Frequently asked questions

Per user. Pricing is transparent with no hidden fees and scales linearly with the size of your team, so what you pay tracks the people you actually support.

Either. We support clients with an internal IT team that we augment, and clients where we run everything end to end. We scope the engagement around the help your team actually needs.

Our help desk is staffed Monday through Friday, 7:00 AM to 7:00 PM Pacific, with 24/7/365 emergency support and monitoring for critical (P1) issues. Response and resolution targets are defined per client in your Service Level Agreement and backed by documented procedures for higher-priority tickets.

We start with discovery and an assessment of your current environment against CIS 18 IG2 and the frameworks your industry requires, then document your systems, stabilize the highest-risk gaps, and roll out monitoring, endpoint protection, and backup. We automate user onboarding and offboarding as part of the engagement.

Call us. A phone call reaches a person who can act immediately — do not wait on email. Our 24/7 SOC identifies the incident, contains it (isolating endpoints and blocking indicators of compromise), forensicates, and remediates, while recording the evidence and timeline your insurer and regulators expect.

Our 24/7 SOC investigates every higher-severity alert with human analysts rather than forwarding raw alerts to your inbox. On a confirmed threat we contain automatically — isolating the host and disabling the account within minutes — then forensicate and remediate, and deliver an incident report that is ready for your cyber-insurance carrier.

Yes. We build compliance programs with real controls and maintain your control-evidence library for HIPAA, SOC 2 Type II, PCI DSS v4.0, SEC Reg S-P, NIST CSF, and more. We are not your auditor — auditors must be independent — but we prepare you, maintain the evidence, and respond to client security questionnaires on your behalf, typically within 48 to 72 hours.

Roughly six to twelve months for a Type II report; Type I readiness is generally three to four months. The timeline depends on the maturity of your current controls, which our initial assessment establishes.

We deploy immutable, air-gapped backups using a 3-2-1-1-0 architecture so ransomware cannot encrypt your recovery copies. Automated integrity checks run daily and we perform full-restore tests quarterly. Typical objectives are a recovery point under one hour and a recovery time under four hours for critical systems.

Yes. Microsoft 365's native retention is not sufficient for most compliance regimes, so we back up Exchange, SharePoint, OneDrive, and Teams separately with compliance-grade retention.

Yes. We analyze your E1/E3/E5 license mix — most clients save 15 to 25 percent in the first year — and harden the tenant to a CIS-mapped baseline, including conditional access, MFA on every account, audit logging, and DLP scoped to your sensitive data.

Vendor-neutral by design. We work with whichever EDR, SIEM, and firewall make sense for your environment, and we can ingest from an existing SIEM such as Microsoft Sentinel, Splunk, or Arctic Wolf, or deploy one if you do not have it.

Yes. We are based in Los Angeles and provide both remote and on-site support across the metro area, alongside 24/7 remote monitoring and a help desk.