Introduction
We believe in transparency about what our services include—and what they don't. This document explains our approach to security, what happens if an attack succeeds despite our protections, and why breach remediation and forensic investigation fall outside the scope of our Fully Managed IT services.
Understanding these boundaries helps you prepare appropriately and ensures you know exactly what resources to activate in the event of a security incident.
---
Our Security Commitment
As part of our normal IT services, we deploy comprehensive, enterprise-grade security systems designed to prevent, detect, and stop threats across your environment. Depending on your specific services we may deploy one or many of the following controls:
- Conditional Access Policies – Intelligent controls that restrict access based on device compliance, location, risk signals, and other security factors
- Endpoint Detection and Response (EDR) – Real-time monitoring and threat hunting to detect, investigate, and neutralize advanced threats at the endpoint level
- SASE Agents – Secure Access Service Edge solutions delivering integrated cloud security and network protection
- Endpoint Privilege Management – Enforcement of least-privilege access by removing unnecessary administrative rights from user accounts and endpoints
- Next-Generation Antivirus – Advanced threat detection that goes beyond traditional signature-based scanning to identify and block sophisticated malware and zero-day attacks
- DNS Filtering – Protection that blocks access to malicious domains and known threat sources at the DNS level
- SSL Decryption and Inspection – Deep packet inspection of encrypted traffic to identify threats concealed within HTTPS communications
- Security Awareness Training – Ongoing education to help your team recognize phishing attempts, social engineering tactics, and other common attack vectors
- Data Backup and Replication – Comprehensive backup solutions ensuring business continuity and data recovery capabilities
- Proactive Monitoring and Threat Prevention – Continuous oversight of your systems to identify and address threats before they cause damage
The specific services included in your engagement are detailed in your quote, Master Services Agreement (MSA), and Services Guide. These systems are highly effective and form a robust, multi-layered defense that stops the vast majority of threats before they ever reach your users or data.
What Happens is a Successful Attack
While our preventative and protective measures are designed to detect and stop attacks, we do not—and cannot—guarantee that every attack will be prevented. No security system can make that promise, regardless of how advanced or comprehensive it is.
If an attack does bypass our protective measures, we do not cover the time required to identify, contain, or respond to the incident. Breach remediation falls outside the scope of our Fully Managed IT services, and below we explain the important reasons why.
Why Breach Remediation Is Not Included
1. No One Can Guarantee Complete Security
Cybersecurity is an evolving discipline where threat actors continuously develop new techniques. We are confident in the strength of the systems we deploy—and they work. But we will never claim that any security stack is impenetrable.
Be cautious of any provider who guarantees that their security will prevent all attacks. That guarantee is likely to ring hollow on the day their system fails and your organization is compromised. We believe our clients are better served by honesty and preparedness than by false assurances.
2. Breach Investigations Require Legal Protections We Cannot Provide
Breach response and forensic investigation must be conducted within a specific legal framework to protect your organization. Additionally, we are not Forensic cybersecurity experts, commonly known as digital forensics.
Digital forensics must meet critical legal requirements:
- Chain of custody must be properly maintained for all evidence to ensure it is legally valid and admissible
- Attorney-client privilege must protect the investigation to shield findings and analysis from legal disclosure
- Legal oversight must guide the investigation to navigate regulatory obligations, notification requirements, and potential litigation
These services should always be sought through your cyber security insurance policy.
3. Attorney-Client Privilege Must Protect Your Forensic Analysis
This is perhaps the most critical reason. When a breach occurs, the forensic investigation needs to be conducted under attorney-client privilege to legally protect the findings and your organization's interests.
Breach response coordinated through your cyber insurance provider is handled by their designated legal counsel and forensic experts. This structure ensures:
- Proper chain of custody for all forensic evidence
- Legal privilege protecting the analysis and findings from disclosure
- Access to specialized legal resources that can guide your organization through regulatory obligations, notification requirements, and potential litigation
- Protection of sensitive information uncovered during the forensic investigation
4. The Scope and Cost of Breach Response Is Unpredictable
Every security incident is unique. The time required to investigate, remediate, and recover from a breach can vary dramatically depending on factors that cannot be known in advance:
- Attack sophistication – Simple phishing attacks versus advanced persistent threats require vastly different response efforts
- Scope of compromise – Whether the breach affects one user, one system, or your entire infrastructure
- Data involved – The type of data compromised determines regulatory obligations and notification requirements
- Persistence mechanisms – How deeply the attacker embedded themselves in your environment
- Cleanup complexity – Whether remediation requires rebuilding systems, revoking credentials, or restoring from backups
A breach investigation can require anywhere from a few hours to hundreds of hours of specialized work. Including this unpredictable liability within a fixed-price managed services agreement would either make our services prohibitively expensive for everyone or expose us to unlimited financial risk.
This is exactly why cyber insurance exists—to provide the financial coverage and specialized resources needed when an incident occurs.
What We Provide During an Incident
Our role during a security incident is identification and containment. When an attack or breach is detected, our team acts quickly to identify the threat, contain the impact, and begin the process of getting your users back to work.
As part of our incident response, we provide:
- Detailed incident response reports — We document the incident thoroughly, outlining who was affected, what occurred, when it happened, where the impact was observed, and how the attack unfolded based on the information available to us.
- Identification and containment — We work to identify the scope of the compromise and take immediate action to contain the threat and prevent further damage.
- Practical remediation to restore productivity — We help your users get back to work through hands-on steps such as resetting passwords and MFA devices, wiping and reinstalling applications to reset zero trust device access, and other remediation actions based on the specifics of the incident.
We want to be transparent: we may not always have the complete picture of an incident, and we are not forensic experts. Our focus is on rapid identification, containment, and operational recovery. In every incident response report we produce, we recommend that clients contact their cyber insurance provider to access their qualified forensic and legal resources for a comprehensive investigation.
What You Should Do in the Event of a Breach
If you suspect or confirm that a security incident has occurred:
Notify us so we can coordinate and support the response effort.
Contact your cyber insurance provider immediately. They will activate their incident response resources according to your policy details.
Follow the guidance of their designated legal counsel and forensic experts. These professionals will manage the investigation, containment, and recovery under the appropriate legal protections.
Your cyber insurance policy exists specifically for this scenario.
About This Document
This document is for educational purposes and should not be considered legal advice. It does not replace or modify your Master Services Agreement, Services Guide, or any other contractual document. It exists to provide a clear, straightforward explanation of why breach remediation falls outside the scope of our Fully Managed IT services and why the proper approach to breach response matters for your organization's protection.
For complete details on the services included in your engagement, please refer to:
- Your Quote – Specifies the services and protections included in your agreement
- Master Services Agreement (MSA) – Defines service scope, obligations, and boundaries
- Services Guide – Provides detailed descriptions of each service offering
If you have questions about your security posture, service scope, or anything discussed in this document, please contact your account manager.