Services Attachment

This Services Attachment (“Attachment”) entered into as of [OrderPorterSignedDate!MM/dd/yyyy] (“Attachment Effective Date”) is incorporated into and made a part of the Master Services Agreement (“MSA”) dated [OrderPorterSignedDate!MM/dd/yyyy] by and between Accellis Inc. d/b/a Accellis Technology Group (“Accellis”) and [Company.CompanyName] (“Client”). The parties agree:

    1. Capitalized terms have the meaning set forth in the MSA or herein. Exhibit B includes specified Exclusions. Exhibit C includes a list of definitions.
    2. This Attachment shall commence on [OrderPorterSignedDate!MM/dd/yyyy] (“Effective Date”) and continue for a period of three (3) years  (“Initial Term”) and shall automatically renew for successive periods equal to the Initial Term and each such renewal shall be a “Renewal Term” on the same terms and conditions except that the fees shall increase by 5% or the amount of the annual consumer price increase published by the U.S. Department of Labor for the month of the renewal, whichever is greater, unless written notice of termination is provided at least sixty (60) days in advance.
    3. Accellis shall, for the fees set forth in the proposal, paid monthly and in advance, provide:
MITS Standard
  • Remote Monitoring & Management (RMM) including 24×7 Alerting, & Reporting
  • Remote Access for Admins including Follow Upon Reboot & Remote Access to Workstations for All End Users
  • Network, Server, and Workstation Support & Maintenance including Windows Updates & 3rd Party Patch Mgmt
  • Management of Active Directory, Azure AD, Backup & DR, Hypervisor, All Windows/Linux Server Roles, etc.
  • Service Desk (Mon-Fri 7:00am-7:00pm) and 24×7 Self-Healing
  • Application Support for Productivity & Line-of-Business Apps Current on Vendor Support
  • Support on Networked Printers, Internet, Wi-Fi, and Peripherals Current on Vendor Support and Warranty
  • Technical Account Manager including vCIO Services with Asset & Vendor Management
  • Remote Support, Phone/Email/Chat/Portal Support, Client Portal, and Analytics Dashboards
  • Dark Web Scanning for Compromised Credentials Monthly Reporting
  • ClipTraining for Pre-recorded Office 365training, plus Custom Accellis Content as uploaded by Accellis
MITS Complete
  • Remote Monitoring & Management (RMM) including 24×7 Monitoring, Alerting, & Reporting
  • Remote Access for Admins including Follow Upon Reboot & Remote Access to Workstations for All End Users
  • Network, Server, and Workstation Support & Maintenance including Windows Updates & 3rd Party Patch Mgmt
  • Management of Active Directory, Azure AD, Backup & DR, Hypervisor, All Windows/Linux Server Roles, etc.
  • Service Desk (Mon-Fri 7:00am-7:00pm and 24×7 Self-Healing)
  • Application Support for Productivity & Line-of-Business Apps Current on Vendor Support
  • Support on Printers, Internet, Phones, Wi-Fi, and Peripherals Current on Vendor Support and Warranty
  • Technical Account Manager including vCIO & vCISO Services with Asset & Vendor Management
  • Remote Support, Phone/Email/Chat/Portal Support, Client Portal, and Analytics Dashboards
  • Dark Web Scanning for Compromised Credentials Monthly Reporting
  • ClipTraining for Pre-recorded Office 365training, plus Custom Accellis Content as uploaded by Accellis
  • Onsite Support
CORE Security powered by Microsoft
  • DNS Protection
  • Dark Web Scanning
  • Vulnerability Management
  • Microsoft Secure Score Management (1 Hour/Mo, Thereafter)
    Business-House No SLA Alerts Management (1 Hour/Mo, Hourly Thereafter)
  • Quarterly End User Anti-Phishing Campaigns
  • Microsoft Defender for Endpoint (Customer-Supplied Licensing)
  • At Risk User Monitoring
ClipTraining Advanced
  • Access to hundreds of pre-recorded Microsoft training sessions, plus Custom Accellis Content as uploaded by Accellis
  • Regular learning reporting
  • Client-managed, custom learning portal and platform for original content
Pen Test-as-a-Service
  • Multiple network penetration attempts to validate cybersecurity posture
  • Executive and Technical Reporting
  • Attestation (upon request)
  • Annual presentation (1 hour)
  • Client shall:
    • provide the information sufficient for electronic prepayment as set forth in Exhibit A;

    • appoint a trained Client representative familiar with the correct operation of the products and available to Accellis to assist with Services hereunder;

    • respond in a timely manner to information and critical date requests pertaining to the service hereunder

    • provide and maintain an environment that meets product specifications and replace out of warranty or end of life systems;

    • maintain adequate, verified backup copies of all software (i.e. operating system, application, and data files) on suitable media;

    • maintain all required licensing ;

    • maintain Accellis recommended bandwidth to support the network ;

    • allow installation of monitoring, remote access and any other software deemed necessary by Accellis to maintain and support the systems covered hereunder;

    • provide remote access to  machines with heat, light, and power at no charge;

    • pay for any media, shipping, downloading, installation, or other related costs required in    obtaining maintenance releases and patches;

    • shall subscribe and keep current maintenance/support agreements with the manufacturer of the products we support and allow Accellis to contact the manufacturer on your behalf;

    • be responsible for any additional hosting charges incurred by the addition of Accellis-site equipment;

    • with respect to software of third-party manufacturer provided to Client through Accellis, further:

    • agree to third party manufacturer licensing terms (i.e. Microsoft, ClipTraining, etc.), including under the Microsoft New   Commerce Experience program, and such terms are incorporated into this Attachment by reference;

    • make Accellis “Partner of Record” or equivalent with such third-party manufacturer in Client’s service portal or equivalent;

    • consent to licenses purchased under this Attachment as non-refundable, non-resaleable, and non-transferable;

    • pay Accellis (even if Client secures another service provider) for the number of initial or additional licenses Client requests for the entire term or renewal term of the third party manufacturer in accordance with such third party manufacturer’s current policies and pricing (which may be changed by the third party manufacturer) and any price increase or additional charges implemented by such third party manufacturer, which shall be reflected on Client’s account and charged to Client accordingly and are required to pay for such licenses in full until the expiration of the license terms;

    • not decrease,  cancel or transfer licenses at any time; and

    • add additional licenses pursuant to the foregoing and subject to all the terms of this Attachment and shall renew or expire as though purchased as of the Attachment Effective Date.

Additional Terms
  • User counts will be audited monthly and increased or decreased, as necessary. User and server counts may not be reduced if third party manufacturer prohibits reduction (i.e. Microsoft 365)
  • With respect to CORE Security Services and Pen Test -as-a-Service, incident response, remediation, and forensics are excluded from the Service hereunder
  • With respect to ClipTraining, custom video creation and support are excluded from the Service hereunder
  • Accellis CORE Security Service aligns to components of the NIST Cyber Security Framework. Accellis focuses on vulnerability management, anti-phishing, and alerting to provide portions of NIST technical controls. It is the responsibility of each Client to review the NIST Cyber Security Framework themselves to ensure that all aspects of the framework are accounted for. Accellis in no way guarantees Client to be absent of cyber security risk upon implementation of CORE Security.
  • Any services outside the scope of this Attachment shall be supplied by Accellis pursuant to the MSA at its regular billing rates in the form of a separate Project Attachment, including:
    • Customized training
    • Customized reporting
    • Hardware repair and/or replacement of Client owned equipment
    • Other services which are impractical for Accellis, such as, alteration of products (i.e., custom programming)
    • Implementation or expansion of new systems
    • Services to remediate issues related to upgrades, configuration changes and customizations performed by Client  .
    • Remediation of penetration test findings
Exhibit A - Exclusions

    Excluded from this Service Attachment are services outside the scope of this Attachment, which may be supplied by Accellis if requested by Client and such request is confirmed by either party in writing (an invoice may serve as such confirmation) and, if agreed to be undertaken by Accellis, shall be pursuant to the MSA at its regular billing rates, including:


    • 3rd Party multi-function printer service and maintenance;
    • Services performed by Accellis at Client locations and not remotely;
    • Cost of consumables, hardware, cabling, software;
    • Custom training;
    • Hardware repair and/or replacement;
    • Implementation or expansion of new systems;
    • Upgrades and/or data migrations;
    • Configuration and customization changes;
    • Products and/or services not acquired from Accellis, including software solutions acquired by Client directly, equipment, hardware or media items;
    • Client’s employees personal equipment and/or home networks (i.e. phone and tablet);
    • Voice and data service cutovers or migrations;
    • Telephony support related to system configurations, upgrades, call routing, new user setup, user exit or training;
    • Programming/Application Development (including website development and/or migrations);
    • Software and hardware implementations, upgrades and migrations;
    • Cabling;
    • Audio/visual support (projectors, TV’s, etc.);
    • Office moves or additional office setup;
    • Change of control events including merger, acquisition, divestiture, dissolution;
    • Written policies & documentation;
    • Questionnaires/assessments requested by vendors and/or customers;
    • 3rd Party assessments of Accellis or Client;
    • Support for issues arising from modifications, repairs or other work performed by persons other than Accellis, including without limitation (a) Client personnel who retain administrative level or other elevated permissions and make configuration changes or other modifications using those elevated permissions or (b) other consultants;
    • Post breach forensics, remediation, or restoration;
    • Implementations, upgrades, and migrations of systems that typically affect multiple users; or the introduction of new systems into the Client environment; including but not limited to (a) servers, workstations & networked devices (network attached printers, MFP’s, scanners, cameras, etc.); (b) network infrastructure (internet access, firewalls, switches, wireless access points, etc.); (c) software, applications, cloud services; and (d) voice/video systems and/or applications;
    • Services included by this Service Attachment but requested by Client to be performed outside of regular business hours of Accellis or on legal holidays;
    • Offboarding services and/or migration of services to other providers.
    Exhibit B - Definitions
      • Remote Monitoring and Management. Agent-based monitoring of basic Microsoft Windows operating system functions including automated script-based remediation and Microsoft patching management.
      • Asset Management and Technology Alignment. Tracking of equipment ensures you have access to up-to-date information on the age, specifications, installed applications, user details and branch location of all devices. Your vCIO will also meet with you as needed, but at least annually, to help you budget for the technology enhancements needed to stay aligned with industry best practices.
      • Backup & Disaster Recovery. Proactive measures to avoid data loss and downtime utilizing technology that eliminates the traditional backup chain by taking data directly from the server and converting it to virtual machine-readable files that can be booted from a web interface. Storing data in this manner allows for on-site and off-site recovery and can prevent businesses from having to experience downtime in the event of a disaster.
      • Detailed notes and diagrams of system, network configurations, passwords, licensing, and guides for specific setups for ongoing support and maintenance, and ease of upgrades or enhancements when they are due. This documentation is available to you on request.
      • Virtualization On-Site and Off-Site Backups can be virtualized either locally on the backup appliance or remotely in the secure cloud. The web interface allows for configuration of CPU and memory resources. Network resources can be configured dynamically, allowing for changes to be made without restarting the virtual machine. Even while virtualized, systems can continue to back up to the appliance and the secure cloud.
      • Anti-Virus/Anti-Malware – Anti-virus/anti-malware software is used to detect and remove viruses from a computer. This software is a form of cyber protection. Periodic scans are completed on an endpoint to detect potentially harmful viruses. If detected, the anti-virus solution will also seek to remove the virus from the machine, eliminating a potential threat or
      • Microsoft 365 Business Premium License – This license provides access to many different features available within  Microsoft 365 and includes the following:
          • Productivity Suite – Includes desktop versions of Word, Excel, PowerPoint, Outlook,
          • Microsoft Teams – Collaboration tool providing chat, video messaging, file sharing, meeting scheduling, and VoIP services (VoIP services required additional licensing).
          • Intune Mobile Device Management – Allows for robust onboarding and offboarding of user accounts and PC setups, as well as the ability to remotely wipe data from any device housing corporate
          • Microsoft Defender – Email security solution providing protection against malicious hyperlinks or attachments commonly sent via email.
          • Azure Information Protection – Provides the ability to encrypt outgoing email, track and revoke shared documents, and prevent the ability to forward or print emails.
      • Proactive Support. Regular assessment of hardware due for replacement before they fail or result in unnecessary downtime. System is checked on a regular basis to ensure vulnerabilities.
      • Spam Filtering – Spam filtering provides filtering of unwanted or unsolicited emails by detecting and redirecting to a spam folder with whitelist or blacklist of certain email addresses.
      • User Security Assessment and Security Training – Cyber security training involves simulated phishing attempts that look just like current attacks from cybercriminals. In addition, the simulations teach users what to look for and what not to click. An assessment of the organizational security posture is created over time from campaign data.
      • Dark Web Scanning – Dark Web Scanning provides alerts when your employee emails and passwords have been compromised and are for sale to the highest
      • Vulnerability Management – Using the information provided by a vulnerability management tool to resolve misconfigurations, detect and patch high-risk or outdated software, and audit service ports.
      • Secure Score Management – Microsoft Secure Score is a measurement of an organization’s security posture. Secure Score Management is a service that performs the Secure Score tasks monthly, and our security analysts deliver reports detailing actions taken and score improvement.
      • SOC as a Service – A SOC (Security Operation Center) service provides organizations with a team of cybersecurity experts dedicated to 24×7 monitoring, detecting, and investigating threats across an organization’s entire network. SOC does not include remediation.
      • Managed Endpoint Detection and Response (EDR) – A software component monitors your end-user devices and servers for threats that notify a threat intelligence service to either elevate or respond to the alert.
      • DNS Protection – DNS Protection is a built-in feature of Defender for Endpoint. This service blocks newly created domains and websites with harmful markers. Additionally, it can filter tasteless, inappropriate, or productivity-wasting websites.
      • Automated Lockdown Protection – Zero-Day threat protection prevents attacks before they occur because new threats are constantly being engineered and This service provides zero-day, real-time defense against threats you don’t even know are present. Whereas most antivirus solutions use fingerprinting to identify malware, advanced threat protection ensures secure email using sandboxing to classify something as malware based on its behavior.
      • Onboarding – Onboarding involves gathering details on existing technologies in use and the means necessary to monitor and alert and perform the Services.
      • TableTop Exercise – A security team member guides participants through a real-world business situation by discussing one or more scenarios in a simulated, interactive exercise that tests an organization’s readiness on the topic.
      • Cybersecurity Roadmap – A cyber security roadmap is a periodic review of your organization’s cybersecurity posture where our security team reviews the controls and assesses the risk of threats in your environment. The roadmap provides direction and a pathway to a highly secure environment and cybersecurity maturity.
      • VCISO Service – A virtual chief information security officer, or vCISO, is a professional who acts as a long-standing resource for your team to provide all the essential cyber security support one would expect from an in-house senior executive. A vCISO will step in to establish security standards, implement controls, and continually refine your approach to address the dynamic threat landscape along with industry best practices and regulations.
      • Security Assessment – A security assessment identifies and assesses security controls and provides an informative gap analysis against best practices.
      • Risk Assessment – Identifies the various information assets that could be affected by a cyberattack (such as hardware, systems, laptops, customer data, and intellectual property) and then identify the various risks that could affect those assets.
      • Penetration Testing – The intentional launching of simulated cyberattacks by trained Security Engineers using strategies and tools designed to access or exploit computer systems, networks, websites, and applications. The main objective of pen testing is to identify exploitable issues, test the robustness of an organization’s security policies, its employees’ security maturity, and the organization’s ability to identify and respond to security issues and incidents such as unauthorized access, as they occur.