Managed IT Service (Package)

Service Definition • Armstrong Bell • 21 May 2026
Document Summary
This document provides information relating to the services provided within our Managed IT Service package. This information is designed to provide clarity on the scope of the items included within the overall service provision.
Service Desk Support - Overview
Our Service Desk is available during weekdays from 08:30 until 17:00 as standard, this is delivered by ABL employed staff based at our head office. The service can be accessed using any of the following contact methods:

  • Email
  • Telephone
Tickets are raised within the incident management system and follow our incident management process through to resolution, with quality monitoring embedded to ensure our service is consistently high performing. Further details regarding the incident management process are provided within this document.

Our service desk focuses on supplying technical support for the core Microsoft suite of products for endpoints, servers and associated Cloud products; as well as any systems that are supplied by us. Additionally, our team has strengths in mainstream applications including anti-virus, productivity tools such as Microsoft Office, remote access technologies and a wealth of other platforms - support for line of business applications is not provided by our team; these require an active support agreement with the software vendor. We maintain a set of technology standards to ensure that we have preferred vendor status for hardware equipment such as servers and network equipment; this has allowed our team to build their knowledge on a defined set of industry leading technologies and focus on delivering a consistent level of service for these. The current list can be supplied if required.

Extended coverage hours are available for purchase if required. 
Service Level Agreements (SLA)
Tickets and service requests raised within the service desk are all assigned a corresponding priority ranging from 1 through to 4. By default, new tickets that are emailed in are categorised as a priority 3 incident, then reviewed to determine if further adjustment to this is required. The below definitions are used for determining the priority:

Priority level Definition
Priority 1 - Business Critical

Business Critical systems are unavailable and impacting the majority of business users.

There is significant business impact, with no known workaround
Priority 2 - High

Business Systems are severely degraded preventing users from being able to perform key day-to-day function
Priority 3 - Normal

Non-critical service issues, including issues affecting a single user in a non-critical scenario where a work around is available
Priority 4 - Change Request

Change management request

Any incidents that are deemed to be a P1 or P2 incident by the customer must be phoned in to the service desk; these cannot be logged by email or other systems.

Tickets and service requests raised within the service desk are subject to the following SLAs:

Priority Level P1 P2 P3 P4
Target response time 15 minutes 1 hour 2 hours 8 hours
Target resolution 4 hours 8 hours 2 working days 3 working days

Incident management
We employ a robust incident management process to ensure that reported incidents are reviewed, investigated, escalated where appropriate and resolved in a timely manner. The below is a high level process for the lifecycle of an incident that is raised with our Service Desk.

  1. Incident Reporting: Customers report issues via phone or email
  2. Incident Logging: The issue is logged in our system and assigned a unique reference number for tracking
  3. Categorisation & Prioritisation: The incident is assessed for urgency and impact to determine it's priority. The ticket is immediately assigned to an appropriate engineer
  4. Investigation: Our team works to investigate and resolve the incident, keeping the customer informed at every stage
  5. Closure: Once resolved, the incident is closed with customer confirmation. If appropriate, knowledge-base articles are either update
All tickets have an assigned owner and our service management team closely monitor key performance indicators for not only the core service function, but also for individual tickets as appropriate. Alerting thresholds are built in to our system to ensure that any tickets that are approaching their SLA are escalated for review.
Problem management

Our Problem Management process is designed to identify and address the root causes of recurring or significant incidents, ensuring long-term stability and reducing the likelihood of future disruptions. By focusing on both reactive and proactive measures, we minimise the impact of IT problems on your business operations.

Problem management is conducted periodically as our team analyse data to determine trends, recurring issues and opportunities for improvement. Typically this is conducted by our service management team on a quarterly meeting, however if recurring tickets are identified sooner then the process can be invoked earlier to minimise any impact.

A high level process overview is provided below:

  1. Problem identification: Problems are identified through trends in recurring incidents, automated monitoring tools, or proactive analysis of potential risks
  2. Problem logging and tracking: Each problem is logged in our system and assigned a unique reference for tracking. The problem is categorised based on its impact and urgency
  3. Root cause analysis (RCA): Using structured methodologies and diagnostic tools, we investigate the underlying cause of the problem. RCA focuses on pinpointing the issue to ensure effective resolution and prevention
  4. Resolution and workarounds
    1. Resolution: Permanent solutions are implemented to eliminate the root cause
    2. Workarounds: Where a permanent fix may require more time, we provide interim solutions to minimise immediate business impact
  5. Proactive problem management: Our team actively reviews systems and processes to identify risks and implement preventative measures, helping to reduce unplanned downtime
  6. Problem closure: Once resolved, the problem is closed following confirmation that the issue has been fully addressed and documented


3rd Party Vendor Management
We work closely with our customers to understand the full range of 3rd party providers that are used to deliver the complete range of services that the organisation consumes. Understanding this not only helps our team to provide a smoother service, but in the event of an issue that requires multiple vendors to interact; our team will be able to make quicker progress in this situation.

During on-boarding, the team will capture this information and also ask for introductions to key suppliers that we may engage with, this helps to create bi-directional communication early on and provides a chance to improve any issues that may be pre-existing. For example, if a 3rd party key supplier frequently has issues logging in remotely which in turn is providing longer resolution times, assistance can be provided to investigate this or identify a more preferred solution.

In some instances, there are times whereby our team are best placed to liaise with the 3rd party on your behalf and in this case, our team will engage and manage the process. Typically this is a multi-supplier type issue or investigation such as performance, reliability or connectivity issues that require a collaborative approach to resolve them.

This service is not aimed at replacing existing relationships or processes that are in place with application vendors, for example Sage or other line of business support contracts should be maintained to ensure you receive the required support.
Pro-active monitoring and alerting
Armstrong Bell uses the Datto remote monitoring and management (RMM) tool to provide core services relating to monitoring insights and device management across all managed endpoints; including servers. By default our team will receive monitoring alerts when specific parameters are met; commonly these are threshold based alerts or a change in status that may indicate an imminent or immediate issue.

The standard set of monitoring checks that are deployed to Windows servers are:

  • Online/offline status
  • Available disk space
  • CPU usage
  • RAM usage
  • Status of critical services - these are determined by the server type and also any bespoke configurations that we determine during on-boarding
  • Patch compliance
  • Hardware status (for physical servers)
For network based devices such as routers, switches and firewalls; we use SNMP based monitoring to gather key metrics and perform monitoring tasks. Typically this will be to monitor the up/down status of the device and critical links, as well as monitoring for change in the status of hardware components. 

Additional monitoring can be configured to ensure that critical items such as CCTV systems, building management platforms and other network connected assets can be monitored by our central team.

Windows patch and OS version management
Client and server devices will be patched using the Datto RMM tools that are deployed as part of our managed service. Our standard patching policy will be applied to the devices unless this is deemed to be unsuitable, which in this circumstance an alternative patching policy can be agreed upon and deployed.

Our standard patching policy uses the below approach:

  • Patches are approved for endpoints and servers if they meet this criteria:
    • Category = Critical update, security update, definition update or update rollup
    • An issue is identified that requires immediate patch release to prevent a highly exploited vulnerability
  • Once approved, the release cycle is as follows:
    • An initial "beta' device group is used to deploy the patches to a small number of devices and monitor for any issues
    • Once 7 days have passed since release, the patches will be deployed to the remaining devices
The release cycle is aimed to minimise the impact of an error in patch delivery from Microsoft, whilst balancing the requirement to apply the updates in a timely manner.

Feature updates are used to bring Windows 11 to the latest edition, adding new features and enhancements with each release. These updates can be deployed using Datto RMM and will be discussed with the customer during periodic reviews to determine a suitable release cycle for the update with a testing schedule included. Whilst many feature updates are relatively minor, there are instances whereby core functionality can be changed and therefore these releases are carefully controlled.

24x7 Managed Detection and Response (MDR)
Microsoft Defender is used as the endpoint detection and response tool, requiring that the customer has a Microsoft Business Premium subscription or Defender Plan 1 license in order to enable the required functionality. If these licenses are not available, they can be added through our Microsoft partnership for a monthly cost or the Windows built in Microsoft Defender (free) version will be used.

Devices will be on-boarded in to Microsoft Defender within the existing tenant (where available licenses permit this) and then an additional security agent will be deployed on the devices to enable advanced monitoring and analytics for security events. This deployment will be conducted via Datto RMM, if any devices are not within this platform and require further configuration this may be a chargeable item to complete the configuration.

The devices will be monitored 24x7x365 through these tools and where a suspicious signal is received, this will be reviewed and if further investigation is required then this will be conducted by our partner's Security Operations Centre. A series of pre-approved actions are configured during on-boarding of devices:

  • Host isolation: Force the device to be isolated from other network devices if there is a high confidence of a threat. This is not cleared until the threat is reported as resolved
  • Execute remediation plans for High and Critical incidents: The SOC will conduct remedial actions such as clearing up threats and other steps required to remediate the threats
  • Device reboots: If required, any device can be rebooted remotely to complete the resolution; this includes servers
If required, custom configuration can be applied to remove certain devices from active remediation; however this is only implemented if absolutely required for specific purposes.

Any incidents are reported directly to our service desk for either post-incident review or for further actions to be undertaken if required. 
NCSC tools deployment and registration
Our team will deploy the NCSC's Early Warning service as part of our on-boarding process, configuring this to provide alerts to our service desk for any alerts that are generated. Early Warning focuses on reviewing threat intelligence and other feeds to examine signs of compromise within a network. Naturally these feeds do not provide a replacement for cyber security detection and defence services, however any additional intelligence or early warnings are a positive step.

Our team conduct the following deployment and on-going service:

  • Creation of a MyNCSC account for the organisation
  • Gathering of registered domain names and public IP addresses that are in use
  • Configuration of Early Warning with IP and domain details
  • Alerts are configured to go direct to our service desk team
  • Data within the alerts is reviewed and investigations are conducted
Active management of Microsoft Secure Score
Secure Score periodically adjust the recommendations and therefore the associated score that is set for the tenant, through our service we not only monitor this but we deploy baselines and configurations to improve the score where viable. It should be noted that achieving a score of 100 is highly unlikely for the bulk of organisations, with the level of restrictions, controls and other elements that are required to achieve this; as well as significant investments in technology; this is not the focus of the service. The service is to increase the level of protection and therefore the score for the individual organisation as much as possible, whilst balancing security and usability. 

Our team conduct a monthly check to review the latest score data, apply any revised baselines that have been tested to improve the overall security posture of a tenant and also recommendations that have come from other sources such as our software vendors. The team will review outstanding recommendations for the tenant and engage with the customer if applying this is recommended but will require additional consideration either due to cost, risk or changes that are required.

The Secure Score will be tracked over time and periodic reporting is available to provide further details on the development of the Security Score within the tenant.
Password Management
Our customers are able to use MyGlue from IT Glue (Kaseya) as part of our service, enabling the secure storage of passwords within a highly secure cloud based platform. During on-boarding, our team will configure access for the customer using Azure Single Sign On via SAML and an Azure Enterprise Application. This enables the customer to login using their existing Active Directory/Entra credentials and store passwords securely. 
Service reporting
By default we provide an automated monthly report of a set of key metrics, customers can elect to receive these less frequently or opt-out of this content if required.

The default set of data within the report is as follows:

  • Number of tickets raised and their priorities
  • SLA performance over the period
  • Ticket type
  • Customer satisfaction data
  • Patch compliance data for the managed endpoints
We are working to integrate further data surrounding backups and our proactive service elements currently.
Backup monitoring and remediation
Backup services that are supplied by us will be monitored for failures and investigated accordingly. Our team prioritise remediating these issues and re-running any jobs as early as possible to minimise any risk to data being unprotected or out of date.
On-boarding

The on-boarding steps for the core components are listed below:

Service

  • Setup and configuration within our ticket management and knowledge-base platforms
  • Configuration of monthly service reporting pack
  • Visiting key sites to further our knowledge on the site, services, infrastructure and other critical information – including photographs to assist with future troubleshooting
  • Creation of a standardised device build process to ensure that future builds are consistent
  • Engagement with the customer to agree standardised process for Starters/Leavers
  • Creation of MyGlue configuration to enable password management for the customer
  • Updating of administrative passwords during migration, with secure storage of these for future use

Service Management

  • Introduction to our Service Delivery Manager and an overview of how our services work
  • Configuration of monthly service reporting pack
  • Creation of a welcome pack
  • Defining escalation processes
  • Discussion regarding 3rd party vendors and facilitating introductions

NOC (proactive services)

  • Build tenant within Datto RMM for device management and monitoring
  • Deploy Datto agent to servers and configure advanced monitoring as required
  • Testing and refinement of proactive alerting
  • Configuration of monitoring of critical elements, including network infrastructure and other components
  • Policy configuration to complete patch management via Datto RMM for endpoints
  • Creation of Datto RMM package for deployment
  • Create network configuration backups and store in IT Glue
  • Deploy backup for Office 365 and Servers as required
  • Deployment of Datto RMM to nominated pilot devices with full review following deployment
  • Full deployment of Datto RMM to endpoints
  • Configure integration for ScalePad to enable asset management and warranty reporting

Cyber Security

  • Configure Managed Detection and Response (MDR) tenant
  • Define pre-approved remediation actions and escalation processes
  • Deploy MDR agent to devices and confirm successful registration
  • Testing of detections and alerting

Project management

  • Introductory call with customer project team
  • Creation of the Project Initiation Document (PID) and associated documents, including a risk log with proposed mitigations
  • Project plan build out with technical team within project management platform
  • Engagement with the incumbent supplier to commence information sharing and handover
  • Submitting the request for information to the incumbent and monitoring the progress of this
  • Conduct on-going project management meetings and provide highlight reports at an agreed frequency
  • Continually manage both quality and risk, reporting these to the customer
  • Complete a project closure meeting and associated documentation at the end of the project
Product SKU
ABCDEF1234