,   and security updates as deemed necessary on all managed hardware.

· Perform   minor hardware and software installations and upgrades of managed hardware.

· Perform   minor installations (i.e., tasks that can be performed remotely and typically   take less than thirty (30) minutes to complete).

· Deploy,   manage, and monitor the installation of approved service packs, security   updates and firmware updates as deemed necessary on all applicable managed   hardware.

Please   note: We will keep all managed hardware   and managed software current with critical patches and updates (“Patches”) as   those Patches are released generally by the applicable manufacturers. Patches are developed by third party   vendors and, on rare occasions, may make the Environment, or portions of the   Environment, unstable or cause the managed equipment or software to fail to   function properly even when the Patches are installed correctly. We will not be responsible for any downtime   or losses arising from or related to the installation or use of any   Patch. We reserve the right, but not   the obligation, to refrain from installing a Patch if we are aware of   technical problems caused by a Patch, or we believe that a Patch may render   the Environment, or any portion of the Environment, unstable.

Virtual Chief Information Officer (vCIO)

Act as the main point of contact for certain   business-related IT issues and concerns.

· Assist in creation of information/data-related   plans and budgets.

· Provide strategic guidance and   consultation across different technologies.

· Create company-specific best   standards and practices.

· Provide education and   recommendations for business technologies.

· Participate in scheduled meetings to   maintain goals.

· Maintain technology documentation.

· Assess and make recommendations for   improving technology usage and services.

Voice Over IP (VoIP) Services

Implementation   and facilitation of an industry-recognized VoIP solution from our designated Third   Party Provider. Features include:

· Scalable VoIP-based telephone   service with call transferring, voicemail, caller ID, call hold, conference   calling, and call waiting functionalities.

· Central control panel provides   access to VoIP-related configurations, including physical address   registration, call routing, updating greetings, and ability to turn on/off   service features.

· Ability to use mobile app dialing 

Important:   There are additional   terms related to the VoIP service,   including your use of E911 features, toward the end of this Services   Guide. Please read them   carefully. You may be required to sign   an additional consent form indicating your understanding and acceptance of   the limitations of 911 dialing using the VoIP services.

Vulnerability Scanning

Implementation and facilitation of   an industry-recognized vulnerability scanning solution from our designated Third   Party Provider.

Vulnerability   scanning identifies holes in the managed network that could be exploited. External   vulnerability scans (which pertain to the IP address assigned to each   customer location through the Client’s ISP) are run monthly. Internal   vulnerability scans (which pertain to all systems inside the managed network)   are run at least annually. 

Vulnerability results will be   discussed during business review meetings with Client. Vulnerability reports   will be made available on request.

Please see additional terms for vulnerability scanning below.

Website Hosting[A7] 

Our designated Third Party Provider   will provide sufficient space and bandwidth to host your designated website   (“Website”) which, except for scheduled downtime or force majeure events,   will be available on a 24x7 basis. The Website will be hosted on a server   that may be shared between many customers; however, the Website will be given   a unique address.

· Migration of Servers. As a normal course of business, we or our   Third Party Provider, as applicable, may migrate the servers on which the   Website is hosted. This process will   not interfere with the Hosting Services, however, due to the potential for   migration, you are not guaranteed a permanent or dedicated IP address.

· Administration. You will be provided with access to a   dashboard through which you may make configuration adjustments to the hosted   environment; however, we strongly advise you to refrain from making changes   to the hosted environment without our guidance or direction. We will not be responsible for remediating   issues caused by your adjustments to the hosted environment unless those   adjustments were made pursuant to our written directions or under our   supervision.

· Resource/Load Balancing.   The bandwidth made available to your website is shared and allocated among   all of our customers. You must comply   with all bandwidth and ThinkPINK-imposed limitations on the hosting services   as established by ThinkPINK from time to time. We reserve the right to   load-balance applicable bandwidth to ensure that your activity will not   restrict, inhibit, or diminish any other user’s use of the bandwidth or   create an unusually large burden on the bandwidth. We reserve the right to restrict your   access to your hosted website in the event that your activities create a   disproportionate burden on our network or our third party providers’ networks   (if applicable), or any other crucial resources reasonably needed to ensure   the functionality, integrity, and/or security of the hosting services.

· Backup. Data in the hosted environment will be   backed up daily (“Standard Backup Service”); however, the Standard Backup   Service is not, and should not be regarded as, a backup and disaster recovery   solution. Although the Standard Backup Service is a part of the hosting   services, it is only a basic backup service, and it does not provide data   integrity verification services or other advanced backup or recovery   options. We strongly recommend that   you implement a separate backup and disaster recovery solution to protect the   security and integrity of, and accessibility to, the data in the hosted   environment.

· Storage and Security.   We and/or our third party providers will take reasonable steps to prevent   unauthorized access to the Website and the hosted environment; however, you   understand and agree that no security solution is 100% effective, and we do   not warrant or guarantee that the hosted environment will be free from   unauthorized access or malware at all times. 

Client, as well as any visitors to the   Website, must comply with our Acceptable Use Policy which is located at the end of this Services Guide.

Wi-Fi Services

ThinkPINK will install at the   Client’s premises Wireless Access Points to provide a bandwidth in all areas   requiring wireless network coverage, as agreed upon by ThinkPINK and Client.

· ThinkPINK will maintain, supervise,   and manage the wireless system at no additional cost. 

· Installed equipment, if provided by ThinkPINK,   will be compatible with the then-current industry standards. 

· ThinkPINK will provide remote   support services during normal business hours to assist with device   connectivity issues. (Support services will be provided on a “best efforts”   basis only, and Client understands that some end-user devices may not connect   to the wireless network, or they may connect but not perform well). 

Please note:   Any Wi-Fi devices, such as access points or routers, that are supplied by   Client cannot be older than five (5) years from the applicable device’s   original date of manufacture, and in all cases must be supported by the   manufacturer of the device(s).

Workstation Next-Generation Malware Solution 

Implementation   and facilitation of an industry-recognized, next generation workstation   malware protection solution from our designated Third Party Provider. 

Software agents installed in covered   devices protect against malware and prevent intruder access. Used in   coordination with other endpoint security layers and security solutions to   create a comprehensive defensive strategy.

· Next-generation   deep learning malware detection, file scanning, and live protection for   Workstation OS.

· Web   access security and control, application security and control, intrusion   prevention system.

· Data   loss prevention, exploit prevention, malicious traffic detection, disk, and   boot record protection.

Workstation Monitoring & Maintenance

Software   agents installed in covered workstations report status and IT-related events   on a 24x7 basis; alerts are generated and responded to in accordance with the   Service Levels described below.

· Online status monitoring, alerting us to potential   failures or outages.

· Capacity monitoring, alerting us to severely   decreased or low disk capacity (covers standard fixed HDD and SSD partitions,   not external devices such as USB or mapped network drives).

· Performance monitoring, alerting us to unusual   processor or memory usage.

· Endpoint protection agent monitoring, alerting us   to potential security vulnerabilities.

· Routine operating system inspection and cleansing.   

· Secure remote connectivity to the workstation and   collaborative screen sharing.

· Review and installation of updates and patches for   Windows and supported software.

· Asset inventory and workstation information   collection.

Covered Environment

Managed Services will be applied to the number of devices indicated in the Quote (“Covered Hardware”). The list of Covered Hardware may be modified by mutual consent (email is sufficient for this purpose); however, we reserve the right to modify the list of Covered Hardware at any time if we discover devices that were not previously included in the list of Covered Hardware and which are receiving Services, or as necessary to accommodate changes to the quantity of Covered Hardware. 

Unless otherwise stated in the Quote, Covered Devices will only include technology assets (such as computers, servers, and networking equipment) owned by the Client’s organization. As an accommodation, ThinkPINK may provide guidance in connecting a personal device to the Client’s organization’s technology, but support of personal devices is generally not included in the Scope of Services. 

If the Quote indicates that the Services are billed on a “per user” basis, then the Services will be provided for up to two (2) Business Devices used by the number of users indicated in the Quote. A “Business Device” is a device that (i) is owned or leased by Client and used primarily for business, (ii) is regularly connected to Client’s managed network, and (iii) has installed on it a software agent through which we (or our designated Third Party Providers) can monitor the device. 

We will provide support for any software applications that are licensed through us. Such software (“Supported Software”) will be supported on a “best effort” basis only and any support required beyond Level 2-type support will be facilitated with the applicable software vendor/producer. Coverage for non-Supported Software is outside of the scope of the Quote and will be provided to you on a “best-effort” basis and a time and materials basis with no guarantee of remediation. Should our technicians provide you with advice concerning non-Supported Software, the provision of that advice should be viewed as an accommodation, not an obligation, to you.

If we are unable to remediate an issue with non-Supported Software, then you will be required to contact the manufacturer/distributor of the software for further support. Please note: Manufacturers/distributors of such software may charge fees, some of which may be significant, for technical support; therefore, we strongly recommend that you maintain service or support contracts for all non-Supported Software (“Service Contract”). If you