The questions everyone asks on the first call.

Per device, per mailbox, per location, plus add-ons (server, backup, additional security). Recurring rates are published on the Pricing page, and we prepare a written quote tied to your actual environment. Every client also gets access to our Technical Account Advisor, who sets up a regular cadence to align on roadmap, risk, and quarterly review.

Onboarding fees are quoted per environment — based on device count, network complexity, vendor migrations, and any project work needed to stabilize the environment before we can manage it. The all-in number is in the written quote we prepare for you, approved before any work starts. Never surprise-billed.

Standard is a 12-month agreement that auto-renews. After that, you can leave on 90 days' notice — or pay an early-termination fee for a faster exit. We never hold data hostage and we offboard cleanly — see If You Leave.

Not as a starting relationship — we don't have a competitive break-fix rate, and break-fix incentives lead to bad outcomes for clients. For project work (a network refresh, a server migration), we quote a fixed price up front.

Onboarding follows the same four phases for every client — discover, stabilize, optimize, operate — but duration depends on size, complexity, and how much of the existing stack we're inheriting. A small office with one location usually moves through the first three phases in a few weeks; a larger or compliance-driven environment takes longer. See Approach for what each phase covers.

Almost never. We've onboarded clinics with their existing EHR, pharmacies on PrimeRx and QS/1, and law firms on PCLaw — without changing any of those systems. We change the infrastructure around them.

A 90-minute kickoff, a 30-minute MFA walk-through with each user, and 1–2 short check-ins with the owner. We do everything else, including the awkward call to your previous IT.

Our internal goal: calls answered during business hours or returned within one hour, and emails answered within two business hours. Specific SLAs are written into your agreement.

Yes. Every Managed Site plan includes onsite hours sized to the location — 1 / 3 / 6 hours per month for Small / Standard / Complex. We do same-day onsite for client emergencies within driving range of our Paducah, KY and Metropolis, IL offices, and serve clients nationwide for everything that doesn't require hands on the keyboard.

Help desk is staffed Mon–Fri, 8am–5pm CT. After-hours emergency coverage depends on your agreement — when included, it routes to a real on-call engineer, not voicemail. We define "emergency" generously — if your building can't operate, we treat it like one.

We're HIPAA-aligned — we build environments to the HIPAA Security Rule and we sign BAAs. We don't issue compliance attestations (that's an auditor's job). What we do is make audits dramatically easier when they arrive. See the Security page.

Every Micro-IT environment is built to the HIPAA Security Rule's administrative, physical, and technical safeguards from day one — MFA on every PHI-accessing account, EDR with 24/7 SOC monitoring on every endpoint, encryption at rest and in transit, segmented networks, immutable restore-tested backups, audit logging, annual risk assessment, written incident-response plan, and workforce training. We sign a BAA, we keep the evidence files current, and an audit becomes a one-meeting conversation instead of a several-week project. See the 12-control HIPAA checklist.

Yes — every healthcare client gets a signed BAA on contract day. The BAA covers Micro-IT's handling of PHI in the course of providing managed IT services, breach-notification obligations to the covered entity, our subcontractor BAAs (Microsoft 365, Datto, Inky, NextDNS — every downstream vendor that touches PHI), and the data-return/destruction terms at the end of the engagement.

Yes — annual security risk assessments are part of every HIPAA-aligned engagement at no additional charge. We use the HHS Office of the National Coordinator SRA framework, document the environment, identify gaps, and produce the one-to-two-page evidence file that goes into your HIPAA binder. We re-run the assessment after any significant environmental change — new EHR, new office, acquisition, major system migration.

On the pharmacy side: PrimeRx and QS/1, plus the common wholesaler portals (Cardinal, McKesson, AmerisourceBergen) and e-prescribing platforms (Surescripts). On the clinic and dental side: athenahealth, eClinicalWorks, Practice Fusion, NextGen, Dentrix, Eaglesoft, Open Dental, and the imaging vendors that bolt onto them. We're EHR-vendor-agnostic — we don't try to swap your clinical system; we change the infrastructure around it.

Yes. Municipal clients with a police department or sheriff's office get CJIS-aligned policies — advanced authentication on CJI-touching accounts, FIPS-validated encryption on devices that store CJI, audit logging retained per CJIS Policy §5.4, physically secured CJI workstations, and the personnel-screening and training documentation that the state's CJIS Systems Officer reviews. See the Municipal IT page.

Our Incident Response runbook is published on the Security page. The short version: EDR isolates the endpoint inside 90 seconds, we call you within 15 minutes, and we restore from clean backups. We have never paid a ransom, and we never will.

Your data stays in your tenancies — your Microsoft 365, your line-of-business apps, your servers. We don't pool customer data. Backups are encrypted, US-based, and you hold the recovery keys.

Yes — cyber liability and E&O coverage. We're happy to send a certificate of insurance to your insurance broker or compliance officer.

EDR, OS patching, third-party app patching, image-level backup, asset management, and unlimited remote support for that device. Full list →

Yes. Managed Endpoint is platform-neutral — Windows, macOS, and Linux all priced the same. We're an Apple Business Partner.

Mobile device coverage is included in Managed Endpoint at no extra charge for company-owned phones and tablets — including AI-powered threat detection and DNS filtering. BYOD has its own pricing because the policy work is heavier.

No. We focus tightly on managed IT — endpoints, identity, email, network, backup, security. We have partners we trust for web work and we're happy to refer you.

You give 90 days' notice — or pay the early-termination fee for a faster exit. We hand off documentation, configs, recovery keys, and admin credentials to your new provider, and schedule a transition call so they can ask questions.

It depends on the situation. If you finish out your contract, there are no additional offboarding fees — we hand off cleanly at no charge. Early-termination scenarios may carry a fee per the agreement.

No. Your data has always been in your tenancies. After offboarding, we remove our admin access from your environment and delete operational data we hold on our side (backup configs, RMM agents, ticket history) per your instruction.

Yes — we don't deploy proprietary lock-in software. Everything we manage uses standard, named tooling (Microsoft 365, Datto, Ubiquiti, and other category-leading products listed on the Security page) that any competent MSP can take over.