Frequently Asked Questions

CO-IT is especially helpful during growth because it lets a business scale support at the exact pace it’s expanding—without locking into higher monthly costs or rushing to hire.

Here’s a simple example:

A small office adds five new employees. Under a traditional managed IT plan, the monthly bill jumps immediately because labor is baked into every new seat. With CO-IT, the platform cost increases slightly for those new workstations, but labor only increases if you actually need more hands-on help.

If your internal staff can handle the day-to-day tasks, your monthly cost stays low. If growth starts to stretch them thin, you can call us in as needed—at a predictable $75/hour. That might be for setting up new devices, strengthening Wi-Fi, organizing cloud storage, or handling a surge in support tickets.

In other words: you only pay for more support when growth actually creates more work. There’s no penalty for expanding and no pressure to commit to higher labor tiers before you’re ready.

CO-IT is a flexible support model that adapts to whatever your team looks like—whether you have no IT staff, a helpful employee who handles small tasks, or a dedicated on-site technician. The core idea is simple: you pay for the platform that keeps your systems healthy, and any hands-on work is billed only when you actually use it. Nothing is front-loaded into per-seat pricing.

Here’s how that plays out:

• If you don’t have an IT person: We take on the full workload—monitoring, patching, troubleshooting, projects, and planning. The platform keeps everything visible and maintained, and we handle the rest.
• If someone on your team already handles small fixes: They keep doing those familiar tasks, and we step in for anything deeper or time-consuming. You aren’t charged twice for work you’re already covering internally.
• If your IT staff is stretched thin: We provide overflow support, specialized skills, and PTO coverage so nothing gets stuck waiting.

Everything stays documented, responsibilities are clear, and your team keeps ownership. CO-IT simply gives you a calm, steady way to get the help you need—without paying for labor you didn’t use.

CO-IT fits best in environments where a small team needs dependable IT support without the cost or rigidity of a full managed-service contract. Because the platform is included and labor is on-demand, you can scale support to match real needs instead of paying for unused capacity.

Common use cases include:

• No in-house IT (we run the whole environment). Small offices that just need things to work—steady Wi-Fi, patched devices, clear documentation, and someone to call when something breaks.
• A helpful employee handles small stuff. Teams where someone resets passwords, unjams printers, or handles basic tasks. CO-IT covers everything above that level so nothing is left half-done.
• An overworked IT person needs breathing room. We take overflow tasks, specialized network work, and PTO coverage so tickets don’t pile up.
• Businesses with unpredictable workloads. Some months are quiet; others are not. The model flexes with you. You don’t pay for labor you aren’t using.
• Project-based needs. Wi-Fi redesigns, new equipment rollouts, cleanup work, or migrations that require experienced hands without hiring additional staff.
• Teams needing better visibility. CO-IT’s platform provides monitoring, patching, and a clear view of your devices—even if your internal team still handles front-line tasks.

The common thread: you get steady, professional backup without the cost or pressure of a fixed, labor-heavy contract.

Enuclea can operate as your fully outsourced IT department if that’s what you need. The real difference between CO-IT and “fully managed IT” is not the level of service—it’s how labor is billed.

Most MSPs advertise a “predictable flat rate,” but in practice that rate only covers a defined set of routine tasks. Anything outside that list—major changes, projects, incident response, after-hours work—gets billed separately. So businesses end up paying twice: once for the labor baked into the per-seat fee, and again for the work that didn’t fit inside the contract.

CO-IT approaches this differently: You get the full baseline platform, and labor is billed only for what you actually use—nothing is front-loaded.

Still, some businesses are better served with a fully outsourced posture under CO-IT’s billing style. Signs include:

• You know you’ll need regular hands-on labor. If your environment generates a steady stream of tickets, changes, or onsite needs, you’ll naturally consume more labor—and CO-IT can function as your full IT department without overcharging you.
• You want Enuclea to take every task by default. If your team doesn’t want to touch even small items like account changes or device help, we can take it all. You simply pay for the actual labor performed.
• Your environment is dynamic or project-heavy. Frequent upgrades, compliance work, or episodic changes often fall outside other MSPs’ “included” labor—but under CO-IT the billing is straightforward: you pay for the time used, not a penalty fee.
• You’ve experienced surprise bills from ‘all-inclusive’ plans. If you’ve been caught off-guard by exclusions, change-order fees, or after-hours charges, CO-IT’s pay-for-what-you-use model is typically more transparent.

The takeaway: CO-IT can absolutely serve as your fully outsourced IT department. The difference is simply that labor is not pre-bundled and then re-billed later—it’s billed once, only when used.

Yes — this is one of the areas where CO-IT shines. When your IT person is out, the business shouldn’t slow down, and no one should feel pressure to “just wait until they’re back.” CO-IT provides smooth, quiet coverage so your operations stay steady.

Here’s how PTO coverage works:

• We step in seamlessly. Because CO-IT already maintains your patching, MDR/EDR, monitoring, and documentation, there’s no scrambling when your IT person is away. We simply pick up the workload.
• Tickets keep moving. Password resets, software issues, onboarding needs, small fixes — the normal flow of support continues without creating a backlog.
• Urgent issues are still handled immediately. If something breaks while your IT person is out, you’re not stuck waiting. We treat it just like any other critical issue.
• No re-explaining your environment. Since we’re already familiar with your systems, users, and workflows, we don’t need a day of catch-up to step in. Coverage is immediate.
• Your IT person returns without chaos. Instead of coming back to a pile of problems, they return to a clean slate — no burnout, no firefighting.
• You stay protected. Monitoring, security alerts, and automated maintenance continue without interruption, so nothing is overlooked during their absence.
• Short-term or long-term — both are fine. Whether it’s a day of illness, a week of vacation, or an unexpected extended absence, CO-IT keeps the environment steady the entire time.

In short: Yes — CO-IT provides calm, reliable PTO and sick-day coverage so your business doesn’t miss a beat when your IT person is away.

Optional follow-up questions:

Yes. CO-IT works seamlessly with remote and hybrid environments. Whether your team is fully in-office, fully remote, or a mix of both, the platform and support model adapt easily.

Here’s what that looks like:

• Remote devices are fully covered. Patching, MDR/EDR, monitoring, antivirus, and ransomware detection all function the same no matter where the workstation is located. A laptop at home receives the same protection as one in the office.
• We support mixed environments without special requirements. Remote, hybrid, traveling employees — none of this adds complexity on your end. CO-IT is designed for distributed teams.
• Optional remote access package ($5/workstation). For remote staff who need to reach their office PC, we offer a simple, secure, managed remote-access add-on. No traditional VPN headaches.
• We help with onboarding anywhere. New hires can be onboarded remotely with no issues — accounts created, systems configured, and devices prepared without requiring them to come onsite.
• Troubleshooting is remote by default. Most issues are resolved quickly through secure remote access, without involving onsite visits or delays.
• Documentation includes remote workflows. Access methods, cloud app usage, MFA setups, and remote workflows are noted so everything stays clear and consistent.
• Hybrid teams get the same stability as in-office teams. The platform keeps every device secure and up to date, regardless of location, keeping hybrid environments smooth and “quiet.”

In short: Yes — CO-IT fully supports remote and hybrid teams, providing the same level of protection, visibility, and assistance no matter where your people work.

CO-IT is designed to work smoothly whether you have internal IT or not. If you don’t have an IT person, we take on the full workload—monitoring, patching, security, troubleshooting, and project work. Nothing is missing. The only difference from a traditional MSP is how labor is billed: you’re not paying for baked-in “all-inclusive” labor you may not use.

When you do have internal IT, the model shifts to support them without duplicating their efforts:

• We handle the foundation by default. Patching, EDR/MDR, monitoring, and endpoint health all run through the CO-IT platform. These essentials are always covered, whether or not you have staff.
• If you have internal IT, they keep what they’re already good at. Local fixes, password resets, small requests—anything they already do well stays with them. You don’t pay us for work your team is handling perfectly fine.
• We take everything above that level. Escalations, network work, cleanup projects, Wi-Fi redesigns, and anything that’s time-consuming or outside their comfort zone.
• Labor is only billed when they need help. No bundled labor, no overpaying for quiet months. Your team stays in control, and you call us in when you actually need us.
• Overflow and PTO coverage fit naturally. When your IT person is out or overwhelmed, we step in so deadlines don’t slip and tickets don’t pile up.

The model scales both directions—full responsibility when there’s no IT staff, or a balanced partnership when there is. The constant through all scenarios is simple: you only pay for labor when you use it.

A one-person IT team often carries more responsibility than outsiders realize. They keep things running, put out fires, and hold a huge amount of knowledge in their head — all while being the only set of eyes on every decision. CO-IT is designed to support them gently, respectfully, and without stepping on their role.

Here’s how we help in ways both visible and quietly meaningful:

• We take the routine load off their shoulders. The platform handles patching, MDR/EDR, monitoring, ransomware detection, and general system health — giving them more breathing room day to day.
• We break down information silos. Documentation, shared access management, network notes, and device inventories all become shared knowledge. Your IT person isn’t left carrying everything alone.
• We provide experience they can lean on. A younger IT tech or someone newer to the field may not have decades of context. We bring calm eyes, broad perspective, and the ability to help them think through unfamiliar issues without judgment.
• We offer quiet peer review. Sometimes all an IT person needs is another professional to check a plan, talk through a weird issue, or validate an approach. CO-IT gives them a second set of experienced eyes.
• We support during heavy moments. Onboarding new staff, coordinating changes, handling cleanup work, or troubleshooting tricky problems — we step in as extra hands when needed.
• We provide PTO and sick-day coverage. When they’re out, work doesn’t pile up. Tickets still move, emergencies still get handled, and the business stays steady.
• We reduce the pressure of being “the only one.” Even confident IT staff feel the weight of being the single point of failure. CO-IT brings stability, shared responsibility, and a safety net.
• They remain the lead. CO-IT doesn’t replace your IT person — it strengthens them. They stay in control of day-to-day decisions and direction.

In short: CO-IT gives your IT person the backup, experience, and shared perspective they rarely get — making their workload healthier and your business more resilient.

You do. CO-IT is built around flexibility, not rigid rules. Your team decides what you want to keep in-house and what you want Enuclea to take on.

Here’s how that works in practice:

• You control the balance. If your staff is comfortable with certain day-to-day tasks, you’re welcome to keep them. Nothing about CO-IT forces you to hand over work you’d rather handle internally.
• You choose when to involve us. When something is time-consuming, unfamiliar, or simply not worth pulling your team away from their priorities, you can hand it off and we take it from there.
• We’ll offer guidance when it helps. As a trusted advisor, we may suggest taking on certain tasks when we believe it’s the most efficient or the safest path — but the decision always stays with you.
• No restrictive, “this task belongs to us” rules. Traditional MSPs often dictate what you can or can’t touch. CO-IT removes those boundaries entirely.
• Roles can shift naturally over time. As your team grows, changes skill levels, or gets busier, we can easily adjust who handles what.

In short: You stay in control. We step in where it helps most — offering experience and guidance — but you always decide what stays internal and what comes our way.

No. CO-IT is designed to support internal IT, not replace them. If you already have an IT person (or even a part-time “accidental IT” employee), we plug in beside them as a calm, dependable backup—not as a competitor.

Here’s how the relationship typically works:

• Your internal IT keeps the day-to-day. Password resets, workstation touches, small fixes, and the things they already handle well stay with them.
• We take the deeper, time-consuming, or overflow work. Escalations, networking, cleanup, upgrades, projects, and anything that’s outside their wheelhouse or their schedule.
• We handle the foundation automatically. Patching, MDR/EDR, monitoring, ransomware detection, antivirus, visibility—these run quietly through the CO-IT platform without taking their time.
• We provide breathing room. PTO coverage, sick days, busy seasons, onboarding, and unexpected surges no longer overwhelm one person.
• We make them stronger, not smaller. Your internal IT keeps control and visibility. We provide clarity, documentation, and support that reduces burnout and boosts their capacity.

If you don’t have internal IT, CO-IT can function as your fully outsourced IT department from day one. But if you do have someone on staff, they remain the primary point of contact—and we become the reliable reinforcement that makes their job easier.

In short: CO-IT won’t replace your internal IT person. It gives them a stronger foundation, a bigger toolbox, and the breathing room to focus on what matters.

Yes—there are common starting points we see across small businesses, and there are a couple of practical limits worth knowing. Since labor blocks are issued as Square gift cards with real monetary value, they work like stored credit you can use for labor or to pay your invoice.

Typical starting points: Most teams begin with one of these ranges:

• $150–$300 (2–4 hours) A small safety net for tiny teams or very stable environments.
• $500–$750 (6–10 hours) A comfortable middle ground for small offices that expect the occasional spike.
• $1,000+ Good for seasonal businesses or teams preparing for onboarding, cleanup, or project work.

Seasonal example: If your business has strong summer margins but tight winter cash flow, you can purchase smaller blocks month-to-month during the good season and build up a cushion for the leaner months. This turns block value into a simple cash-flow smoothing tool.

⸻

Is there a maximum?

Not functionally—you can hold as much value as you want, and you can purchase multiple blocks over time. Block value stacks cleanly.

However, there is one Square-imposed rule:

• Refunds cannot be issued for gift card purchases over $2,000. This doesn’t affect usage—only refund eligibility—so many clients prefer to buy smaller chunks if they think circumstances might change.

Because of that, some businesses intentionally build their block balance slowly (for example, $150–$300 at a time) to stay flexible.

⸻

In short: Start with whatever amount fits your comfort level. There’s no practical maximum, blocks don’t expire, and buying smaller amounts over time is often the simplest approach—especially for seasonal or cash-tight businesses.

Yes. Most CO-IT clients use a blend of both, and the system is designed to make that easy. Since labor blocks are issued as Square gift cards with real monetary value, they can be used alongside normal invoicing without any special rules or restrictions.

Here’s how mixing works in practice:

• Use pay-as-you-go for normal months. You get billed at the standard $75/hour only for the labor you actually used.
• Use block value whenever you want. If you have credit stored—whether from a busy season or a planned purchase—you can apply it to:
• labor hours
• your platform bill
• a portion of the monthly invoice
• project work
• or the whole invoice if needed
• Switch freely. There’s no penalty for switching between pay-as-you-go and block usage from one month to the next.
• Blocks act as a cushion. You might use pay-as-you-go most months, then dip into block value when you hit a busy period, face a larger task, or need to soften a tight month.
• Nothing is forced. You decide when block value is applied. If a month is light, simply pay the small invoice normally and save the block for later.

In short: Blocks are optional stored value you can use anytime, and pay-as-you-go continues normally alongside them. You’re always in control.

Yes. CO-IT is flexible by design, and you can move between pay-as-you-go labor and prepaid labor blocks whenever it benefits your budget or workflow. You’re never locked into one approach.

Here’s how it works:

• Start with pay-as-you-go if you want the lowest possible monthly cost and only pay for hands-on work when you actually need it.
• Add labor blocks whenever you prefer predictability. This gives you a known pool of hours you can draw from, usually at times when you expect heavier workloads.
• Switch back at any time. If your environment quiets down or budgets tighten, you can return to pure pay-as-you-go with no penalty.
• Mix both if needed. Some clients keep a small block for peace of mind, then bill extra hours at the standard $75/hour rate only when they exceed it.

A helpful example:

If you’re a seasonal business—say, margins are strong in the summer but tight in the winter—you might choose to pre-purchase a block of hours during the high-revenue months. Those hours then act as a cushion for the winter, when cash flow is thinner and you still need occasional help. It’s a simple way to stay stable year-round without stressing the budget.

Importantly: Switching models doesn’t affect your platform cost. The $99 + $10/workstation baseline remains the same no matter how you structure labor.

In short: You can shape your labor model around your business cycle, not the other way around.

Labor billing in CO-IT is based on transparent, ticketed time—nothing hidden, nothing bundled, nothing guessed. Every task runs through a ticket, and every ticket shows exactly what was done.

Here’s how it works:

• All work goes through tickets. Every request—small or large—gets a ticket so you can see the history, the notes, and the time spent.
• We track our time inside the ticket. We “clock in” when we begin work and “clock out” when we finish. You always know what was used.
• Tracked time is invoiced monthly at $75/hour. At the end of each month, the ticketed labor is totaled and billed. Simple and predictable.
• Tiny fixes are treated with common sense. If something takes only a few seconds, we still record the time for transparency, but we may waive the charge. You’ll see the work, but you won’t be billed for a 30-second task.
• Anything that takes real time is billed normally. Projects, troubleshooting, cleanup work, network improvements, escalations—those all get tracked and billed at the same flat rate.

This keeps everything clear and fair: you always see what was done, you only pay for meaningful labor, and the platform handles the essentials without inflating your monthly bill.

Labor predictability comes from visibility, steady baselines, and a billing model that only charges for real work. CO-IT makes this easier by tracking every task through tickets—giving you long-term trends, averages, and patterns that help you plan ahead.

Here’s how we keep things predictable:

• Ticketing creates clear usage trends. Over a few months, you’ll see exactly how much labor your business typically uses. Those averages help you understand what “normal” looks like for your environment.
• The platform prevents most surprise issues. With patching, MDR/EDR, monitoring, antivirus, and ransomware detection running automatically, the majority of noisy, recurring problems never turn into labor.
• Small tasks stay small. Quick, seconds-long asks are logged for transparency but may be waived, preventing tiny requests from disrupting spending.
• You choose what to handle internally. If you want to keep costs tight, your team can handle simple on-site tasks while we take the deeper or time-consuming work—keeping the bill steady.
• You approve larger work before it begins. Anything that could add meaningful hours gets discussed first. No surprise charges.
• Optional labor blocks for extremely tight budgets. While not required, some businesses prefer to buy labor hours in advance or pre-plan for a set number of hours each month. This can create a buffer and add predictability for organizations that need stable, forecastable spending.

In short: Predictability comes from visibility. CO-IT helps you understand your real usage and gives you the flexibility to shape labor consumption around your budget—not the other way around.

Most small businesses use very little billable labor in a typical month—often far less than they expect. The CO-IT platform prevents most routine issues from ever becoming tickets, so the day-to-day workload stays light.

A healthy average looks like this:

• Quiet months: 0–1 hours The platform keeps things patched, protected, and stable. Many small offices go entire months with no billable labor at all.
• Normal months: 1–3 hours This usually includes a couple of small tasks, a fix or two, or minor adjustments your team didn’t want to handle internally.
• Busier months: 3–6 hours These tend to happen during hiring spurts, device replacements, small projects, or light cleanup work.

What’s important is that these hours are actual hours used—nothing bundled, nothing pre-billed, nothing hidden in a per-seat fee.

Traditional MSPs bundle a chunk of labor into every workstation every month, whether you need it or not. CO-IT keeps that baseline low and lets the month reflect reality:

If it’s quiet, your bill stays quiet. If it’s busy, the labor reflects exactly what was done—nothing more.

This is why CO-IT often ends up significantly more affordable for small businesses than a flat-rate managed contract.

Most CO-IT months are calm and uneventful—by design. The platform handles the foundational work in the background, so the day-to-day experience is usually steady and predictable.

Here’s what a normal month looks like:

• The platform keeps everything updated and protected. Patching, EDR/MDR, antivirus, ransomware detection, and monitoring all run automatically. You don’t need to think about the “must-haves.”
• Small issues are handled quickly. If a user needs something simple—a password reset or a quick question—we log the work, but small touches may be waived. The goal is partnership, not billing for every minute.
• Any real work is ticketed and clear. If something takes meaningful time (troubleshooting, new employee setups, network fixes), we track it in a ticket and bill it at the end of the month. You always see what was done.
• Quiet months stay inexpensive. Many clients go through weeks with little or no billable labor—because the platform prevents the noisy, recurring problems that drive costs up under traditional MSP models.
• Busy months scale naturally. If you’re hiring, making changes, or tackling a project, you’ll see more labor that month—but it’s exactly the work you requested, not a surprise “not included” charge.
• Your team can still handle what they’re comfortable with. If you prefer to do the quick local tasks yourself, your costs stay low and you stay in control of spending.

In short: A typical CO-IT month is quiet, steady, and affordable. The platform handles the essentials; you only pay for the hands-on help you actually need.

The CO-IT baseline stays low and predictable no matter the size of the team. The same pricing applies whether you’re a one-person office or a 20-person organization—because the essentials shouldn’t get more expensive just because you grow.

Minimum monthly cost formula:

• $99/month base
• +$10 per workstation

For a very small team (1–2 people), this usually lands between $109–$129/month.

To show how consistent and stable this model is, here’s the same math applied to a larger team using the exact same base level:

Example: 20-person team

• $99 base
• +$10 / workstation
• (20 × $10) = $200
• Total: $299/month

That’s the entire baseline—patching, monitoring, security, visibility, and 24×7 MDR included. Even with 20 people, the monthly cost is still under $300 because no labor is front-loaded into the per-seat price.

Labor remains optional at $75/hour, used only when you choose to ask for help.

In short: Whether you’re a 2-person team or a 20-person team, the baseline stays affordable and stable—and you only pay extra when you actually need hands-on support.

The CO-IT platform covers all of the essentials that keep your systems stable, secure, and up to date—without adding any bundled labor on top. It’s the same foundation most MSPs use in their “full” plans, but here it’s offered at the base level and at a much lower monthly cost.

Here’s what’s included:

• 24×7 MDR A managed security team actively reviewing and responding to threats around the clock.
• EDR (Endpoint Detection & Response) Modern protection against malware, phishing attempts, and suspicious behavior.
• Automated Patching Operating system and application updates handled quietly to keep devices current and secure.
• Antivirus A lightweight, centrally managed solution that integrates with the rest of the platform.
• Ransomware Detection Behavioral monitoring designed to catch encryption activity early.
• RMM & Device Visibility A clear overview of system health, performance, alerts, and status across your environment.
• Continuous Monitoring Quiet, ongoing checks on the things that tend to fail silently—storage, updates, connectivity, security posture, and more.

The idea is simple: Everything you need to stay safe, stable, and maintained is included in the base platform. There’s no add-on fee required just to get the fundamentals in place.

Labor is separate and on-demand at $75/hour, so you only pay for hands-on assistance when you actually want it.

CO-IT was built with tight budgets in mind. The platform covers the “must-haves” every business needs—patching, monitoring, security, and visibility—at a steady, reasonable base cost. That gives you a safe, stable foundation without committing to a high monthly fee.

From there, you control how much you lean on us.

If you’re in a month where money is tight and all you needed was something small—like a quick password reset—just talk to us. We’re here to be a partner. We want you stable and supported, not stressed over whether a five-minute question is going to blow your budget.

At the same time, we don’t want to imply IT is “free.” Instead, CO-IT gives you a way to choose what you hand off and what you keep in-house so you can stay within a very controlled cost.

Here’s what that looks like in practice:

• Your baseline stays low and predictable. The essentials are already handled by the platform, so you’re not paying extra just to stay secure.
• Labor is something you decide to use. If it’s a small ask, we’ll work with you. If it’s a bigger project or a busy month, labor is billed fairly and transparently at $75/hour.
• You can protect your budget without sacrificing stability. Tight month? Lean on the platform and handle the simple tasks yourself. Better month? Bring us in for the heavier or time-consuming items.
• We succeed when you succeed. Your growth is good for both of us, and we’re not interested in nickel-and-diming businesses that are doing their best to stay afloat.

In short: CO-IT keeps your essential IT needs covered at a sustainable base cost, and lets you stay in control of labor so your budget never gets away from you.

Billable labor includes any work that takes real, hands-on time—things that extend beyond the automated maintenance and protections already covered by the CO-IT platform. All labor is tracked in tickets and billed at a flat $75/hour, with full visibility into what was done.

To highlight the difference, it helps to compare this with how traditional MSPs handle labor:

• Traditional MSPs bundle a certain set of tasks as “included,”
• Then charge extra for anything outside that narrow list—projects, changes, escalations, incidents, after-hours work, and most onsite needs.
• So labor is both front-loaded into a high per-seat price and billed again for anything that doesn’t fit.

CO-IT removes that confusion: only the work that actually takes time is billed—and it’s billed once, transparently.

Here are the most common types of billable labor under CO-IT:

• Troubleshooting and deeper diagnostics Anything that requires investigation, testing, or hands-on fixes.
• Onboarding new staff or new devices Setting up accounts, preparing workstations, configuring software, and securing access.
• Network adjustments and improvements Wi-Fi tuning, switch configuration, cabling cleanup, performance fixes, and layout changes.
• Cleanup, optimization, and technical debt reduction Organizing cloud storage, tightening configurations, correcting legacy issues, or resolving long-standing problems.
• Project work Upgrades, migrations, new infrastructure, office moves, and rollouts.
• Escalations from internal staff When your team hits something outside their comfort zone or workload.
• Any task that simply takes meaningful time If it requires more than a quick touch, it’s billed—always clearly tracked in a ticket.

Small, seconds-long tasks are still logged for transparency, but we may waive the charge when it’s clearly a tiny fix. You’ll see the effort, but you won’t get charged for a 30-second adjustment.

In short: CO-IT bills only for actual hands-on work, while traditional MSPs bill for “included” tasks upfront—and then bill again for everything that doesn’t fit.

The CO-IT platform is designed to handle the “must-have” foundation of your environment—quietly, automatically, and at no extra labor cost. These tasks are included in your baseline every month, no matter what.

Here’s what doesn’t generate a labor charge:

• 24×7 MDR monitoring and response Threat review, alert handling, and security response from a managed team—covered by the platform.
• EDR protection Behavioral detection and prevention continuously running on each device.
• Automated patching Operating system and software updates applied and monitored without manual labor.
• Antivirus Included, centrally managed, and updated automatically.
• Ransomware detection Behavioral monitoring and early-alert systems built into the platform.
• RMM & device visibility The ability to observe system health, activity, and alerts—no additional labor required.
• Continuous monitoring and alerting Health checks, storage warnings, connectivity issues, and status changes are monitored automatically.
• Baseline reporting and platform-driven insights Routine visibility into the state of your systems—done without billable time.

To put it simply: Anything the platform can handle automatically is included in your monthly baseline. There’s no billable labor for the essentials, and no hidden “included labor” that burns down hours in the background.

This is a key differentiator from traditional MSPs:

• Most MSPs bundle a small set of “included” tasks into a high per-seat fee.
• Then they bill extra for anything outside those narrow tasks.
• So you pay for labor upfront and again for anything not covered.

CO-IT flips this: The platform handles the essentials quietly. Labor is billed only for actual hands-on work—not baked into the price

CO-IT gives you the full, modern foundation you’d expect from a professional MSP—security, patching, monitoring, and visibility—without bundling a block of labor into every device. The platform keeps your environment healthy; labor is simply billed when you need hands-on help, at a straightforward $75/hour.

Typical CO-IT cost:

• $99/month base
• +$10 per workstation for the platform

What the CO-IT platform includes (aligned with the standard MSP baseline, plus 24×7 MDR):

• EDR (endpoint detection and response)
• 24×7 MDR — managed review and response around the clock
• RMM and device visibility
• Automated patching
• Antivirus
• Ransomware detection
• Continuous system health monitoring

Most MSPs include a similar platform—but often charge around $100 per workstation with pre-loaded labor baked into that price, whether you use that labor or not.

Labor with CO-IT:

• $75/hour, billed only when used
• Applies to any hands-on task you ask for—small fixes, deeper troubleshooting, cleanup work, escalations, network improvements, projects, and everything in between
• If you or your staff already handle some day-to-day tasks, you’re not paying twice for them

How it compares to fully managed IT:

• Traditional MSPs: Higher per-device fees because labor is rolled into every seat. Quiet months cost the same as busy ones.
• CO-IT: You get the full professional baseline—including 24×7 MDR—and labor remains on-demand. Costs stay tied to actual work performed, not to assumptions made in advance.

In short: CO-IT delivers the same (or better) foundational protection as a traditional managed service, with a simpler, more transparent labor model.

CO-IT keeps the base platform simple and affordable, but we also offer a set of optional add-on services you can layer in as needed. These aren’t bundled into the baseline—so you’re never paying for features you don’t use. Each add-on is priced clearly and can be mixed, matched, or skipped entirely depending on your environment.

Here are the available add-ons:

• Workstation Backups – $10 per workstation

A cloud-ready backup of your workstation that can be restored as a virtual machine if your system fails.

• Workstation Backup + Email Recovery – $13 per workstation

Adds cloud email recovery on top of workstation backup—helpful for accidental deletions, ransomware scenarios, or mailbox loss.

• Email Protection + Security Awareness + Incident Management – $10 per mailbox

Advanced filtering, phishing protection, user training, and managed incident handling for Microsoft 365 or Google Workspace tenants.

• Work-From-Home Remote Access Package – $5 per workstation

A secure, managed way for employees to access their office PC from home without traditional VPN complexity.

• DNS Protection – $2 per workstation

Blocks malicious domains, phishing sites, and harmful redirects before they ever reach the device.

⸻

What does a fully loaded CO-IT workstation look like?

If you enabled every add-on, your total cost would be:

• $99 base
• +$30 per workstation (platform + full stack of add-ons)

This gives you a deeply protected, fully managed workstation at a predictable price—still without labor baked in.

⸻

Why these are add-ons (not forced bundles)

Traditional MSPs roll these services into a high per-seat cost whether you want them or not. With CO-IT, you choose only what helps your business, and skip anything unnecessary. Everything stays transparent, predictable, and under your control.

CO-IT is designed to bring small businesses up to a solid, dependable baseline—one that aligns closely with the expectations of most modern compliance frameworks. By default, we tune your environment toward a CMMI Level 1 maturity, giving you the structure, documentation, and technical controls that many auditors look for.

Here’s what that means in practice:

• Strong technical controls from day one 24×7 MDR, EDR, patching, ransomware detection, monitoring, logging, and credential management—all foundational requirements across HIPAA, PCI-DSS awareness, cyber insurance controls, and general security best practices.
• Documented processes and environment clarity We help establish clear records of devices, access, configurations, and changes—key elements in any compliance review.
• A maturing approach to IT CO-IT naturally guides a business toward cleaner operations, fewer exceptions, better documentation, and safer day-to-day practices.

For many small businesses, this level of structure is more than enough to satisfy insurers, auditors, and industry expectations.

However, honest expectations matter:

For deeper or formal compliance levels

(advanced HIPAA programs, PCI at scale, NIST, ISO, SOC, or high-regulation industries)

We absolutely can support the technical and operational side—strengthening controls, improving visibility, documenting processes, guiding risk mitigation, and participating in audits.

But: significant compliance efforts come with significantly higher IT workload and cost. Businesses seeking advanced compliance typically move beyond the CO-IT baseline and into dedicated, ongoing compliance programs.

CO-IT is ideal for small businesses that:

• Want to be aligned with modern security expectations
• Need confidence for cyber insurance or vendor requirements
• Want their IT to operate cleanly and maturely
• Are not pursuing heavy-regulation certifications that demand extensive, ongoing IT effort

In short: CO-IT brings you to a clean, secure, CMMI Level 1 baseline by default—and we can support deeper compliance—but businesses pursuing highly regulated certifications should expect a broader scope and higher IT involvement than CO-IT alone is designed to cover.

We document everything needed to support your environment clearly and consistently—but the ownership always stays with you. Nothing we create is “locked” behind us, and nothing leaves with us if you ever move on.

Here’s what we typically document:

• Device inventory Workstations, network gear, licenses, and key systems.
• Network layout Wi-Fi, switching, VLANs, internet provider details, and any special configurations.
• User list & access map Who your people are, what they use, and what systems they need access to.
• Credentials (stored securely) Anything required for support goes into your shared 1Password vault, not on our side. You maintain full control over access.
• Policies, settings, and special notes Backups, email rules, important workflows, unusual configurations, and the “tribal knowledge” every environment collects over time.
• Support history Tickets, changes made, and decisions—so nothing is ever a mystery later.

Who owns the documentation?

You do. 100%. Always. We maintain it, keep it clean, and update it as we work—but everything lives in a way that you can access at any time. If your internal IT person wants to see it, they can. If you ever leave, it stays with you.

No paywalls. No “proprietary format.” No hostage situations.

The goal is transparency and stability, not control.

In short: We create and maintain clear, usable documentation—but the ownership, access, and authority remain entirely with you.

Onboarding CO-IT is intentionally simple and reassuring. The goal is to get you protected, visible, and stable on day one—without disrupting your team or overwhelming you with technical tasks.

Here’s what the first steps look like:

• We gather the basics. A short conversation confirms your users, devices, and priorities. No long forms, no audits, no “project kickoff” stress.
• A 1Password license is issued to your site lead or main contact. We set up a shared password vault for any credentials needed to support your environment. Important: Only essential passwords go here, and you retain full control at all times.
• We collect your user list. Names, emails, and phone numbers—just enough to support your team properly and know who’s who.
• You run a lightweight installer. It takes about a minute per workstation. Once installed, the CO-IT platform begins patching, protecting, and monitoring quietly in the background.
• Immediate stabilization. Security, updates, monitoring, and 24×7 MDR go live right away. No waiting period.
• Training only if you want it. Some features need no interaction at all. If you want a quick walkthrough of the platform, we’ll do it. If not, no problem—the system runs quietly without requiring you to babysit anything.
• Your team keeps working normally. No downtime, no mass system changes, and no interruptions.
• Clear handoff of responsibilities. If you have internal IT, we establish who does what. If you don’t, we simply take the full load from day one.

Most clients finish onboarding with almost no billable labor in the first month—the platform handles the essentials automatically.

In short: Onboarding is calm, quick, and built to make you stable from day one—with minimal disruption and total clarity.

Yes. CO-IT is fully transparent, and you can access all your tickets and history anytime. Nothing we do is hidden or kept behind internal notes.

Here’s what that means:

• You can access every ticket. All support requests — small, large, past, or current — are visible.
• You can read the full details. Notes, troubleshooting steps, vendor conversations, resolutions… it’s all there.
• You can see every time entry. Since labor is billed based on tracked time, each clock-in and clock-out is recorded clearly in the ticket.
• You can review your complete history. Patterns, recurring issues, resolutions, and environment trends are all visible in one place.
• Internal IT can access tickets too. If you have an IT person, they can be added and work alongside us in the same system as long as the account has an admin license. (Access is always under your control.)
• Nothing is hidden. Traditional MSPs often limit visibility or keep internal notes separate. CO-IT prefers openness — if we did the work, you can see it.

In short: Yes — with an admin license on your account, you can see every ticket, every detail, and every bit of recorded time at any moment.

When something truly critical breaks, CO-IT shifts into a direct, steady response mode. We don’t overpromise “24/7 everything,” but we do make sure you’re supported when it matters most.

Here’s what happens:

• Critical issues are treated as top priority. If something is preventing your team from working—an outage, failed service, major error—we move it to the front immediately during business hours.
• Security events are covered 24×7 through MDR. If the issue is a security threat, your MDR team is already watching and can respond outside normal hours. This gives you around-the-clock protection where it matters most.
• You’ll hear from us quickly. Critical tickets receive fast acknowledgment and clear communication about next steps. No mystery, no silence.
• We stabilize first, then solve. The initial goal is always to stop the bleeding—get systems back online, restore access, or contain the issue. Once stable, we follow up with a proper fix.
• After-hours support is available when needed. If a critical issue occurs outside business hours and cannot wait, we will respond. We simply avoid pretending that every small task is “24/7 on demand.” True emergencies take priority; everything else waits until business hours.
• Transparency throughout. You’ll know what’s happening, what we’re working on, and what to expect as we move through the resolution.

In short: If it’s critical, you will not be left waiting. CO-IT provides immediate daytime prioritization and 24×7 security response, with after-hours support available for real emergencies.

CO-IT uses a steady, realistic response model built around calm, dependable support — not hype or rigid, stopwatch-style SLAs.

Here’s what you can expect:

• Standard SLA: 4 cumulative business hours This is measured as a rolling average over time, not as a hard timer on individual tickets. In practice, most requests are answered well under this window — often the same day or much sooner.
• Urgent issues are prioritized immediately. Anything that stops work—outages, major errors, system failures—moves to the front of the line.
• Critical issues receive immediate attention. These get elevated right away for fast handling and clear communication.
• Security threats are covered 24×7. With MDR in place, real security events trigger managed response at any time, including outside normal hours.
• Communication stays clear and calm. If a task needs deeper investigation or is expected to take longer, we let you know upfront so expectations remain steady.

The result is a support experience that feels responsive and predictable without creating unnecessary urgency or noise.

In short: Most requests see same-day attention, urgent issues jump to the top, and the formal expectation is a 4-hour rolling-average response window — stable, practical, and dependable.

Yes. Vendor coordination is a normal part of CO-IT, and it’s something most clients rely on heavily. We handle the conversations, the troubleshooting, and the back-and-forth so you don’t have to sit on hold or translate technical language.

Here’s how it works:

• We contact vendors directly on your behalf. Internet providers, copier companies, VoIP vendors, and line-of-business software support — we can work with all of them.
• We speak their language. Instead of you explaining error messages or navigating support scripts, we handle the technical details and keep the process moving.
• We reduce the “vendor blame game.” When something breaks, vendors often point fingers. We help identify what’s actually wrong and push the issue toward resolution.
• Your existing vendor relationships are respected. If you already have partners you trust, we work alongside them. If you ever need recommendations, we can help there too.
• You stay out of the middle. Our goal is to simplify your day. You shouldn’t have to coordinate multiple companies just to fix one problem.

Representation Clause

In your service agreement, we include a representation clause. This allows you to formally authorize us to speak with and work directly with your vendors, ISPs, and service providers. It streamlines support and lets us resolve issues without constantly needing you to be the middleperson.

In short: Yes — we coordinate directly with your vendors, and the representation clause makes the process smooth, authorized, and hands-off for you.

CO-IT scales naturally with your business because the model is built around a steady baseline and labor that expands only when you actually need more help. There’s no pressure to upgrade plans, no hidden tiers, and no sudden jumps in pricing just because your team gets bigger.

Here’s how scalability works in practice:

• Your baseline grows predictably. The platform cost increases only by the number of workstations you add. It’s simple: $99 + $10 per workstation — nothing more.
• Labor grows only if your workload does. Adding more people doesn’t automatically create more labor charges. If your team handles the small day-to-day tasks, your labor cost stays low even as headcount increases.
• When work increases, support increases. If growth brings more onboarding, more devices, more tickets, or a project or two, we step in at the same flat $75/hour rate. You pay only for actual work performed — not for “bundled labor” you might never use.
• CO-IT adapts to whatever structure you have. Whether you have no IT staff, one IT person, or a growing IT team, CO-IT adjusts to fill the gaps. Nothing needs to be re-negotiated as you scale.
• Documentation and visibility keep scaling in check. As you grow, your environment gets more complex. CO-IT maintains device lists, access maps, and network clarity so expansion never turns into chaos.
• Predictable growth planning. As your labor trends become clearer through ticket history, we can help plan ahead. Some clients add small labor blocks during busy seasons; others stay purely pay-as-you-go.

In short: CO-IT scales the same way your business does — quietly, predictably, and without forcing you into a more expensive plan. Your baseline stays stable, and your labor cost grows only when the work itself does.

This is one of the biggest risks small offices face — and CO-IT is built to soften that blow. When an internal IT person leaves, knowledge gaps, missing documentation, and stalled work can create real stress. CO-IT keeps your environment stable during that transition.

Here’s what happens if your IT person leaves:

• Your operations keep moving. Because the CO-IT platform already handles patching, MDR/EDR, monitoring, and health checks, your environment stays protected without interruption.
• Your documentation is already in place. Device lists, passwords (stored in your 1Password vault), network details, user access, and configuration notes are all maintained as part of CO-IT — so nothing “walks out the door.”
• No scramble for access. You’re not left searching for passwords or relying on someone’s memory. Access is centralized and under your control.
• We can step in as your full IT team immediately. If needed, CO-IT simply shifts from a collaborative role to a fully outsourced one. No downtime, no onboarding gaps, no emergency hiring.
• We help you bridge the hiring gap. Whether you plan to hire a new IT person or keep us as your full IT department, we support the transition calmly and professionally.
• Your risk drops dramatically. One-person IT shops often carry hidden vulnerabilities — undocumented systems, siloed knowledge, or critical settings only one person understands. CO-IT removes those weak points long before turnover occurs.

In short: If your internal IT person leaves, nothing falls apart. CO-IT keeps your environment stable, documented, and supported — and we can act as your full IT team for as long as you need.

CO-IT is designed for exactly that. Many businesses don’t have steady, predictable IT workloads—some months are quiet, others suddenly spike with changes, new hires, incidents, or projects. Under a traditional MSP contract, you pay a higher per-seat fee every month regardless of how much labor you actually needed.

With CO-IT, the platform keeps everything stable in the background, and labor is billed only when you use it. That makes it ideal for environments where the support load rises and falls.

Here’s how it works when things are unpredictable:

• Quiet months stay affordable. If nothing major happens, you’re not paying for unused labor that was bundled into a per-seat rate.
• Busy months flex naturally. When you need more hands—new devices, accounts, network adjustments, or troubleshooting—you simply use more labor at $75/hour. There’s no penalty or plan upgrade.
• No “surprise exclusions.” In the MSP world, spikes in work often fall outside the “included” labor list. Under CO-IT, the model is simple: if we put in time, it’s billed; if we don’t, it isn’t.
• Your team can absorb small tasks when it makes sense. If a busy month only contains small fixes your staff can comfortably handle, you don’t pay for us to jump in unnecessarily.
• You don’t have to guess your support tier. You don’t need to commit to a higher monthly plan just in case. CO-IT expands and contracts with your actual needs.

In short: CO-IT removes the pressure of predicting your IT workload. You only pay for the labor you actually use, and your baseline stays steady no matter how the month unfolds.

Leaving CO-IT is intentionally straightforward. While our agreements are typically annual, they’re designed to be low-pressure, fair, and easy to exit if things change.

Here’s how it works:

• The contract is year-to-year, not multi-year. We don’t lock you into long-term commitments or multi-year fine print. It’s a simple annual agreement, renewed only if you want it.
• If there’s a performance concern, we fix it. If something isn’t meeting expectations, you let us know — and we have one month to correct it. This gives both sides a clear path to resolution without making you feel stuck.
• If you leave for no specific reason, it’s two months of service. You’re free to move on at any time. We simply finish out two months of service to ensure a clean, orderly exit — no penalties, no surprise fees.
• We offboard you cleanly and calmly. Platform components are removed, tickets closed, and your systems left in a stable state.
• All documentation remains yours. Device lists, network diagrams, credentials, and notes live in your 1Password vault or shared workspace. Nothing is held back.
• Vendor relationships stay with you. Any representation we handled on your behalf is returned to your control.
• Unused labor block value is still valid. Because it’s stored as a Square gift card with real monetary value, it doesn’t vanish.

In short: You’re never trapped. CO-IT offers a clean, fair exit process with transparent expectations — and you always keep ownership of your documentation and access.

Yes. CO-IT can help manage your licensing in a calm, organized way so you’re not juggling renewal dates, user counts, or unexpected charges. Licensing is a common pain point for small teams, and we’re happy to take that weight off your shoulders.

Here’s what we typically handle:

• Microsoft 365 / Google Workspace licensing We help right-size your licensing, track usage, and ensure you’re not overpaying for unused seats or missing critical features.
• Antivirus / security licensing CO-IT’s platform includes fully managed EDR/MDR, antivirus, and ransomware detection — so these licenses are already handled automatically.
• Add-on services Email security, DNS protection, workstation backups, and other optional add-ons are managed through one consistent system so nothing lapses unnoticed.
• Renewals and usage reviews We keep an eye on renewal dates, evaluate whether your licenses match your current needs, and help avoid surprise bills or coverage gaps.
• Support during changes New hire? Role change? Staff departure? Licensing adjustments are made cleanly to avoid unused or mis-assigned subscriptions.
• Clear visibility for you You always maintain ownership and administrative rights. Our role is to help track, manage, and keep everything aligned — not to take control away from you.

In short: Yes — CO-IT helps manage your licensing so everything stays organized, current, and cost-effective, without leaving you to sort through renewals or confusing subscription pages.

Labor blocks in CO-IT work a little differently than the typical MSP “hour bundle.” Instead of buying abstract hours, you’re purchasing real monetary value in the form of a Square-issued digital gift card. That credit sits on your account and can be used however you need.

You can use labor blocks for:

• Billable labor Troubleshooting, network adjustments, onboarding, cleanup work, escalations, projects—anything normally billed at $75/hour.
• Partial or full invoice payments If a month is tight, your labor block can cover part or all of your bill, including platform fees.
• Project work and upgrades Larger improvement tasks, device rollouts, or network rework can be paid directly from the block.
• Unexpected spikes If something unforeseen happens, that stored value acts as a buffer.

In short: If you can be billed for it, you can pay for it with a labor block.

⸻

Do labor blocks expire?

No. Because they’re issued as Square gift cards with real monetary value, they do not expire and cannot be taken away.

• Unused value rolls forward indefinitely.
• Nothing disappears at the end of the month, quarter, or year.
• You can hold value during strong months and use it in lean months.

This flexibility makes labor blocks especially helpful for seasonal businesses or anyone with variable cash flow.

In short: Your labor block is real stored value—available anytime, for anything on your account, with no expiration.

Yes. Wi-Fi problems are one of the most common issues small offices face, and they’re usually caused by placement, interference, or outdated equipment—not the internet connection itself.

The Quiet IT Checkup includes a full Wi-Fi stability review, a coverage scan, an assessment of your modem or router, and practical fixes you can apply right away. It’s a simple way to get clarity without long-term commitments.

If you’re dealing with dropouts or unreliable coverage, this is usually the best place to start.

The Operational Maturity Score (OMS) is a simple, clear way to understand the overall health of your IT environment. Instead of technical jargon, you get a single score from 0–100 that reflects how secure, stable, and resilient your systems are.

The OMS gives you a high-level view of:

• Your current security posture
• How stable and predictable your network is
• Whether computers and devices are properly maintained
• How organized and future-ready your environment is

It turns complex findings into an easy-to-understand business health grade.

Most IT risks don’t announce themselves. Systems quietly fall behind, equipment ages, and security gaps form long before anything breaks. The OMS makes those issues visible before they become expensive emergencies.

With an OMS, you get:

• A simple score showing today's risk level
• A priority list of what matters most
• A way to measure improvements after upgrades
• Quarterly snapshots to track progress

The OMS helps you make informed decisions and prevents small problems from turning into business-stopping incidents.

The OMS ranges from 0 to 100 and is grouped into four clear categories:

• 90–100: Optimized — Secure, modern, and following best practices.
• 75–89: Stable — Mostly healthy with a few recommended improvements.
• 50–74: Functional but Vulnerable — Everything works, but risks and inefficiencies are present.
• 0–49: At Risk — Security gaps, outdated equipment, and stability issues likely exist.

Your score helps you understand how resilient your environment is — and what needs attention.

The OMS uses a weighted scoring model based on real-world impact:

• Security Posture (40%) — Firewall, RDP exposure, MFA, antivirus/EDR, patching.
• Network Stability (25%) — Wi-Fi design, cabling, router placement, interference.
• Endpoint Health (20%) — Updates, AV health, drive status, machine lifecycle.
• Operational Hygiene (15%) — Backups, documentation, password practices, equipment organization.

Each category is scored from 0–100, weighted, and combined into your final OMS score.

The categories and controls are derived from CMMC Level 1 principles, then weighted for the operational realities of standard small businesses.

Security is weighted at 40% because it carries the greatest business risk. A single security issue — such as exposed RDP, outdated firewalls, or missing antivirus — can lead to:

• Data theft or loss
• Ransomware attacks
• Operational downtime
• Financial loss

This mirrors CMMC1’s emphasis on access control, configuration management, and system protection — the areas where small businesses typically face the highest risk.

Across small businesses, the same issues tend to lower OMS scores:

• Publicly exposed Remote Desktop (RDP)
• Old or unpatched routers/firewalls
• Consumer Wi-Fi extenders causing dropouts
• Missing Windows/security updates
• Weak passwords or no MFA
• Unmanaged antivirus
• Messy cabling and undocumented setups
• Lack of monitoring or alerting

Most of these issues map directly to the same foundational weaknesses identified in CMMC Level 1 assessments.

The most impactful improvements are:

• Closing exposed RDP and other open ports
• Installing business-grade, centrally managed Wi-Fi
• Replacing outdated ISP routers
• Bringing all computers current on updates
• Enabling MFA for remote and admin access
• Deploying RMM/EDR for automated protection

These changes often result in a 20–40 point score increase.

Enuclea recalculates your OMS:

• After critical fixes or upgrades
• After network redesigns or equipment changes
• Whenever security posture changes
• Or automatically twice a year for managed clients

This ensures the score remains accurate and reflects your current environment.

The OMS is a health and stability assessment, not an attack simulation.

A penetration test focuses on exploitation. The OMS focuses on:

• Security readiness
• Operational efficiency
• Network stability
• Maintenance practices

The OMS reflects CMMC1-derived operational maturity, not attack simulation.

A low OMS does not mean a breach has occurred. It means your environment is more vulnerable than it should be.

Common implications of a low score:

• Higher risk of security incidents
• Unstable Wi-Fi or network dropouts
• Slow computers and performance issues
• Inconsistent updates or protection

The score highlights opportunities to improve before problems escalate.

A higher OMS provides direct business benefits:

• Reduced downtime and emergencies
• Faster Wi-Fi and workstation performance
• Lower long-term IT costs
• Higher staff productivity
• Stronger protection against malware and ransomware
• Predictable, stable operations

Better OMS → Better business continuity.

Enuclea specializes in improving low-maturity environments with minimal disruption.

We focus on:

• Immediate security fixes
• Stabilizing the network
• Bringing systems current
• Replacing outdated equipment
• Deploying ongoing monitoring and protection

Your OMS becomes a living score that improves as your environment improves.

Phase 1 addresses the most urgent issues: closing exposed ports, stabilizing Wi-Fi, and completing essential updates.

Once Phase 1 is done, we work through Phase 2 and Phase 3 to build long-term stability, modern security, and predictable operations.

Your OMS will rise as each phase is completed.

Yes. The OMS is intentionally modeled on the same foundational areas emphasized by CMMC Level 1 and other baseline security frameworks. This ensures the score reflects real-world best practices rather than arbitrary MSP preferences.

Because most small offices are not defense contractors, the OMS is weighted differently to match the operational realities of typical small businesses.

Examples of this adaptation include:

• Security (40%) aligning with CMMC’s access control and system protection focus.
• Endpoint updates and antivirus mirroring CMMC’s maintenance and identification requirements.
• Network stability added because unreliable Wi-Fi impacts productivity — something CMMC doesn’t measure.
• Operational hygiene including equipment organization and documentation, tuned for small-business needs.

The result is a score rooted in recognizable standards but practical and relevant for everyday business environments.

The OMS isn’t something we invented from scratch. It’s lightly based on CMMC Level 1, the federal baseline used for organizations that work with the Department of Defense. CMMC1 focuses on essentials like secure configuration, access control, system protection, and keeping devices properly maintained.

Small businesses aren’t government contractors, and they don’t need the formal documentation or compliance workload of CMMC. But the principles are solid. That’s why we adapted them.

To make the model fit real-world small business IT, we:

• Simplified the requirements
• Weighted them around actual small-business risks
• Added categories CMMC doesn’t measure (like Wi-Fi stability)
• Removed compliance-heavy controls that don't apply outside DoD work
• Modernized scoring to reflect everyday operational impact

The result is the Operational Maturity Score (OMS): a practical, calm, small-business-friendly version of a proven security baseline — without the bureaucracy.