CBM Managed IT Proposal

1. Cover Letter

Dear Robin Clark,
Rooted Software (Rooted) is a technology services company specializing in supporting the missions of small to mid-sized organizations in the United States. During their combined 40 years of experience in tech leadership, founders Toby Weiss and Josh Bechard found that their organizations were best served by those who shared a passion for their mission and an understanding of their needs. Rooted was launched to provide technical support, backed by this very passion and experience, to countless organizations with the following three core values to sustain it:
Fidelity - In all things Rooted strives to be transparent and trustworthy. We act with integrity and follow through on commitments from our initial meeting to project/service delivery.
Compassion - People first, technology second. Rooted comes alongside you with empathy for your team, passion for your mission, and humility in our approach.
Intentionality - Rooted takes ownership of issues, is proactive in finding solutions, and will not cut corners on quality to drive quantity.
Rooted Software is honored to currently provide Managed IT services in the support of many organizations of varying ages, scopes of influence, employee-count, tech stacks, infrastructures and needs. The technological needs of CBM are well within the capability of Rooted Software’s Service Desk team which consists of highly trained remote technicians working across numerous time zones following best practice availability, security protocols, and measures of consistency. The team of technicians is regularly praised by Rooted partners for a genuine support of their mission and for resolving technical issues in a prompt and professional yet personal manner. Several references are provided directly within the proposal for further detail. Additional testimonials can also be found on our website at .
Rooted Software is excited at the opportunity to provide the technology and technical human resources to support CBM in its mission to partner with local churches around the world to bring hope, healing and reconciliation through word and deed. Rooted understands that each machine thoughtfully configured, deployed, monitored, and maintained for an individual at CBM translates directly to CBM’s ability to serve the world. While recognizing that CBM is executing due diligence in comparing multiple MSPs for its technical solutions, Rooted hopes that CBM sees our desire to form a long-term partnership that yields increased impact to CBM.
Toby Weiss

2. Statement of Work

2.1 Azure AD Migration, File Migration Consulting, Compliance As A Service

File Migration Consulting

This Statement of Work (SOW) outlines the scope, objectives, deliverables, and timeline for consulting services regarding file migration security protocols. The consulting services will focus on enhancing the security measures associated with the migration of files within the client's infrastructure.
The primary objectives of this consulting engagement are as follows:
Assess the current file migration processes and security protocols in place.
Identify potential vulnerabilities and risks associated with file migration.
Develop recommendations and strategies to enhance file migration security.
Provide guidance on implementing best practices and technologies to mitigate security risks.
Ensure compliance with relevant regulatory requirements and industry standards.
Scope of Work:
The scope of work for this consulting engagement includes, but is not limited to, the following tasks:
Conducting a comprehensive review of existing file migration processes and security protocols.
Performing a risk assessment to identify potential threats and vulnerabilities.
Analyzing the encryption mechanisms, access controls, and authentication methods employed during file migration.
Evaluating the effectiveness of data loss prevention (DLP) measures in place.
Developing a tailored security strategy and roadmap for enhancing file migration security.
Providing recommendations for implementing encryption, multi-factor authentication (MFA), and other security controls.
Offering guidance on employee training and awareness programs related to file migration security.
The following deliverables will be provided as part of this consulting engagement:
Initial assessment report outlining current file migration processes and security measures.
Risk assessment report identifying vulnerabilities and potential security threats.
Security strategy and roadmap document detailing recommendations for enhancing file migration security.
Implementation plan outlining steps to deploy recommended security measures.
Final consulting report summarizing key findings, recommendations, and next steps.
The successful completion of this consulting engagement is based on the following assumptions:
Availability of necessary resources and access to relevant systems and documentation.
Cooperation from key stakeholders and subject matter experts within the client's organization.
Timely feedback and decision-making throughout the engagement process.

Azure AD Migration

This Statement of Work (SOW) outlines the scope of professional services to be provided by Rooted Software (hereinafter referred to as "MSP") for migrating accounts from Active Directory to Microsoft Azure Active Directory (Azure AD) in the cloud for CBM (hereinafter referred to as "Client"). The objective of this engagement is to ensure a seamless transition of user accounts and associated data to the cloud-based directory service.
Scope of Work
The scope of work includes but is not limited to the following:
Initial Consultation and Planning:
MSP will conduct an initial consultation session with Client to understand their Active Directory environment, user accounts, group policies, and any custom configurations. Based on this assessment, a migration plan will be developed, outlining the migration strategy, timelines, and dependencies.
Azure AD Setup and Configuration:
MSP will provision and configure Microsoft Azure Active Directory (Azure AD) tenant for Client, ensuring alignment with their organizational structure and security requirements. This will include setting up user accounts, groups, roles, and policies as per the defined migration plan.
Account Migration:
MSP will execute the migration of user accounts, groups, and associated attributes from on-premises Active Directory to Azure AD. This will involve synchronizing user identities, passwords, and group memberships while ensuring minimal disruption to users' access and productivity.
Group Policy Migration:
MSP will assess and migrate existing Group Policy Objects (GPOs) from on-premises Active Directory to Azure AD, utilizing Azure AD Domain Services or equivalent solutions as necessary. This will ensure continuity of policy enforcement and configuration management in the cloud environment.
Testing and Validation:
MSP will conduct thorough testing of the migrated accounts and group policies to verify proper functionality and alignment with Client's requirements. User acceptance testing (UAT) will be performed to validate user access, permissions, and application integrations in the Azure AD environment.
User Training and Documentation:
MSP will provide training sessions for Client's IT staff on managing user accounts, groups, and policies in Azure AD. Additionally, comprehensive documentation will be provided, including migration procedures, best practices, and troubleshooting guides to support ongoing administration.
Post-Migration Support:
MSP will provide post-migration support to address any issues or concerns arising after the migration. This may include troubleshooting user access issues, refining configurations, and providing guidance on optimizing Azure AD for Client's specific requirements.
The following deliverables will be provided as part of this engagement:
Azure AD tenant setup and configuration documentation
Migration plan and timeline
Migrated user accounts and groups in Azure AD
Documentation of migrated Group Policy Objects (GPOs)
Testing and validation reports
User training materials and documentation
Assumptions and Dependencies
The successful completion of this project is dependent on:
Client's provision of necessary access to existing Active Directory infrastructure and systems
Timely decision-making and approvals from Client
Availability of resources and support from both parties as required.
Terms and Conditions
All services provided under this SOW will be subject to the terms and conditions outlined in the Master Service Agreement (MSA) between MSP and Client.

Project Plan and Estimates
Assessment and Planning:
Assess the current Active Directory environment to understand its structure, users, groups, permissions, and applications.
Determine the requirements and goals for migrating to Azure AD.
Identify any dependencies or limitations that may affect the migration process.
Inventory and Clean-up:
Create an inventory of all objects in Active Directory, including users, groups, computers, and applications.
Clean up the Active Directory environment by removing unused or obsolete objects.
Ensure that all necessary objects are properly organized and categorized for migration.
Azure AD Configuration:
Set up a new Azure AD tenant if one does not already exist.
Configure Azure AD settings, including user attributes, password policies, and security settings, to align with the organization's requirements.
User and Group Migration:
Migrate users and groups from Active Directory to Azure AD using tools like Azure AD Connect.
Verify that user accounts and group memberships are correctly replicated in Azure AD.
Notify users about the migration process and provide any necessary training or support.
Ensure all users are backing up their data in OneDrive and SharePoint prior to migration.
Application Integration:
Identify and integrate on-premises and cloud-based applications with Azure AD for authentication and access management.
Update application configurations to use Azure AD as the identity provider.
Test application integration to ensure that users can access resources without any issues.
Group Policy Migration:
Assess existing Group Policy Objects (GPOs) in Active Directory and determine their relevance in the cloud environment.
Migrate GPO settings to equivalent configurations in Azure AD or Azure AD Domain Services.
Test GPO migration to ensure that desired configurations are applied correctly to Azure AD-joined devices.
DNS and Networking Configuration:
Update DNS records and network settings to ensure that devices can authenticate with Azure AD and access cloud resources.
Configure network connectivity between on-premises environments and Azure, if necessary, using VPN or Azure ExpressRoute.
Monitoring and Testing:
Implement monitoring and reporting tools to track the health and performance of Azure AD.
Conduct thorough testing of all migrated components, including users, groups, applications, and policies, to identify and address any issues.
Deployment and Cutover:
Plan and schedule the final cutover from Active Directory to Azure AD, ensuring minimal disruption to users and business operations.
Execute the migration plan, including any necessary data synchronization and final configuration adjustments.
Monitor the migration process closely and provide support to users as needed.
Verify that all systems and services are functioning correctly in the Azure AD environment post-migration.

Compliance As A Service

The objective of this engagement is to provide comprehensive compliance services to the Client, ensuring adherence to relevant regulations, standards, and best practices within the Client's industry. The Provider will assist the Client in identifying, implementing, and maintaining effective compliance measures to mitigate risks and achieve regulatory compliance.
Scope of Services
The scope of Compliance as a Service includes, but is not limited to, the following:
Conducting an initial assessment of the Client's current compliance status, including identifying regulatory requirements applicable to the Client's operations.
Developing a customized compliance framework tailored to the Client's specific industry, size, and geographical location.
Providing ongoing monitoring and assessment of regulatory changes and updates relevant to the Client's business.
Assisting the Client in implementing policies, procedures, and controls to address compliance requirements.
Conducting regular compliance audits and assessments to evaluate the effectiveness of the compliance program.
Providing guidance and support to the Client in addressing compliance issues and remediation efforts.
Offering training and education sessions to the Client's employees to enhance awareness and understanding of compliance obligations.
Providing access to compliance management tools, resources, and templates to facilitate compliance efforts.
Ensure client qualifies and remains compliant to receive needed Cyber Liability Insurance (to be provided by 3rd party Insurance broker directly to client, not via Rooted Software).
The following deliverables will be provided as part of the Compliance as a Service engagement:
Initial compliance assessment report outlining current compliance status and areas for improvement.
Customized compliance framework tailored to the Client's specific needs and requirements.
Regular compliance reports summarizing regulatory updates, assessments, and audit findings.
Documentation of policies, procedures, and controls implemented to address compliance requirements.
Records of compliance training sessions conducted for the Client's employees.
Recommendations and action plans for addressing compliance issues and implementing remediation measures.
One monthly hour-long meeting to review compliance concerns and improvements.
Two monthly hours of security-controls work.
Roles and Responsibilities
The Provider is responsible for delivering the compliance services outlined in this SOW according to industry best practices and standards.
The Client is responsible for providing necessary access to information, resources, and personnel required for the successful delivery of Compliance as a Service.
Both parties will collaborate closely throughout the engagement to ensure alignment with the Client's goals and objectives.
Both parties agree to maintain the confidentiality of any proprietary or sensitive information shared during the course of the engagement.

MSP Onboarding

Rooted Software will onboard all employees, hardware, etc. to the newly established infrastructure, deploy remote monitoring services, ticket-logging & monitoring software, configure technical and business profiles, etc. necessary for the ongoing MSP support items.

2.2 Ongoing MSP Support SOW

This Statement of Work (SOW) outlines the scope of technical support services to be provided by Rooted Software to CBM. The objective is to ensure uninterrupted functionality, security, and optimal performance of endpoints within the CBM’s infrastructure.

Scope of Services

Rooted will establish and manage a centralized Service Desk to serve as the primary point of contact for all IT-related issues and requests. This includes:
Helpdesk support for end-users
User account management and access control
End-user remote troubleshooting and problem resolution
Incident and request ticket logging, tracking, and resolution
Remote Monitoring and Management
Continuous monitoring of CBM endpoints to identify and address potential issues proactively.
Remote troubleshooting and resolution of technical problems to minimize downtime.
Continuous automated performance assessments to optimize system efficiency.
Identity Management with a Password Manager
Deployment and configuration of identity management solutions for secure user access.
Implementation of a password manager to enhance password security and user authentication.
Asset Management
Hardware provisioning/onboarding and Deprovisioning
Patch management and software updates.
Software license acquisition and management
Remote Machine Monitoring
Remote Machine Wiping
Hardware and software inventory reporting
Hardware obsolescence planning
M365 architecture maintenance
Asset Protection
Antivirus protection with Sentinel One AV
Data Loss Prevention with Acronis Data Protection Solutions
Downtime/outage resolution and reporting
Advanced Antivirus and Endpoint Detection Response
Implementation and management of advanced antivirus solutions to safeguard Endpoints against malicious threats.
Endpoint detection and response to identify and neutralize security incidents promptly.
Network Management
Rooted will be responsible for the ongoing management of the CBM network infrastructure. This includes:
Network monitoring for performance, security, and availability.
identification and resolution of network outages and issues
Network hardware obsolesce planning and consultation.
Network architecture planning and consultation.
Configuration management and optimization of network devices
Implementation of security measures, including firewalls and intrusion detection/prevention systems
Infrastructure Management
Rooted will oversee the management and maintenance of the CBM IT infrastructure, covering:
Server administration and optimization
Virtualization management
Storage solutions management
Backup and disaster recovery planning and execution
Patch management and software updates.
Hardware and software asset management
Implement a systematic approach to manage the lifecycle of IT assets.
Plan for timely upgrades and replacements to ensure optimal performance.
Implement a systematic approach to manage the lifecycle of IT assets.
Plan for timely upgrades and replacements to ensure optimal performance.
Rooted will establish and maintain clear communication channels with CBM, including regular meetings to discuss service performance, upcoming changes, and strategic planning.
Additional Services
Quarterly Business Reviews: Rooted Software will perform Quarterly Business Review with CBM Team to ensure our services are in line with the current and future technology direction of CBM.
Technical training upon request
Regular reporting on service desk performance and trends


Client (CBM)
Provide necessary access and information for MSP Support
Provide necessary administrator access to CBM’s Microsoft 365 Environment.
Provide necessary administrator access to CBM’s Network
Provide necessary administrator access to CBM’s Server
Complete onboarding documents to the best of CBM’s ability
Rooted Software
Provide unlimited technical support for endpoints as outlined in this SOW.

Methods of accessing support

General hours of support: Monday-Friday, 6am-5pm MST
Ways to submit a ticket:
Call dispatch (785) 347-9300
Complete our ticketing form.

2.3. Reporting

Included Reports

Rooted will provide regular reports to the Client, including but not limited to:
Service Desk performance metrics.
First Contact Resolution (FCR) measures the percentage of customer issues or inquiries that are successfully resolved during the initial interaction with a support or service channel.
Resolution Time
Shows the duration it takes to fully address and resolve a particular issue or request, typically measured from the time the problem is reported or the request is initiated until the moment it is successfully resolved or completed.
Response Time
Shows the duration between the initiation of a request or query and the beginning of the system's or service provider's reply or action.
Ticket Volume
Shows the total number of service requests, inquiries, or issues raised and recorded.
Ticket Backlog
Shows the accumulation of unresolved service requests or issues that have not been addressed within the expected or desired time.
Service Level Agreement (SLA) Compliance
Shows the extent to which a service provider meets the predefined performance and service quality standards outlined in the SLA agreed upon with the customer.
Customer Satisfaction (CSAT)
Gauges the overall satisfaction of customers with a product, service, or interaction based on their responses to a satisfaction survey.
User Survey Results
Provides feedback and insights gathered from a survey conducted among users to assess their opinions, experiences, and satisfaction with a product, service, or experience.
Network health
Network Traffic Analysis Report.
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.