This Schedule forms part of the IT Master Services Agreement and describes the scope, responsibilities and limitations relating to Endpoint Protection and Security Services.
Security Services provide additional protection for devices, users and cloud services through tools such as antivirus, endpoint detection and response (EDR), security operations centre (SOC) monitoring, SaaS threat detection, cloud backup and other security controls.
These services build on, but are separate from, core IT Support, Patch Management, Monitoring and Alerting and Backup and Recovery. They are generally optional and will only apply where they are included in your Order. You may not use all services and components described in this Schedule.
1. Service overview
Endpoint Protection and Security Services are designed to:
- reduce the likelihood and impact of malware, ransomware and other attacks on in-scope devices and accounts;
- provide enhanced detection, investigation and response capabilities through EDR and SOC services;
- improve the security posture of cloud environments such as Microsoft 365 and Google Workspace;
- support user-level protections, including cloud backup, phishing defence and awareness training;
- provide optional endpoint-level backup and business continuity capabilities.
Security Services do not guarantee that security incidents will never occur, but they significantly enhance visibility, resilience and the ability to respond effectively when issues arise.
2. Packages and modular activation
Security Services are offered in a combination of packages and standalone components. In summary:
- Patch - operating system and software patching only, with no Service Desk access and no security tooling included.
- Support - adds Service Desk access to Patch, but does not include Shield, Guardian or User Protection by default.
- Support + Shield - Support plus the Shield security stack and enhanced security policy management and support.
- Guardian - Support + Shield plus SOC monitoring (RocketCyber) for higher levels of security incident visibility and response.
- Shield (standalone) - the Shield security stack can also be purchased on its own, without a Support package.
- User Protection - a separate package focused on user and cloud security, which can be purchased standalone or alongside any support package.
All Security Services are delivered on a modular activation basis. This means that, even within a package:
- individual components (for example specific agents or user protections) can be provided as standalone services; and
- you do not have to activate every available component in a package if it is not appropriate for your environment.
Your Order will set out which packages and components are in place, and for which devices, users, tenants or environments.
3. Endpoint Protection (devices)
Endpoint Protection focuses on physical and virtual devices such as desktops, laptops, servers and covered endpoints. Where purchased, Endpoint Protection may include some or all of the following:
- Shield - an endpoint security stack delivered via enterprise-grade security tools, consisting of:
- Antivirus;
- Endpoint Detection and Response (EDR);
- Ransomware protection features; and
- DNS filtering to block known malicious destinations.
- Guardian - the Shield stack plus Security Operations Centre (SOC) monitoring via RocketCyber and integrated SIEM tooling. Guardian provides 24×7 triage and escalation of security alerts raised from in-scope devices and environments.
- Vulnerability scanning - where purchased, vulnerability scanning on in-scope devices and systems (for example using Vulscan or equivalent tooling) to highlight missing patches, misconfigurations and known vulnerabilities.
- Endpoint backup and business continuity - where purchased, endpoint-level backup and the ability to recover covered endpoints as virtual machines (for example in the cloud) following device failure. These services are further described in the Backup and Recovery Schedule and linked to Endpoint Protection for entitlement and packaging.
- On-premise BCDR appliances - where purchased, suitable backup and business continuity appliances for server-level backup, disaster recovery and business continuity, as described in the Backup and Recovery Schedule.
Endpoint Protection applies only to devices that are correctly onboarded to the relevant security tooling and remain reachable by those tools.
4. User Protection (accounts and cloud services)
User Protection is focused on identities, accounts and cloud services rather than physical devices. Where purchased, it may include:
- Cloud Backup (cloud-to-cloud backup for Microsoft 365 and/or Google Workspace) - backup of supported Microsoft 365 data such as Exchange Online, OneDrive, SharePoint Online and, where supported, Teams. This is sometimes referred to as “Cloud Backup” and is also described in the Backup and Recovery Schedule.
- Cloud Threat Detection and Response (SaaS Alerts or equivalent) - monitoring of in-scope SaaS platforms (for example Microsoft 365 and Defender) for suspicious activity, misconfigurations and risky behaviour, with alerts integrated into our security workflows.
- Dark Web Monitoring (DarkWebID or equivalent) - monitoring for exposed credentials associated with your domains to help identify where passwords may have been compromised.
- Email Security - advanced phishing and email threat protection, currently provided via Graphus and transitioning to Inky or equivalent, typically marketed as “Email Security”. This may include link and attachment scanning, impersonation detection and other controls.
- Phishing simulations and cybersecurity awareness training (BullPhish or equivalent) - regular phishing simulations and associated training content to help users recognise and report suspicious emails.
User Protection can be purchased as a bundle or as individual components. Entitlement is typically licensed per user and may not cover all users in your organisation unless this is specified in your Order.
5. Standalone and add-on security services
In addition to the packages above, certain security services are available as standalone or add-on options. These may be used alongside Endpoint Protection, User Protection or on their own. They include, but are not limited to:
- Password management - for example, Keeper or similar password manager solutions;
- Virtual Private Network (VPN) services - secure remote access solutions for in-scope users and devices;
- Vulnerability scanning - periodic or continuous scanning of in-scope networks, endpoints or servers;
- Penetration testing - scheduled penetration tests (for example using Vonahi or equivalent) to validate the effectiveness of security controls;
- Security posture improvement - targeted initiatives such as Microsoft Secure Score improvement (“Fortify”), as set out in your Order;
- Other specialist security tools and services - where agreed separately in writing.
Unless explicitly stated otherwise in your Order, these services are treated as add-ons and may be chargeable on either a recurring or project basis.
6. Service boundaries and exclusions
Endpoint Protection and Security Services are designed to enhance your security posture but have important boundaries. Unless explicitly agreed in your Order, Security Services do not include:
- guaranteed prevention of all attacks, breaches, malware infections or data loss;
- coverage of any device, user, tenant or environment that has not been onboarded into the relevant security tooling;
- coverage of devices where security agents are repeatedly disabled, removed or blocked from communicating;
- design and delivery of full security architectures, Zero Trust implementations, firewall rule sets, segmentation designs or MDM/BYOD rollouts (these are delivered as projects under separate arrangements);
- comprehensive compliance programmes (for example CE/CREST/DORA/PCI/ISO) beyond the use of security tools that may support such programmes;
- response and recovery for incidents outside the scope of the tools and services in place.
Where an incident is detected, remedial work is usually carried out under IT Support, Backup and Recovery or project arrangements, depending on the nature and scale of the incident.
7. Customer responsibilities
To ensure Endpoint Protection and Security Services remain effective, you must:
- provide and maintain accurate records of in-scope devices, users, domains and tenants;
- allow installation and operation of required security agents and integrations, and avoid disabling or tampering with them;
- ensure systems and endpoints remain powered on and connected where practical, so updates and security functions can run;
- encourage users to follow reasonable security practices, including MFA, password hygiene and awareness training;
- inform us of significant changes (for example new systems, mergers, major expansions) that may affect coverage;
- act on reasonable recommendations we make to maintain or improve your security posture.
8. Dependencies on third-party platforms
Security Services rely on various third-party tools and platforms, which may include (but are not limited to) security monitoring platforms, endpoint protection tools, email security services, password management solutions, VPN providers and cloud platforms such as Microsoft 365 and Google Workspace.
The availability, performance and feature sets of these platforms are outside our direct control. We will act reasonably to work with our suppliers and adapt our services where vendors make changes, but we are not responsible for vendor outages, product retirements or feature changes.
9. Changes to this Schedule
We may update this Schedule to reflect changes in security tooling, vendor capabilities, best practice or the range of Endpoint Protection and Security Services we offer. We will publish updated versions on our website and, for material changes, provide reasonable notice.