FAQ

IT outsourcing means proactive IT maintenance: monitoring, patches, security management, application processing, and reporting. It is suitable for SMEs that want predictable IT operations without a full internal IT team.

The price is usually based on the number of users, the amount of equipment/servers, and the selected support plan.

Daily contracts usually include applications, monitoring, minimum modern security, repairs, documentation, and reports. Migration, reconstruction, and large-scale implementation are usually projects with separate coordination.

We take over in stages: access and critical systems → monitoring/backup/minimum security → documentation → optimization. This allows us to quickly reduce risks without downtime.

Yes — an external IT manager helps define IT priorities, budget, risks, and roadmap, and provides management reports and recommendations.

The SLA sets priorities (P1–P3), response/arrival definitions, and communication procedures (statuses on the portal). This helps to understand what happens in critical situations and how quality is measured.

We accept applications by email, phone, and through our customer portal. We prioritize based on business impact (downtime, number of affected users, alternatives), which determines the response sequence and frequency of communication.

The response is to start work remotely (or while traveling), arriving at the site in person. We usually start remotely and only come in person when necessary.

Access is secured through strong authentication (e.g., MFA), user approval, access policies, and audit logs. Work is performed on a least privilege basis to minimize risk and maintain traceability.

The portal displays applications, users, devices, licenses, statuses, and history, as well as KPI summaries. In addition, we provide regular management reports with recommendations (security, licenses, performance).

A contact person, access (accounts/VPN), a list of users and systems, and third-party contacts are required. If there is no documentation, we start with inventory and access organization in a secure process.

Yes — audits typically cover equipment inventory, servers/AD, network, backup and recovery, email security (SPF/DKIM/DMARC), and MFA. The result is a prioritized action plan with quick fixes and steps for improvement.

We agree on channels, responsible parties, and escalation procedures so that decisions can be made quickly and clearly in critical moments.

MFA for all accounts, EDR/XDR, patch management, and verified backups are the minimum security requirements for SMEs. Segmentation and the principle of least privilege also help.

Isolate affected devices from the network, record symptoms/timing, and suspend suspicious accounts/sessions. Then begin gathering information: impact, spread, recovery path from backup copies.

We set up SPF, DKIM, and DMARC, implement monitoring, and gradually tighten policies. This reduces phishing and improves email delivery.

For secure access, we use VPN with MFA, segmentation, and auditing. For Wi-Fi stability, we perform coverage measurements, channel optimization, 802.1X, and guest network separation.

They help with daily backups, but for full data recovery and independent storage, you usually need an independent M365 backup solution with tests and reports.

We determine RPO/RTO based on downtime costs and criticality, and adjust backup frequency and retention. We regularly perform recovery tests and record the results in reports.

How to protect backup copies against cyber attacks? We use multiple layers of backup copies — copies are stored outside the office network (e.g., in a separate cloud environment or isolated storage facility) so that they are not affected along with the rest of the infrastructure in the event of an attack. Backups are encrypted, which protects the data even if someone tries to access the storage facility without authorization. In addition, we implement the principle of minimum access and perform regular recovery tests to ensure that the copies are actually usable in the event of an incident.

We perform migration sequentially: DNS and security base → accounts/licenses → test environment → working environment → post-migration optimization. This reduces the risk of downtime and ensures security right from the start.

We start with the structure (sites/libraries) and grant access through groups rather than individually. We enable version control, define external sharing, and regularly audit access.

We tailor licenses to roles (full-time/freelance/guests) and implement regular reviews. This reduces overpayments and maintains security requirements.

We define guest access policies, external sharing rules, and security requirements (e.g., MFA). We regularly review access so that “historical” accounts do not become a risk.

We clearly agree in the contract who is responsible for what and how escalation takes place (us/ISP/software supplier/manufacturer). If third parties need to be involved, we take care of communication so that the customer does not have to spend time on calls and coordination. This usually means a faster solution and less downtime.

A confidentiality and personal data protection clause is automatically included in our contracts. We only process technical information necessary for IT support, and access to it is restricted according to the principle of minimum rights.

Yes — our systems automatically generate monthly executive reports with key information: backup status, security incidents and risks, most common problems, number of requests/calls and time spent, as well as equipment condition (e.g., age of computers). At the end of the report, we add practical recommendations for next steps.