Managed Services Details 2026

Managed Services Packages Details For
BusinessShield™ Select, BusinessShield™, BusinessShield™ Compliance

Established 2.5.2026

Last Updated 3.5.2026

Guarantees (For All Managed Services Packages)

Information Privacy

Orbis Solutions is committed to maintaining the confidentiality of all proprietary and sensitive business information disclosed by the Client in connection with the Services. Such information shall be protected in accordance with Orbis Solutions’ privacy policy and shall be treated with the same degree of care that Orbis Solutions applies to its own confidential information. Orbis Solutions shall not disclose the Client’s confidential information to any third party except as required by law or as expressly authorized in writing by the Client.

Make Things Right If We Fall Short
In the event that the Services initially provided by the Orbis Solutions do not conform to the scope, specifications, or performance standards expressly set forth in the applicable agreement or statement of work, Orbis Solutions shall, within a commercially reasonable period of time, take appropriate corrective action to remedy the deficiency and work in good faith to achieve the agreed-upon outcome.

Meet Service Level Expectations

We hold our teams to the highest standard and we strive to meet our Service Level Expectation by taking a probabilistic based approach where we forecast realistic work expectations to the overall fixed time that work items are likely to take in a certain process. Please see https://OrbisSolutionsInc.com/service-level-expectation

100% Satisfaction Guarantee

Should you find any aspect of our service unsatisfactory, we commit to initiating corrective measures promptly to resolve your concerns in accordance with our service agreement and our service level expectations. If at any time you’re not 100% satisfied, please reach out to concerns@OrbisSolutionsInc.com.

Guarantees (For BusinessShield™ and BusinessShield™ Compliance Packages)

Try Us Before You Commit*

For new Clients only, regardless of the stated addendum or agreement duration, the initial three (3) month period of service shall be provided on a month-to-month basis. During this initial period, either party may terminate services by providing a minimum of thirty (30) days’ written notice in accordance with the agreement’s termination provisions.

Upon completion of the initial three (3) month period, the full contract term as outlined in the applicable service agreement or addendum shall automatically commence, unless otherwise terminated or modified in writing by both parties.

Service Desk calls answered live

Orbis Solutions guarantees that telephonic service inquiries made to the Client Support Line at (702) 389-4000 during regular support hours (Monday through Friday, 7:00 a.m. to 5:00 p.m. Pacific Time, excluding recognized holidays) will be answered by a live person without requiring the Client to leave a voicemail.

In the event a Client is required to leave a voicemail outside of the Client’s voluntary selection of voicemail through automated prompts, the Client may be eligible to receive a twenty-five dollar ($25) service credit on their next invoice and a twenty-five dollar ($25) gift card as a service courtesy, subject to verification and compliance with applicable service terms.

To qualify, the Client must report the occurrence within thirty (30) days of the incident by emailing concerns@OrbisSolutionsInc.com and providing the date and time the voicemail was left. Eligibility is subject to validation of call records and adherence to applicable service and support conditions.

30-Day Money-Back Guarantee*

For new Clients only, if the Client is dissatisfied with services rendered within the initial thirty (30) days of service commencement, Orbis Solutions will provide a full refund of the onboarding fee and the first month’s recurring service fee. Upon written request, Orbis Solutions will also provide commercially reasonable transition assistance to support the Client’s migration to an alternative service provider, subject to cooperation from the Client and any third-party vendors. Clients seeking to initiate this guarantee must submit their request in writing within the initial thirty (30) day period by emailing concerns@ OrbisSolutionsInc.com. Eligibility is subject to verification of service start date and compliance with applicable agreement terms.

Onsite, On-Time Guarantee

Orbis Solutions is committed to timely arrival for all scheduled onsite service appointments. In the event of an unforeseen delay, Orbis Solutions will make commercially reasonable efforts to provide the Client with advance notification of the delay, including a minimum of thirty (30) minutes’ notice prior to the scheduled appointment time whenever reasonably practicable. Unforeseen delays may include, but are not limited to, emergency service escalations, traffic conditions, weather events, or circumstances outside of Orbis Solutions’ reasonable control. While Orbis Solutions strives to meet all scheduled appointment times, punctual arrival is not guaranteed under all conditions.

Support

Remote Support

Orbis Solutions shall provide unlimited remote technical support for all monitored business users, computers, servers, sites, and covered mobile devices. Remote support shall be available during the Orbis Solutions’ standard Support Hours of Monday through Friday, 7:00 a.m. to 5:00 p.m. (Pacific time), excluding Orbis Solutions recognized holidays as published at: https://OrbisSolutionsInc.com/holidayschedule.

Onsite Support

BusinessShield™ Select Package

During Orbis Solutions’ designated Onsite Support Hours, Orbis Solutions will provide onsite technical support services for the Client’s managed infrastructure, which may include business users, computers, servers, locations, and covered mobile devices located at the Client’s premises, as determined necessary by Orbis Solutions in its reasonable discretion.

All onsite support services shall be billed in accordance with Orbis Solutions’ then current rate schedule published at: https:// OrbisSolutionsInc.com/ratecard, unless otherwise expressly stated in the applicable Master Services Agreement or Statement of Work.

Onsite Support Hours are Monday through Friday, 8:00 a.m. to 5:00 p.m. (Pacific time), excluding Company recognized holidays as published at: https:// OrbisSolutionsInc.com/holidayschedule.

BusinessShield™ and BusinessShield™ Compliance Packages

During Orbis Solutions’ designated Onsite Support Hours, Orbis Solutions will provide unlimited onsite technical support services for the Client’s managed infrastructure, which may include business users, computers, servers, locations, and covered mobile devices located at the Client’s premises, as determined necessary by Orbis Solutions in its reasonable discretion.

Onsite Support Hours are Monday through Friday, 8:00 a.m. to 5:00 p.m. (local time), excluding Company recognized holidays as published at: https:// OrbisSolutionsInc.com/holidayschedule.

After-Hours & Weekend Support

After Hours and Weekend Support services are not included within the scope of the Managed Services Addendum and are offered on as requested basis. Such services shall be billed in accordance with the Orbis Solutions’ then current Rate Card published at: https://OrbisSolutionsInc.com/ratecard. “After-Hours” shall mean any time outside of standard Support Hours, specifically between 5:01 p.m. and 6:59 a.m. (Pacific time), excluding Orbis Solutions recognized holidays as published at: https:// OrbisSolutionsInc.com/holidayschedule.

Holiday Support

Holiday Support services are not included within the scope of the Managed Services Addendum and are offered on an as requested basis. Such services shall be billed in accordance with the Orbis Solutions’ then current Rate Card published at: https://OrbisSolutionsInc.com/ratecard. Holiday Support shall include any support services performed during the twenty four (24) hour period of Orbis Solutions recognized holiday, as listed at: https:// OrbisSolutionsInc.com/holidayschedule

Emergency – Remote Response Time

BusinessShield™ Select Package

For issues classified as Emergency Severity Level incidents, Orbis Solutions will use commercially reasonable efforts during business hours to provide an initial remote response within thirty (30) minutes from the time the issue is reported via the Orbis Solutions’ designated Support Phone Number. An Emergency Severity Level incident is defined as a production outage resulting in the complete inability of the Client’s organization or a business-critical department to operate.

BusinessShield™ and BusinessShield™ Compliance Packages

For issues classified as Emergency Severity Level incidents, Orbis Solutions will use commercially reasonable efforts during business hours to provide an initial remote response within fifteen (15) minutes from the time the issue is reported via the Orbis Solutions’ designated Support Phone Number. An Emergency Severity Level incident is defined as a production outage resulting in the complete inability of the Client’s organization or a business-critical department to operate.

Emergency – Onsite Response Time

BusinessShield™ Select Package

For issues classified as Emergency Severity Level incidents requiring onsite support, Orbis Solutions will dispatch onsite assistance on an as available bases to next business day basis once onsite service is deemed necessary. Orbis Solutions’ goal is to provide same business day onsite response during standard Support Hours; however, availability is not guaranteed. An Emergency Severity Level incident is defined as a production outage resulting in the complete inability of the Client’s organization or a business-critical department to operate, where onsite service is reasonably required to resolve the issue.

BusinessShield™ and BusinessShield™ Compliance Packages

For issues classified as Emergency Severity Level incidents requiring onsite support, Orbis Solutions will dispatch onsite assistance same business day basis once onsite service is deemed necessary. Orbis Solutions’ goal is to provide same business day onsite response during standard Support Hours; however, availability is not guaranteed. An Emergency Severity Level incident is defined as a production outage resulting in the complete inability of the Client’s organization or a business-critical department to operate, where onsite service is reasonably required to resolve the issue.

What Constitutes As An Emergency?

An Emergency is described by the whole company or department not being able to function due to production system outage.

Data Breach Or Security Incident:

An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

Major Software Failure:

When a core business application or software system used by the client experiences a critical failure, rendering it inoperable and affecting business processes.

Network Infrastructure Failure:

If there’s a significant disruption or failure in the client’s network infrastructure, leading to loss of connectivity, inability to access resources, or communication breakdown.

Loss Of Business-Critical Services:

If services or processes that are crucial for the client’s daily operations, such as email, file sharing, or customer support systems become unavailable.

Hardware Failure:

In the case of a critical hardware component failure (e.g. server, storage device) that impacts the client’s ability to function properly.

Data Loss:

If the client experiences significant data loss due to hardware failure or software corruption, resulting in potential loss of revenue, compliance violations, or reputational damage.

Severe Performance Degradation:

When the client’s systems or applications experience severe slowdowns or performance issues that hinder their ability to deliver services effectively.

Cybersecurity Event

For purposes of this Agreement, a “Cybersecurity Event” shall mean any actual or suspected occurrence that compromises, or has the potential to compromise, the confidentiality, integrity, or availability of an information system or any information processed, stored, or transmitted by such system. This includes, without limitation, any actual or attempted unauthorized access, security breach, data compromise, cyber-attack, malware infection, credential breach, or other activity that violates, or presents an imminent threat of violating, applicable security policies, procedures, or acceptable use standards. A Cybersecurity Event shall also include any such occurrence attributable, in whole or in part, to the actions, omissions, or negligence of the Client or the Client’s personnel.

In the event of a Cybersecurity Event, Orbis Solutions shall require a retainer in the amount of Five Thousand Dollars ($5,000) prior to commencing incident response services. All such services shall be billed in accordance with the Orbis Solutions’ then current Rate Card published at: https://OrbisSolutionsInc.com/ratecard. Upon depletion of the retainer balance, additional retainers in the amount of $5,000 shall be required on a rolling basis until the incident has been fully resolved.

Notwithstanding the foregoing, Orbis Solutions will provide or facilitate a limited (3) hours amount of initial cyber incident triage services per calendar year at the discounted rate set forth in the Company’s Rate Card, without the requirement of a retainer. Any services performed beyond this limited triage period shall be subject to the retainer and billing terms described herein.

Small Projects

BusinessShield™ Select Package

Small Projects are not included in the Fundamental Packages.

BusinessShield™ and BusinessShield™ Compliance Packages

If Orbis Solutions determines a ticket request is a separate Project (as described in the Client’s Addendum), Orbis Solutions will obtain the Client’s approval before moving forward. As a rule of thumb, we follow the “3 5’s rule” when deciphering what is or is not a project. If it is anticipated to take more than five (5) hours, include more than five (5) steps, or affect more than five (5) users, it is a Project. The “3 5’s rule” excludes onboarding and structured cabling. All onboarding fees are due before work can commence. Orbis Solutions will include three (3) new computer setups per month at no additional charge for BusinessShield™ and BusinessShield™ Compliance Managed Services Clients. These Clients will receive 10 free hours per year to be used toward small projects.

Core (Add On / Additional Billing)

Dedicated Onsite Resource

All Managed Services Packages

A dedicated onsite resource IS NOT part of the Managed Services packages, but it is an option to purchase separately in 4-hour increments.

Proactive Account Management (For All Managed Services Packages)

Strategic Business Reviews

A Orbis Solutions Account Manager will meet with Client designated stakeholders on a recurring basis to review business objectives and assist in developing an IT strategy aligned with the Client’s short and long term organizational goals. Orbis Solutions will provide strategic recommendations, including a technology roadmap and budget planning guidance, intended to help forecast potential projects and anticipated technology expenditures. Strategic guidance is advisory in nature and does not constitute a guarantee of project execution, budgeting outcomes, or specific business results.

Dedicated Account Manager

Your Account Manager will be your key point of contact at Orbis Solutions and a key advocate for making sure the services that you’ve purchased from Orbis Solutions are delivered at the highest level of standard.

Weekly Cybersecurity & Tech Tips

On “Tech Tip Tuesday” we send out Cybersecurity & Tech Tips to all end users for educational and Cybersecurity purposes.

Payment & Invoice Portal

Orbis Solutions provides Clients with access to a secure, third-party payment portal designed to facilitate convenient electronic payment processing. Through this portal, Orbis Solutions accepts payments via major credit cards and Automated Clearing House (ACH) transactions. Client acknowledges that use of the payment portal is subject to applicable processing fees, payment authorization requirements, and the terms and conditions of the payment processor, which may be updated from time to time.

Self-Service Portal

Orbis Solutions provides Clients with access to a fully functional service portal that enables Clients to Open, review, and manage service tickets. The portal may include customized ticket submission templates designed to streamline support requests and improve service efficiency. Access to and use of the portal is subject to Orbis Solutions’ acceptable use policies and may be modified, enhanced, or updated at Orbis Solutions’ discretion. Client will request to access.

Monthly Newsletter

Orbis Solutions distributes a monthly newsletter to Clients containing company updates, industry insights, technology trends, product and gadget highlights, and relevant business or cybersecurity news. Distribution methods and content may be modified or discontinued at Orbis Solutions’ discretion. Receipt of such communications does not constitute a guarantee of service updates, security notifications, or required compliance notifications unless expressly stated otherwise.

Custom Employee Onboarding / Offboarding Form

Orbis Solutions provides Clients with the ability to create customized users and device onboarding and offboarding workflow forms within the Client self-service portal, upon Client request. These forms are intended to standardize provisioning, deprovisioning, access management, and device deployment processes to improve operational efficiency and security controls. Orbis Solutions will provide reasonable implementation assistance to configure and deploy these forms based on Client defined requirements and approved workflows. Form functionality and automation capabilities are dependent upon platform features, system integrations, licensing, and Client provided process documentation. While these services are intended to improve process consistency and security oversight, Orbis Solutions does not guarantee prevention of provisioning errors, access control issues, or compliance violations resulting from inaccurate or incomplete Client-provided information.

Dark Web Monitoring Report

Orbis Solutions provides Dark Web Monitoring reporting as part of Strategic Business Reviews (SBRs). This reporting is intended to identify publicly available indicators of potential credential exposure or data associated with Client domains or users that may appear in known Dark Web sources. If Orbis Solutions identifies potential exposures related to Client information, Orbis Solutions will notify the Client by generating a service ticket and providing relevant findings for Client review. Dark Web Monitoring services are limited to available third-party data sources and do not guarantee the detection, prevention, or remediation of all data breaches, exposures, or cybersecurity incidents.

Proactive Account Management (For BusinessShield™, and BusinessShield™ Compliance Packages)

Monthly Quality Assurance Touchbase Email

Orbis Solutions Account Management will conduct periodic outreach, typically on a monthly basis, via email or telephone to provide general service follow-up, address Client concerns, and support overall relationship management. These communications are intended to provide an opportunity for Clients to request assistance, discuss service performance, and identify potential improvement opportunities. Monthly check-ins are conducted on a commercially reasonable, best-effort basis and are dependent upon Client availability and responsiveness. While these outreach efforts are intended to support service quality and partnership engagement, Orbis Solutions does not guarantee issue identification, resolution, or service modification unless formally requested and agreed upon through established service procedures.

Monthly Executive Summary Report

Orbis Solutions provides a Monthly Executive Summary Report designed to deliver high-level visibility into the overall health and performance of the Client’s technology environment. Reporting may include network health indicators, service ticket trend analysis, and Service Level Expectation (SLE) performance metrics. Report content is generated based on available system data, monitoring platforms, and service activity within the reporting period. While the report is intended to provide operational insight and performance transparency, Orbis Solutions does not guarantee identification of all system issues, performance risks, or service anomalies. Client shall request.

Real-Time Dashboard

Orbis Solutions provides Clients with access to a real-time service dashboard designed to deliver visibility into service activity and performance metrics. Dashboard features may include live service ticket status tracking, Service Level Expectation (SLE) performance reporting, client satisfaction survey results, and other operational service data as available within supported platforms. Dashboard data is generated from integrated service management and monitoring systems and is dependent upon platform capabilities, system availability, and Client-approved access permissions. While the dashboard is intended to provide transparency and operational visibility, Orbis Solutions does not guarantee uninterrupted dashboard availability or real-time accuracy of all displayed data due to system, connectivity, or platform limitations.

Proactive Account Management (For BusinessShield™ Compliance Package only)

Quarterly Meeting With Compliance Expert

Orbis Solutions will provide a quarterly meeting conducted by a Security and Compliance Specialist to review the Client’s cybersecurity posture, compliance considerations, risk concerns, and recommended improvement strategies. These meetings are intended to provide guidance, discuss regulatory or framework alignment, review security initiatives, and address Client questions related to security and compliance matters. Meeting content and recommendations are advisory in nature and are based on available data, monitoring results, and Client-provided information. Quarterly meetings are subject to scheduling availability, Client participation, and defined service scope. While these meetings are intended to support compliance readiness and risk management, Orbis Solutions does not guarantee regulatory compliance, audit success, or mitigation of all cybersecurity risks.

User Management (For All Managed Services Packages)

User Management (remote support)
Orbis Solutions provides unlimited remote troubleshooting and support for managed user account related issues, which may include assistance with access permissions, group membership configuration, account access troubleshooting, and general user account administration for supported systems and platforms. User management services are performed in accordance with Client approved authorization procedures, security policies, and documented access control requests. Service delivery is dependent upon supported systems, proper administrative access, licensing, and Client provided information. While these services are intended to support secure and efficient user account administration, Orbis Solutions does not guarantee prevention of access issues, unauthorized access incidents, or configuration conflicts resulting from inaccurate or incomplete Client provided information.

Email Spam Filtering

As part of a layered cybersecurity approach, Orbis Solutions provides email spam and malware filtering services designed to reduce the risk of malicious or unwanted email reaching Client systems. These services utilize automated detection, filtering technologies, and threat intelligence tools to identify and quarantine suspected threats. While these protections are intended to enhance email security, Orbis Solutions does not guarantee the prevention or detection of all spam, phishing attempts, malware, or other email-based threats.

allow and block list in Spam Filtering

Orbis Solutions may configure email filtering and mail flow rules to allow, restrict, or block email communications based on defined categories, security classifications, and Client approved preferences. These configurations are intended to enhance email security and operational efficiency. Client acknowledges that filtering rules may result in the delay, quarantine, or blocking of legitimate email communications. Orbis Solutions will make commercially reasonable efforts to align filtering configurations with Client requirements but does not guarantee uninterrupted or error free email delivery.

M365 User Account Monitoring

Orbis Solutions provides Microsoft 365 (“M365”) Defense services, which include continuous monitoring, security policy enforcement, and security posture enhancement for Client M365 environments and user accounts. These services are performed by cybersecurity analysts who monitor for suspicious activity, recommend and implement security hardening measures, and assist with incident identification and response within the M365 platform.

M365 Defense services require appropriate Microsoft licensing and are delivered in accordance with Client approved configurations, security policies, and defined service parameters. While these services are intended to strengthen the security of the M365 environment, Orbis Solutions does not guarantee the prevention, detection, or remediation of all security threats, vulnerabilities, or unauthorized access attempts.

Microsoft 365 Or Google Workspace License Management
Orbis Solutions provides license management services for supported Microsoft 365 and Google Workspace environments, which may include license provisioning, assignment, modification, and removal based on Client approved requests and user account requirements. These services are intended to help maintain proper license allocation, optimize license utilization, and support user onboarding and offboarding processes. License management services are dependent upon vendor platform availability, licensing agreements, subscription eligibility, and Client approved authorization procedures. While Orbis Solutions will make commercially reasonable efforts to manage licensing in accordance with Client requests, Orbis Solutions does not guarantee license availability, vendor pricing stability, or compliance with vendor licensing terms and conditions.

Access Permissions Violation Monitoring

Orbis Solutions implements access control measures and User Behavior Analytics (UBA) designed to monitor authentication activity and identify potentially suspicious login behavior. These services may include monitoring and alerting for failed login attempts, logins originating from unapproved or high-risk geographic regions, and login activity that deviates from established user behavioral patterns.

Implementation and effectiveness of these services require appropriate Microsoft licensing and are dependent upon Client approved security configurations and defined service parameters. While these controls are intended to enhance account security and threat detection, Orbis Solutions does not guarantee the prevention, identification, or mitigation of all unauthorized access attempts or security incidents.

Suspicious Exposure Of Sensitive Information Monitoring

Orbis Solutions provides email monitoring and device scanning services designed to detect and help protect sensitive data based on Client defined data classification and control requirements. These services utilize Data Loss Prevention (DLP) technologies to identify potential exposure or unauthorized transmission of protected information.

Covered data types may include, but are not limited to, Personally Identifiable Information (PII), Payment Card Information (PCI), Protected Health Information (PHI), and Non-Public Information (NPI), as defined and configured by the Client.

Implementation and functionality of these services require appropriate Microsoft licensing and are dependent upon Client-approved configurations, policies, and defined service parameters. While DLP services are intended to enhance data protection and compliance efforts, Orbis Solutions does not guarantee the detection, prevention, or remediation of all data loss, exposure, or regulatory compliance violations.

M365 Suspected Attacks Monitoring

Orbis Solutions provides monitoring of managed Microsoft 365 (“M365”) user accounts for indicators of known and suspected threat actor activity. Monitoring activities may include alert review, suspicious behavior analysis, and response coordination based on identified security events within the M365 environment.

Service delivery requires appropriate Microsoft licensing and is dependent upon Client approved configurations, security policies, and defined service parameters. While these monitoring services are intended to enhance account security and threat visibility, Orbis Solutions does not guarantee the detection, prevention, or remediation of all malicious activity, unauthorized access attempts, or cybersecurity incidents.

Mass Data Deletion / Download Monitoring

Orbis Solutions monitors managed, cloud connected user accounts for activity patterns indicative of potential insider threats or unauthorized access, including mass data deletion, bulk downloading, or other anomalous behaviors. Monitoring and alerting are performed based on available telemetry and Client approved thresholds and policies.

These services require appropriate licensing and are dependent upon Client defined parameters and security configurations. While such monitoring is intended to enhance visibility into potentially harmful account activity, Orbis Solutions does not guarantee the detection, prevention, or mitigation of all insider threats, data exfiltration events, or malicious activities.

User Training

Orbis Solutions provides virtual user training sessions designed to support Client personnel in the effective use of supported technologies and security best practices. Training is available upon Client request and is limited to up to one (1) hour per Client organization per calendar quarter unless otherwise agreed in writing.

Training content, scheduling, and delivery are subject to resource availability and mutually agreed upon topics. Training services are intended for general user education and do not constitute formal certification, regulatory compliance training, or customized curriculum development unless specifically contracted.

Microsoft 365 or Google Workspace Backup

Orbis Solutions provides backup services for supported Microsoft 365 or Google Workspace environments to help protect Client data from loss, deletion, corruption, or cybersecurity incidents. Backup data is secured using industry standard encryption, including 256-bit encryption for data at rest and 128-bit encryption for data in transit. Backup services include the creation of multiple recovery snapshots at scheduled intervals throughout the day, subject to platform capabilities and configured backup policies.

Backup scope, frequency, retention, and restoration capabilities are dependent upon licensing, storage limitations, service availability, and Client approved configurations. While these services are designed to enhance data protection and recovery readiness, Orbis Solutions does not guarantee the prevention of all data loss, unauthorized access, or service disruption.

Security Awareness and Phishing Simulation

Orbis Solutions provides automated security awareness testing through simulated phishing campaigns designed to help evaluate and improve end-user cybersecurity awareness. Services include access to a library of phishing simulation templates, including vendor-provided and community-generated templates, with usage subject to platform capabilities and licensing.

Orbis Solutions will provide reporting on simulation results to the Client’s designated Key Contact, which may include user interaction metrics, campaign performance, and recommended awareness improvements. Phishing simulations are intended for training and risk awareness purposes only and do not guarantee the prevention of successful phishing attempts, user compromise, or cybersecurity incidents.

Microsoft Entra ID (Azure AD) Identity Backup and Recovery
Orbis Solutions provides identity data backup services designed to create secure, independent copies of Client identity configurations within Microsoft Entra ID (formerly Azure Active Directory). These backups may include user accounts, groups, security policies, application configurations, and other identity-related components intended to support recovery in the event of data loss, ransomware activity, accidental deletion, or configuration corruption.

These services utilize third party solutions and/or approved backup methodologies to enhance identity data resilience and support business continuity for systems that rely on Microsoft 365, Azure, and other integrated SaaS applications.

Service delivery requires appropriate licensing and Client approved configurations. While identity backup services are intended to improve recovery capabilities and operational resilience, Orbis Solutions does not guarantee complete restoration of all identity data, prevention of data loss, or uninterrupted access to cloud services.

User Management (For BusinessShield™ and BusinessShield™ Compliance Packages)

Multi-Factor Authentication (MFA)

Orbis Solutions provides a business-grade Multi-Factor Authentication (MFA) solution for Client end users to enhance account security across supported systems and applications. MFA adds an additional authentication layer by requiring users to provide two or more verification factors, typically including something the user knows (such as a password) and something the user possesses (such as a mobile device or authentication application).

Implementation and functionality of MFA services are dependent upon supported systems, appropriate licensing, and Client approved configurations. While MFA significantly strengthens access security, Orbis Solutions does not guarantee the prevention of all unauthorized access, credential compromise, or cybersecurity incidents.

Password Management

Orbis Solutions provides password management services utilizing secure password management platforms designed to store, generate, and manage credentials for supported systems and applications. These services are intended to enhance credential security through features such as encrypted password storage, secure credential sharing, password generation, and access control enforcement.

Password management services are dependent upon supported platforms, proper user adoption, licensing, and Client approved security configurations and policies. While password management is intended to strengthen authentication security and reduce credential related risk, Orbis Solutions does not guarantee the prevention of unauthorized access, credential compromise, or cybersecurity incidents resulting from user behavior, third-party breaches, or unsupported systems.

New User Setup

Orbis Solutions includes up to three (3) new user and/or computer setup services per calendar month as part of the applicable service package. Setup services may include standard account provisioning, device configuration, software deployment, security policy application, and onboarding assistance for supported systems and platforms.

Additional new user or computer setup requests exceeding the included monthly allotment will be billed at a flat fee of three hundred seventy-five dollars ($375) per setup, unless otherwise specified in writing. Setup services are performed in accordance with Client approved onboarding procedures, supported system requirements, licensing availability, and standard configuration templates.

Data Loss Prevention

Orbis Solutions provides Data Loss Prevention (DLP) services designed to monitor, detect, and help prevent unauthorized transmission, exposure, or misuse of sensitive data across supported systems, email platforms, cloud services, and endpoint devices. DLP services may include policy enforcement, content inspection, alert generation, and automated response actions based on Client-defined data classification and security requirements. DLP coverage may include protection of sensitive data types such as Personally Identifiable Information (PII), Payment Card Information (PCI), Protected Health Information (PHI), Non-Public Information (NPI), and other Client-designated confidential data. Service effectiveness is dependent upon supported platforms, system compatibility, licensing, and Client-approved configurations and data classification policies. While DLP services are intended to enhance data protection and support regulatory compliance efforts, Orbis Solutions does not guarantee the prevention, detection, or remediation of all data loss events, unauthorized data access, or compliance violations.

User Management (Onsite Support)

During designated Support Hours, Orbis Solutions will provide onsite support for business users at the Client’s premises when deemed necessary by Orbis Solutions for proper diagnosis, remediation, or service delivery. Standard onsite support hours are Monday through Friday, 8:00 a.m. to 5:00 p.m. Local Time, excluding recognized holidays as outlined in Orbis Solutions’ Holiday Schedule available at https:// OrbisSolutionsInc.com/holidayschedule.

Onsite support is provided based on service scope, resource availability, and issue severity, and may be preceded by remote troubleshooting when appropriate. While Orbis Solutions will make commercially reasonable efforts to provide timely onsite support, onsite availability and response times are not guaranteed and may be affected by scheduling constraints, travel considerations, or circumstances outside of Orbis Solutions’ reasonable control.

Computer Management (For All Managed Services Packages)

Remote Support & Fix – Computer Issues
Orbis Solutions provides unlimited remote troubleshooting and support for issues related to managed computers covered under the applicable service agreement. Remote support may include diagnosis and resolution of operating system issues, software-related problems, configuration errors, performance concerns, and other supported system issues. Remote support services are provided in accordance with defined support hours, service scope, supported configurations, and Client approved access procedures. While Orbis Solutions will make commercially reasonable efforts to resolve issues remotely, Orbis Solutions does not guarantee resolution of all issues, particularly those requiring onsite service, third-party vendor involvement, or hardware replacement.

Endpoint Detection & Response (EDR)

Orbis Solutions provides Endpoint Detection and Response (EDR) services utilizing advanced cybersecurity software designed to monitor, detect, investigate, and respond to potential threats affecting supported endpoint devices. EDR services are intended to provide visibility into endpoint activity and assist in protecting against a range of cyber threats, including malware, ransomware, and advanced persistent threats (APTs).

EDR functionality may include automated threat detection, alerting, containment, and remediation actions based on configured security policies and service parameters. Service effectiveness is dependent upon supported devices, proper installation, system compatibility, licensing, and Client-approved configurations. While EDR services are intended to strengthen endpoint security, Orbis Solutions does not guarantee the prevention, detection, or remediation of all cybersecurity threats or incidents.

Antivirus
Orbis Solutions provides antivirus software designed to detect, block, quarantine, and remove viruses and other forms of malicious software from supported workstation devices. Antivirus services utilize signature-based detection, behavioral analysis, and automated update mechanisms to help identify known and emerging threats.

Antivirus protection is dependent upon proper installation, system compatibility, active licensing, and maintained connectivity for updates and monitoring. While antivirus services are intended to reduce the risk of malware infections, Orbis Solutions does not guarantee the prevention, detection, or removal of all malicious software or cybersecurity threats.

Ransomware Detection

Orbis Solutions provides ransomware detection technologies designed to identify suspicious or malicious activity consistent with ransomware behavior on supported workstation devices. These services are intended to detect potential ransomware infections and initiate automated or assisted response actions aimed at limiting file encryption and reducing the impact of the threat.

Ransomware mitigation services may include threat containment, alerting, and support for data recovery efforts where feasible. Service effectiveness is dependent upon proper deployment, system compatibility, licensing, and Client approved configurations. While these services are intended to reduce the risk and impact of ransomware incidents, Orbis Solutions does not guarantee the prevention of ransomware attacks, complete data recovery, or uninterrupted system availability.

24 / 7 / 365 Proactive Management & Alerts

Orbis Solutions provides continuous 24/7/365 monitoring and alert management services for supported devices covered under this addendum. Monitoring services are intended to identify, generate, and respond to system, performance, security, and operational alerts based on configured monitoring thresholds and service parameters.

Response activities may include alert review, incident triage, and remediation actions in accordance with the Client’s service agreement and defined escalation procedures. Service availability and response capabilities are dependent upon system compatibility, proper device onboarding, connectivity, licensing, and Client approved configurations. While continuous monitoring is designed to enhance system reliability and security, Orbis Solutions does not guarantee the prevention of all system failures, security incidents, or service interruptions.

Scheduled Preventative Maintenance

Orbis Solutions provides scheduled maintenance services for supported computers covered under this addendum. Maintenance activities may include system updates, security patching, performance optimization, routine health checks, and preventative maintenance tasks intended to maintain system stability, performance, and security.

Maintenance is performed during approved maintenance windows and in accordance with system compatibility, vendor release schedules, licensing, and Client approved configurations. While scheduled maintenance is intended to improve reliability and security posture, Orbis Solutions does not guarantee uninterrupted system availability, compatibility with all software applications, or prevention of system failures or security incidents.

Patch Management – Microsoft

Orbis Solutions provides patch management services through its Network Operations Center (NOC), which includes the identification, review, approval, testing where applicable, and automated deployment of vendor released security patches and critical system updates for supported systems and applications. Patch installations are scheduled during predetermined maintenance windows to reduce exposure to known security vulnerabilities while minimizing operational disruption.

Additional patch management services for nonstandard applications or systems may be provided upon Client request and subject to Orbis Solutions approval, system compatibility, and applicable licensing. While patch management services are intended to reduce security risk and improve system stability, Orbis Solutions does not guarantee compatibility with all third-party software, prevention of all vulnerabilities, or uninterrupted system performance following update deployment.

Automatic Escalation And Resolution Of Alerts

Orbis Solutions utilizes a Remote Monitoring and Management (RMM) platform to monitor supported systems and generate alerts based on predefined performance, security, and operational thresholds. The RMM system enables Orbis Solutions to review and escalate alerts to the appropriate technical personnel for investigation and resolution in accordance with established service levels and escalation procedures.

Alert generation, escalation, and response are dependent upon system compatibility, proper onboarding, connectivity, licensing, and Client approved monitoring configurations. While RMM services are intended to improve system visibility and response efficiency, Orbis Solutions does not guarantee the prevention of all system issues, security incidents, or service interruptions.

Service Auto-Healing

Orbis Solutions may implement automated remediation and “auto-healing” functions within its management and monitoring platforms to identify and resolve recurring system issues through approved automation scripts, workflows, or system policies. These automated processes are designed to improve system stability, reduce downtime, and increase response efficiency for supported devices and services.

Implementation of automated remediation is subject to system compatibility, testing, Client approved configurations, and defined service parameters. While automation is intended to enhance operational performance and reduce recurring issues, Orbis Solutions does not guarantee resolution of all system faults, prevention of future incidents, or uninterrupted system availability.

Firmware Updates

Orbis Solutions provides firmware update management for supported and managed computers. These services may include the identification, testing where applicable, and deployment of manufacturer released firmware updates intended to improve device security, stability, compatibility, and performance.

Firmware updates are performed in accordance with vendor availability, system compatibility, licensing, and approved maintenance windows. While firmware management services are intended to enhance device reliability and security posture, Orbis Solutions does not guarantee compatibility with all hardware or software configurations, prevention of hardware failures, or uninterrupted device operation.

Computer File Backup

Orbis Solutions provides file-level backup services for supported computers, covering standard business-related file extensions, with storage capacity of up to 250GB per computer and a retention period of up to thirty (30) days, subject to system capabilities and configured backup policies. Backup services are intended to support recovery of eligible files in the event of data loss, deletion, or corruption.

Additional Storage for Endpoint Backup
Additional backup storage capacity for computer file-level backups may be purchased in increments of 50GB per device, subject to availability, licensing, and applicable service fees.

Image-Based (Bare Metal) Backup Services
Orbis Solutions offers image-based backup services, including full system and bare metal backup capabilities, as an optional, separately purchased service. Image-based backups are designed to support full device restoration, including operating system, applications, and system configurations, subject to system compatibility, storage availability, applicable service fees, and Client approved configurations.

All backup services are dependent upon supported devices, proper installation, system connectivity, licensing, and defined service parameters. While these services are intended to enhance data protection and recovery readiness, Orbis Solutions does not guarantee prevention of data loss, successful restoration in all scenarios, or uninterrupted system availability.

Web Gateway / Content Filtering Security

Orbis Solutions provides web content filtering services designed to restrict or permit access to internet content based on Client defined website categories and security policies. Orbis Solutions will configure, implement, and maintain filtering rules intended to support acceptable use standards, security requirements, and productivity objectives.

Filtering effectiveness is dependent upon supported platforms, system compatibility, licensing, and Client approved configurations. Client acknowledges that web filtering may inadvertently block legitimate content or fail to block all inappropriate or malicious websites. Orbis Solutions does not guarantee the prevention of all access to unauthorized, harmful, or inappropriate internet content.

Application Control

Orbis Solutions provides application control and allowlisting services designed to permit, restrict, or block the execution of software applications on supported devices based on approved security policies and Client defined requirements. These controls are intended to reduce the risk of unauthorized or malicious software execution and enhance overall endpoint security.

Application control services may include the creation and maintenance of approved application lists, restriction policies, and monitoring of application activity. Service effectiveness is dependent upon system compatibility, proper deployment, licensing, and Client approved configurations. While application control is a widely recognized security best practice and is intended to reduce exposure to ransomware, viruses, and other software based threats, Orbis Solutions does not guarantee the prevention, detection, or mitigation of all malicious software or cybersecurity incidents.

User Elevation Control

Orbis Solutions provides user elevation control tools that enable the permitting, restricting, or blocking of software applications from executing on supported devices in accordance with approved security policies and Client defined requirements. These controls are designed to reduce exposure to unauthorized software, ransomware, viruses, and other application-based threats by enforcing defined application usage standards.

User elevation control services may include allowlisting, denylisting, policy enforcement, and monitoring of application execution activity. Service effectiveness is dependent upon system compatibility, proper deployment, licensing, and Client approved configurations. While user elevation control is considered an industry recognized security control, Orbis Solutions does not guarantee the prevention, detection, or remediation of all malicious software or cybersecurity incidents.

Ring-Fencing

Orbis Solutions will implement, manage, and maintain ring-fencing security controls designed to restrict computer system services, processes, applications, and drivers to their intended operational functions. Ring-fencing is intended to limit unauthorized interactions between applications and system components, thereby reducing the attack surface and providing an additional layer of protection against malware, ransomware, and threat actor exploitation.

Ring-fencing configurations are dependent upon system compatibility, vendor capabilities, licensing, and Client approved security policies. While ring-fencing is intended to enhance endpoint security and reduce risk exposure, Orbis Solutions does not guarantee the prevention, detection, or remediation of all malicious activity, cybersecurity incidents, or system vulnerabilities.

Managed Detection and Response (MDR) / Security Operation Center (SOC)

Orbis Solutions provides Managed Detection and Response (MDR) and Security Operations Center (SOC) services delivered by cybersecurity professionals responsible for monitoring, analyzing, and responding to potential security threats. These services collect and analyze security, system, and behavioral telemetry from supported devices and environments to identify suspicious activity, anomalous patterns, and indicators of compromise.

Security alerts and behavioral anomalies are reviewed by security analysts who may perform investigation, threat validation, and response coordination in accordance with defined service parameters. MDR/SOC services may also include proactive threat hunting activities designed to identify previously undetected indicators of compromise or emerging threat activity.

Service effectiveness is dependent upon supported systems, proper deployment, telemetry availability, licensing, and Client approved configurations. While MDR/SOC services are intended to enhance threat visibility and response capabilities, Orbis Solutions does not guarantee the prevention, detection, or remediation of all cybersecurity threats, attacks, or incidents.

Malware Sandboxing

Orbis Solutions provides malware sandboxing services designed to safely isolate and analyze suspicious files, software, or code within a controlled virtual environment. This technique allows potentially malicious activity to be observed and evaluated without exposing or impacting live production systems. Sandboxing services are intended to assist with threat analysis, risk assessment, and response decision making. Effectiveness is dependent upon supported platforms, available threat intelligence, and system integration capabilities. While malware sandboxing enhances threat analysis and containment, Orbis Solutions does not guarantee identification of all malicious software or prevention of cybersecurity incidents.

Computer Disk Encryption Management

Orbis Solutions will manage full disk encryption on supported and managed devices that are capable of encryption. Disk encryption services are intended to protect data stored on endpoint devices by encrypting data at rest and assisting with encryption policy enforcement, monitoring, and recovery key management where supported.

Disk encryption functionality is dependent upon hardware compatibility, operating system support, licensing, and Client approved configurations. While disk encryption is intended to enhance data protection in the event of device loss, theft, or unauthorized access, Orbis Solutions does not guarantee the prevention of all data breaches, unauthorized data access, or cybersecurity incidents.

Computer Management (BusinessShield™ and BusinessShield™ Compliance Only)

M365 Azure / InTune Support

Orbis Solutions provides support and configuration management services for Microsoft 365 Azure and Microsoft Intune environments to help optimize performance, security posture, and administrative functionality. Services may include configuration changes, policy management, security hardening, and administrative support in accordance with Client approved requirements and best practices. Orbis Solutions will also assist with management of applicable Azure and Intune licenses based on Client direction and authorization. Service delivery requires appropriate Microsoft licensing, deployment of Mobile Device Management (MDM), supported system compatibility, and Client defined configurations and service parameters. While these services are intended to enhance performance and security, Orbis Solutions does not guarantee optimization outcomes, license availability, or prevention of all security risks or configuration issues.

Custom Alerts

Orbis Solutions provides the ability to configure custom service and application alerts based on Client defined requirements and approved thresholds. Custom alerts may be designed to notify designated contacts of specific system events, performance conditions, or application behaviors to support timely awareness and response. Alert configuration and effectiveness are dependent upon supported systems, monitoring platform capabilities, licensing, and Client approved parameters. While custom alerts are intended to enhance visibility and responsiveness, Orbis Solutions does not guarantee detection of all events, real-time delivery of notifications, or prevention of service interruptions or system issues.

Data Loss Prevention

Cyber Attack Remediation

For purposes of this Agreement, a “Cybersecurity Attack” shall mean any actual or suspected occurrence that compromises, or has the potential to compromise, the confidentiality, integrity, or availability of an information system or any information processed, stored, or transmitted by such system. This includes, without limitation, any actual or attempted unauthorized access, security breach, data compromise, cyber-attack, malware infection, credential breach, or other activity that violates, or presents an imminent threat of violating, applicable security policies, procedures, or acceptable use standards. A Cybersecurity Attack shall also include any such occurrence attributable, in whole or in part, to the actions, omissions, or negligence of the Client or the Client’s personnel.

In the event of a Cybersecurity Attack, Orbis Solutions shall require a retainer in the amount of Five Thousand Dollars ($5,000) prior to commencing incident response services. All such services shall be billed in accordance with the Orbis Solutions’ then current Rate Card published at: https://OrbisSolutionsInc.com/ratecard. Upon depletion of the retainer balance, additional retainers in the amount of $5,000 shall be required on a rolling basis until the incident has been fully resolved.

Notwithstanding the foregoing, Orbis Solutions will provide or facilitate a limited (5) hours amount of initial cyber incident triage services per calendar year at the discounted rate set forth in the Company’s Rate Card, without the requirement of a retainer. Any services performed beyond this limited triage period shall be subject to the retainer and billing terms described herein.

Automated Software Deployment

Orbis Solutions provides automated deployment of designated managed software across supported and managed devices in accordance with approved configuration standards and deployment policies. Automated deployment is intended to support consistent software installation, version control, and operational efficiency. Deployment of software not classified as managed may be provided upon Client request and is subject to additional fees, block hours, system compatibility, and Orbis Solutions approval. Software deployment services are dependent upon supported platforms, licensing availability, proper device enrollment, and Client approved configurations. While automated deployment is intended to streamline software management, Orbis Solutions does not guarantee successful installation on all devices or compatibility with all third-party software.

Provision Computer

Orbis Solutions provides labor-only computer provisioning services for supported devices. All hardware, software, licensing, and third-party costs are excluded and remain the responsibility of the Client unless otherwise agreed in writing. Provisioning services include configuring managed computers to align with the Client’s approved standard configuration (desired state”) for new hires. All devices must meet Orbis Solutions’s minimum baseline requirements, which may include supported hardware, system specifications (such as CPU, RAM, and storage capacity), and a current, vendor-supported operating system. The applicable service package includes up to three (3) new computer provisioning setups per calendar month. Additional computer provisioning requests beyond the included monthly allotment will be billed at a flat fee of three hundred seventy-five dollars ($375) per new computer setup, unless otherwise specified in writing.

Installation Of New Software

Orbis Solutions provides labor-only services for the installation of new software on supported systems. All hardware, software, licensing, and third-party costs are excluded and are the sole responsibility of the Client unless otherwise agreed in writing. Orbis Solutions will provide ongoing troubleshooting and support for software that is designated as managed under the applicable service agreement. Software not classified as managed will receive support on a commercially reasonable, best-effort basis, or Orbis Solutions may act as a technical liaison with the applicable software vendor or product support provider on the Client’s behalf.

SIEM

Orbis Solutions provides Security Information and Event Management (SIEM) services designed to collect, aggregate, and analyze system and security event data from supported computers, servers, network infrastructure, and integrated platforms. SIEM monitoring captures activity such as system operations, network access events, configuration changes, permission modifications, and other security-relevant telemetry. This data is analyzed to identify abnormal or potentially malicious behavior patterns and generate alerts for investigation and response. SIEM services also assist with security event correlation and forensic analysis to help trace potential security incidents to their source, subject to available log data and system integration capabilities. Standard SIEM log retention includes up to one (1) year of stored event data. Extended log retention may be purchased upon Client request and is subject to platform capabilities, storage availability, and applicable service fees.

On-Site Support & Fix – Computer Issues

During designated Support Hours, Orbis Solutions may provide onsite support and remediation services for supported business computers at the Client’s premises when deemed necessary by Orbis Solutions for effective diagnosis or resolution. Standard onsite support hours are Monday through Friday, 8:00 a.m. to 5:00 p.m. Local Time, excluding recognized holidays as outlined in Orbis Solutions’ Holiday Schedule available at https:// OrbisSolutionsInc.com/holidayschedule. Onsite services are provided based on service scope, issue severity, resource availability, and scheduling considerations, and may be preceded by remote troubleshooting when appropriate. While Orbis Solutions will make commercially reasonable efforts to deliver timely onsite support, onsite response times and availability are not guaranteed and may be impacted by circumstances beyond Orbis Solutions’s reasonable control.

Computer Management (Add On / Additional Billing)

All The Time VPN For Computers

Orbis Solutions provides always-on Virtual Private Network (VPN) services for supported computers used by remote users to help maintain secure, encrypted connections when accessing business systems, applications, and network resources. The always-on VPN is designed to enforce continuous protection of network traffic, regardless of user location, subject to system capabilities and approved security policies. VPN services are dependent upon supported devices, operating systems, network connectivity, licensing, and Client approved configurations. While always-on VPN enhances connection security, Orbis Solutions does not guarantee uninterrupted connectivity, compatibility with all networks or applications, or prevention of all cybersecurity threats or unauthorized access attempts.

Network Control

Orbis Solutions may deploy and manage Network Control to regulate and restrict network communications between devices, applications, and network resources based on approved security policies. Network Control is designed to provide granular control over inbound and outbound network traffic, allowing Orbis Solutions to permit, block, or restrict communications between endpoints, servers, and external network destinations to reduce unauthorized access and lateral threat movement.

Network Control policies may include application-based network restrictions, device-to-device communication controls, and segmentation enforcement intended to reduce the attack surface and enhance overall network security posture. Configuration and effectiveness of Network Control are dependent upon supported environments, proper deployment, licensing, and Client-approved security policies.

While Network Control is intended to strengthen network segmentation and reduce exposure to unauthorized or malicious network activity, Orbis Solutions does not guarantee the prevention, detection, or mitigation of all cybersecurity threats, unauthorized communications, or network-based attacks.

Storage Control
Orbis Solutions may deploy and manage Storage Control to regulate and restrict access to removable and external storage devices on supported systems. Storage Control is designed to permit, block, or limit the use of storage media such as USB drives, external hard drives, and other removable storage devices based on approved security policies and Client-defined requirements.

Storage Control policies may include device allowlisting, read/write restrictions, encryption enforcement, and monitoring of removable media usage to reduce the risk of unauthorized data transfer, data exfiltration, malware introduction, and compliance violations. Configuration and effectiveness of Storage Control are dependent upon supported environments, proper deployment, licensing, and Client approved security policies.

While Storage Control is intended to enhance data protection and endpoint security, Orbis Solutions does not guarantee the prevention, detection, or mitigation of all data loss events, unauthorized device usage, or cybersecurity incidents.

Server Management (For All Managed Services Packages)

Remote Support & Fix – Server Issues
Orbis Solutions provides unlimited remote troubleshooting and support for issues related to managed servers covered under the applicable service agreement. Remote support may include diagnosis and resolution of operating system issues, software-related problems, configuration errors, performance concerns, and other supported system issues. Remote support services are provided in accordance with defined support hours, service scope, supported configurations, and Client approved access procedures. While Orbis Solutions will make commercially reasonable efforts to resolve issues remotely, Orbis Solutions does not guarantee resolution of all issues, particularly those requiring onsite service, third-party vendor involvement, or hardware replacement.

Endpoint Detection & Response (EDR)

Antivirus
Orbis Solutions provides antivirus software designed to detect, block, quarantine, and remove viruses and other forms of malicious software from supported workstation devices. Antivirus services utilize signature-based detection, behavioral analysis, and automated update mechanisms to help identify known and emerging threats.

Ransomware Detection

Orbis Solutions provides ransomware detection technologies designed to identify suspicious or malicious activity consistent with ransomware behavior on supported servers. These services are intended to detect potential ransomware infections and initiate automated or assisted response actions aimed at limiting file encryption and reducing the impact of the threat.

24 / 7 / 365 Proactive Management & Alerts

Scheduled Preventative Maintenance

Orbis Solutions provides scheduled maintenance services for supported servers covered under this addendum. Maintenance activities may include system updates, security patching, performance optimization, routine health checks, and preventative maintenance tasks intended to maintain system stability, performance, and security.

Patch Management – Microsoft

Automatic Escalation And Resolution Of Alerts

Service Auto-Healing

Firmware Updates

Orbis Solutions provides firmware update management for supported and managed servers. These services may include the identification, testing where applicable, and deployment of manufacturer released firmware updates intended to improve device security, stability, compatibility, and performance.

Server File Backup

Orbis Solutions provides file-level backup services for supported servers, covering standard business-related file extensions, with storage capacity of up to 1TB per server and a retention period of up to ninety (90) days, subject to system capabilities and configured backup policies. Backup services are intended to support recovery of eligible files in the event of data loss, deletion, or corruption.

Additional Storage for Server Backup
Additional backup storage capacity for server file-level backups may be purchased in increments of 50GB per device, subject to availability, licensing, and applicable service fees.

Web Gateway / Content Filtering Security

Application Control

User Elevation Control

Ring-Fencing

Orbis Solutions will implement, manage, and maintain ring-fencing security controls designed to restrict server system services, processes, applications, and drivers to their intended operational functions. Ring-fencing is intended to limit unauthorized interactions between applications and system components, thereby reducing the attack surface and providing an additional layer of protection against malware, ransomware, and threat actor exploitation.

Managed Detection and Response (MDR) / Security Operation Center (SOC)

Malware Sandboxing

Computer Disk Encryption Management

Server Management (For BusinessShield™ and BusinessShield™ Compliance Packages)

M365 Azure / InTune Support

Custom Alerts

Data Loss Prevention

Automated Software Deployment

24 / 7 / 365 Backup Monitoring, Alert Management

Orbis Solutions will manage, monitor, troubleshoot, and remediate backup related alerts and issues for supported and managed servers in accordance with the applicable service agreement. Services may include backup job monitoring, failure resolution efforts, backup integrity checks, and coordination of restoration activities where applicable.

Data retention periods will be governed by the Client’s documented compliance requirements where applicable, or otherwise by a standard rolling ninety (90) day retention period as defined by the selected service package.

Clients enrolled in Compliance-as-a-Service offerings may receive enhanced backup restore testing, validation procedures, and reporting in accordance with their applicable agreement. While backup monitoring and management services are intended to improve data protection and recovery readiness, Orbis Solutions does not guarantee successful backup completion, full data recoverability in all scenarios, or uninterrupted system availability.

SIEM

On-Site Support & Fix – Server Issues

During designated Support Hours, Orbis Solutions may provide onsite support and remediation services for supported business servers at the Client’s premises when deemed necessary by Orbis Solutions for effective diagnosis or resolution. Standard onsite support hours are Monday through Friday, 8:00 a.m. to 5:00 p.m. Local Time, excluding recognized holidays as outlined in Orbis Solutions’ Holiday Schedule available at https:// OrbisSolutionsInc.com/holidayschedule. Onsite services are provided based on service scope, issue severity, resource availability, and scheduling considerations, and may be preceded by remote troubleshooting when appropriate. While Orbis Solutions will make commercially reasonable efforts to deliver timely onsite support, onsite response times and availability are not guaranteed and may be impacted by circumstances beyond Orbis Solutions’ reasonable control.

Cyber Attack Remediation

Server Management (Add On / Additional Billing)

Network Control

Storage Control
Orbis Solutions may deploy and manage Storage Control to regulate and restrict access to removable and external storage devices on supported systems. Storage Control is designed to permit, block, or limit the use of storage media such as USB drives, external hard drives, and other removable storage devices based on approved security policies and Client-defined requirements.

Site Management

Dark Web Monitoring

Orbis Solutions provides dark web credential monitoring services utilizing a combination of automated intelligence tools and security analyst review to identify, analyze, and monitor for potentially compromised credentials associated with the Client’s organization. These services leverage advanced search and monitoring capabilities to scan known dark web and breach data sources on a 24/7/365 basis and generate alerts when potential credential exposures are identified.

Monitoring services are limited to available third-party data sources and intelligence feeds and are dependent upon Client provided domains, user identifiers, and approved monitoring parameters. While dark web credential monitoring is intended to enhance early threat awareness and incident response readiness, Orbis Solutions does not guarantee the detection of all compromised credentials, data breaches, or cybersecurity incidents.

Power Management

Orbis Solutions provides 3 port power management solutions designed to automatically cycle or restart supported networking and server equipment, including routers, firewalls, and servers, in the event of an internet service disruption or power related outage. These systems are intended to assist with restoring connectivity and reducing downtime through automated recovery procedures.

Functionality is dependent upon hardware compatibility, proper installation, power availability, environmental conditions, and Client approved configurations. While automated power management is intended to improve system availability and recovery response times, Orbis Solutions does not guarantee restoration of connectivity, prevention of service interruptions, or resolution of outages caused by external service providers or infrastructure failures.

Network Monitoring and Alerting for All Network Devices and Peripherals

Orbis Solutions provides network traffic monitoring software designed to deliver visibility into network data flow across supported infrastructure. These services are intended to help identify performance issues, anomalies, bottlenecks, and inconsistencies that may contribute to network slowdowns, latency, or service interruptions.

Monitoring and analysis capabilities are dependent upon supported network devices, system compatibility, licensing, telemetry availability, and Client approved configurations. While network traffic monitoring is intended to improve network performance visibility and troubleshooting capabilities, Orbis Solutions does not guarantee the prevention of network outages, performance degradation, or service disruptions.

Network Management

Orbis Solutions will provide management and support services for supported office network infrastructure equipment. Services will include monitoring, configuration management, troubleshooting, maintenance, and general operational support for covered network devices. End-of-Life (EOL) or manufacturer’s unsupported hardware will be supported on a commercially reasonable, best-effort basis. Where applicable, Orbis Solutions may coordinate or facilitate vendor or third-party support on behalf of the Client, subject to vendor availability, support contract eligibility, and applicable service fees. Support services will generally be delivered remotely unless Orbis Solutions determines that onsite service is required to properly diagnose or remediate the issue. While these services are intended to maintain operational performance and reliability, Orbis Solutions does not guarantee resolution of all hardware or network issues, particularly those related to unsupported or EOL equipment.

Site Management (Add On / Additional Billing)

Firewall With IDS / IPS as-a-Service

Orbis Solutions provides Firewall-as-a-Service (FWaaS) utilizing enterprise-grade firewall platforms equipped with Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) capabilities. These security controls are designed to monitor network traffic, inspect data flows, and analyze network events for indicators of potential security threats, malicious activity, or policy violations.

IDS/IPS services may include automated alerting, threat blocking, traffic inspection, and security policy enforcement based on configured rules and Client approved security parameters. Service effectiveness is dependent upon proper deployment, network architecture, system compatibility, licensing, and approved configurations. While FWaaS and IDS/IPS technologies are intended to enhance network security posture, Orbis Solutions does not guarantee the prevention, detection, or mitigation of all cyber threats, unauthorized network access, or security incidents.

Power Management With UPS

Orbis Solutions provides power management solutions that include automated power cycling and battery backup capabilities for supported networking and server equipment, including routers, firewalls, and servers. In the event of an internet service disruption or power-related outage, the power management system is designed to automatically restart connected devices in an effort to restore business connectivity. Battery backup functionality is intended to provide temporary power continuity during total power failure, subject to device capacity and load requirements.

Functionality and runtime are dependent upon hardware specifications, power load, proper installation, environmental conditions, and Client-approved configurations. While power management and battery backup systems are intended to improve system availability and outage recovery response, Orbis Solutions does not guarantee restoration of connectivity, extended power availability, or prevention of service interruptions caused by external service providers or infrastructure failures.

Securance (VCISO + Compliance)

Governance, Risk and Compliance Center

Orbis Solutions provides access to a Galactic Portal is designed to support the management, tracking, and reporting of regulatory, cybersecurity, and operational compliance requirements. The Galactic Portal may include tools and resources to assist with risk assessments, policy management, compliance documentation, control mapping, audit preparation, and ongoing compliance monitoring aligned with applicable regulatory frameworks and industry standards.

The Galactic Portal is intended to provide visibility into organizational risk posture, BusinessShield™ Compliance, and security control effectiveness through centralized reporting and documentation management. Service capabilities are dependent upon platform features, licensing, Client participation, and approved configurations.

While the Galactic Portal is designed to support compliance readiness and risk management efforts, Orbis Solutions does not guarantee regulatory certification, audit success, or full compliance with any specific law, regulation, or industry framework.

Written Policies

Orbis Solutions will assist in the development, documentation, and maintenance of formal written policies designed to establish security, operational, and compliance standards for the Client’s organization. Policies may address areas such as acceptable use, data protection, access control, incident response, and regulatory compliance. Written policies are intended to support governance and compliance objectives but do not guarantee regulatory approval or enforcement effectiveness.

Plan of Action and Milestones (POAM)

Orbis Solutions will provide a Plan of Action and Milestones (POAM) document designed to identify security or compliance gaps, define remediation steps, assign responsibilities, and establish timelines for corrective actions. POAMs are intended to assist with tracking risk remediation and BusinessShield™ Compliancegress but do not guarantee risk elimination or compliance certification.

Network Diagram

Orbis Solutions will develop and maintain network diagrams illustrating the Client’s network infrastructure, including devices, connections, data flow paths, and security boundaries. Network diagrams are intended to support operational visibility, troubleshooting, and compliance documentation and are dependent upon Client provided information and environment accuracy.

Audit Log Review

Orbis Solutions will perform periodic review of system and security audit logs to identify suspicious activity, configuration changes, or policy violations. Audit log reviews are intended to support security monitoring and compliance oversight but are limited to available log data, retention policies, and configured monitoring parameters.

Compliance Report Scorecard

Orbis Solutions will provide compliance scorecard reporting designed to measure the Client’s alignment with selected regulatory frameworks, cybersecurity standards, or internal control requirements. Scorecards provide visibility into compliance posture and improvement opportunities but do not guarantee regulatory compliance or audit outcomes.

Vendor Compliance Management

Orbis Solutions will assist with vendor compliance management activities, including vendor risk evaluations, documentation review, and compliance tracking related to third-party service providers. These services are intended to help assess vendor security posture and compliance alignment but do not guarantee vendor performance, security practices, or regulatory adherence.

Disaster Recovery Plan

Orbis Solutions will assist in the development and documentation of a Disaster Recovery Plan (DRP) outlining procedures for restoring systems, applications, and data following a disruptive event. The DRP is intended to support business continuity and recovery readiness but does not guarantee full system restoration or recovery within defined timeframes.

Disaster Recovery Testing

Orbis Solutions will coordinate and conduct disaster recovery testing exercises designed to validate recovery procedures, system restoration capabilities, and operational readiness. Testing results may include documentation of findings and improvement recommendations. Testing is intended to improve preparedness but does not guarantee successful recovery during actual disaster events.

Network & Security Assessment Reporting

Orbis Solutions will perform network and security assessments and provide reporting that identifies vulnerabilities, configuration weaknesses, and risk exposure within the Client’s technology environment. Assessment reports are intended to provide recommendations for improvement but do not guarantee identification of all vulnerabilities or security risks.

Incident Response Plan Testing

Orbis Solutions will coordinate and conduct incident response plan testing exercises designed to evaluate the effectiveness of the Client’s cybersecurity incident response procedures, escalation processes, and communication protocols. Testing is intended to improve preparedness and response efficiency but does not guarantee successful mitigation of all cybersecurity incidents.

quarterly Penetration Test

Orbis Solutions will coordinate or facilitate annual penetration testing performed by qualified internal personnel or third-party security professionals to evaluate system, network, and application security through controlled simulated attack methods. Penetration testing is intended to identify exploitable vulnerabilities and provide remediation recommendations but does not guarantee identification of all security weaknesses or prevention of future cyberattacks.

Mobile Device Management

Support & Fix Mobile Device Issues (Remote Only)

Orbis Solutions provides remote support services for supported personal/business mobile devices. Remote support will include troubleshooting, configuration assistance, software support, and general device management for supported applications and operating systems. These services do not include physical repair, replacement, or remediation of damaged, defective, or malfunctioning mobile device hardware. Hardware related issues may require manufacturer, vendor, or third-party repair services, which may be coordinated by Orbis Solutions upon Client request and subject to additional fees and vendor availability.

Mobile Device Management (Add On / Additional Billing)

All The Time VPN For Mobile Devices

Orbis Solutions provides Virtual Private Network (VPN) services for supported mobile devices to help establish secure, encrypted connections when accessing business systems, applications, and network resources. VPN services are intended to protect data transmissions and reduce exposure to unauthorized network access, particularly when devices are connected to public or untrusted networks.

VPN functionality is dependent upon supported devices, network connectivity, licensing, and Client approved configurations and access policies. While VPN services are intended to enhance connection security and data protection, Orbis Solutions does not guarantee uninterrupted connectivity, compatibility with all networks or applications, or prevention of all cybersecurity threats or unauthorized access attempts.

Application Control

Orbis Solutions may provide application control services for supported mobile devices through Mobile Device Management (MDM) platforms, including Microsoft Intune, to permit, restrict, or block mobile application installation and usage based on approved security policies and Client defined requirements. These controls are intended to enhance mobile device security, support compliance objectives, and reduce exposure to unauthorized or malicious applications.

Service delivery requires appropriate Microsoft licensing, MDM platform deployment, supported device compatibility, and Client approved configurations and service parameters. While mobile application control is intended to strengthen mobile security posture, Orbis Solutions does not guarantee the prevention of unauthorized application usage, data compromise, or cybersecurity incidents.

Mobile Device Management software (MDM)

Orbis Solutions provides Mobile Device Management (MDM) services designed to automate, enforce, and manage administrative, security, and configuration policies for supported business owned mobile devices. MDM services may include device enrollment, policy enforcement, application management, security configuration, remote support capabilities, and device compliance monitoring.

Service delivery requires appropriate Microsoft licensing, MDM platform deployment, supported device compatibility, and Client approved configurations and service parameters. While MDM services are intended to enhance device security, operational control, and compliance management, Orbis Solutions does not guarantee prevention of unauthorized access, data loss, device misuse, or cybersecurity incidents.

Exclusions and Service Guidelines

The purpose of these Exclusions and Service Guidelines is to clearly define the scope, limitations, and responsibilities associated with services provided by Orbis Solutions, Inc. (“Orbis Solutions”) and the Client. These provisions are incorporated into and supplement the Master Services Agreement (“MSA”), the Managed Services Addendum, and any applicable Statements of Work (“SOW”).

Service Selection and Applicability

The Safe Start package and other Managed Service packages may include multiple service options. The Client will receive only those services explicitly selected and documented in the executed Managed Services Addendum or Service Agreement.
All services, requirements, limitations, and exclusions described within this document shall apply unless otherwise modified through a written and executed addendum.
New Client Definition
A “New Client” is defined as an organization that has not previously received services from Orbis Solutions or any entity acquired by Orbis Solutions prior to executing the applicable agreement.
Orbis Solutions reserves the right to bill labor at the applicable hourly rate for any discovery, data retrieval, audit support, or documentation preparation related to litigation, regulatory compliance, insurance requirements, or third-party audits unless otherwise specified in writing.
Any service, function, responsibility, or deliverable not expressly defined within the applicable service agreement documentation shall be considered excluded from the scope of services.

Technical Service Guidelines

Orbis Solutions will provide support only for properly licensed and legally obtained software. Support for pirated, counterfeit, unauthorized, or unlicensed software is strictly excluded.
Orbis Solutions supports business-related applications only. Support for non-business or personal-use applications including, but not limited to, social media platforms, streaming services, online retail services, and personal email systems is excluded.
Support provided to any device, user, or system not covered under the Client’s agreement will be billed at the applicable hourly rate listed at:
https:// OrbisSolutionsInc.com/ratecard
Orbis Solutions does not support consumer or “Home Edition” operating systems.
Orbis Solutions will manage and support only systems that are joined to and properly integrated with Microsoft Active Directory or Microsoft Entra ID unless otherwise agreed in writing.
Security software, monitoring agents, endpoint protection tools, or any Orbis Solutions deployed management utilities may not be removed, disabled, altered, or interfered with by the Client or any third party. Unauthorized removal or interference constitutes a material breach of agreement, and remediation services will be billed at applicable rates.
Administrative credentials and remote management access required for service delivery must remain active and unrestricted throughout the service term. Time spent restoring or reconfiguring access will be billable.
Only software approved by the Client’s executive management should be installed on production systems.
Orbis Solutions strongly recommends that end users not be granted local administrator privileges. Any remediation required due to misuse of administrative privileges, security compromise, or system instability may be billed at applicable hourly or incident response rates.
Orbis Solutions may maintain Letters of Agency for third-party vendors when coordination or management services are provided.
Project-based services are excluded from Managed Services unless otherwise stated and will be quoted separately as fixed-fee or time-and-materials engagements. Project work will not begin without written Client authorization.
Support for third-party software is provided on a commercially reasonable, best-effort basis. The Client remains responsible for maintaining vendor or manufacturer support agreements. Escalation, advanced troubleshooting, or vendor coordination may incur additional charges.
Hardware replacement, infrastructure upgrades, or major system redesigns are not included in recurring Managed Services and will be billed separately.
Custom scripting, coding, or automation development is excluded from standard support and will be treated as project-based work.
Testing, validation, or staging of patches, software updates, or service packs at Client request is billable.
Backup restoration testing requested by the Client is billable unless specifically included in the service agreement.
The Client is responsible for purchasing required hardware and software licensing. While procurement may occur through Orbis Solutions or third parties, all production installation and configuration must be performed or approved by Orbis Solutions and may be billable.
The Client must provide accurate and current user data, security policies, business continuity information, and system documentation necessary for service delivery.
Orbis Solutions will monitor and enforce only those security policies that have been formally provided and documented by the Client.
Mobile device support includes one business-owned device per covered user and is limited to business email configuration and troubleshooting. Additional mobile device support requires enrollment in Orbis Solutions Mobile Device Management (MDM) services.
The Client is responsible for maintaining reliable internet service and internal network connectivity.
Network bandwidth requirements and performance expectations shall be mutually agreed upon by both parties.
Technical support for Client vendors, partners, or third parties is excluded unless explicitly included in an addendum or SOW.

Clients are required to maintain vendor-supported operating systems and hardware that is no more than five (5) years old from the original manufacturer release date, unless otherwise approved in writing by Orbis Solutions. Systems or devices that are considered End-of-Life (EOL), End-of-Support (EOS), or otherwise unsupported by the manufacturer may present increased security, compatibility, and reliability risks. End-of-Life or unsupported hardware and operating systems will receive support on a commercially reasonable, best-effort basis only. Orbis Solutions reserves the right to limit services, require remediation, recommend upgrades, or exclude unsupported systems from certain managed services were security, performance, or service delivery may be impacted. Any services required for systems outside these guidelines will be billed at an additional rate. Furthermore, if Client does not follow recommendations regarding hardware, software, licensing, or support contracts, Client agrees to execute a waiver of liability releasing Orbis Solutions from any responsibility for resulting issues, including but not limited to downtime, security vulnerabilities, or incompatibility.
Networking Guidelines

The Client retains full ownership, authority, and responsibility for all public domain names and Domain Name System (DNS) services. Orbis Solutions is not responsible for registration, renewal, transfer, or security of domain or DNS services unless specifically contracted in writing.
The Client retains responsibility for internal network design, including IP addressing schemes and subnet configuration. Orbis Solutions may provide recommendations; however, failure to follow recommended network design practices may result in service limitations or performance issues. Orbis Solutions shall not be liable for issues arising from such decisions.

Printer Management Guidelines

The Client is responsible for providing all necessary printer documentation, drivers, licenses, and vendor access required for configuration and support. Orbis Solutions will make commercially reasonable efforts to assist but cannot guarantee configuration success without proper vendor resources.
Physical printer repair, maintenance, and servicing are the responsibility of the Client or the Client’s designated printer vendor.
Printer supplies and consumables are the responsibility of the Client.

Incident Response and Security Event Guidelines

Security incident investigation, forensic analysis, and breach response services are excluded unless specifically included within the Client’s service package or covered by an executed security retainer or addendum.
Coordination with third-party security vendors, auditors, or compliance assessors is billable unless otherwise stated in writing.
Orbis Solutions supports only hardware and software that is currently supported by the manufacturer. Upon identifying End-of-Life (EoL) or End-of-Support (EoS) systems, Orbis Solutions will notify the Client and provide upgrade recommendations. Continued support for EoL or EoS systems may be limited and billed separately.

Scope Limitation Statement

Any service, responsibility, or deliverable not expressly defined within the Master Services Agreement, Managed Services Addendum, Service Detail Documentation, Service Level Expectations, Holiday Schedule, Statement of Work, or a duly executed addendum shall be considered outside the scope of Managed Services and may require separate authorization and billing.