Straight answers about managed IT

Managed IT is a fixed-fee arrangement where a provider takes ongoing responsibility for your technology: monitoring systems, handling support requests, applying patches, managing vendors, and keeping your environment documented and secure.

Most businesses we talk to are either using a break-fix shop (they call someone when something breaks), relying on one in-house generalist, or doing it themselves. Managed IT shifts from reactive to proactive. Problems are often caught and resolved before your team notices them.

Unlimited remote support means your team can submit tickets without worrying about per-hour charges. There is no meter running every time someone calls for help.

Like any "unlimited" service, it is governed by a Fair Use Policy. This means the support is intended for normal day-to-day business IT needs, not for project work, custom development, or use levels that would require dedicated staffing. Project work is scoped and quoted separately.

An MSP (Managed Service Provider) handles general IT operations: support, monitoring, patching, backups, and cloud management. An MSSP (Managed Security Service Provider) adds a security operations layer on top: threat detection, incident response, 24/7 SOC coverage, and compliance support.

Hexafusion provides both. Every plan includes a baseline security stack, and our higher tiers include EDR and MDR capabilities that are typically associated with MSSP services.

Our plans are built for teams of 5 to 150 users, though we serve organizations outside that range. The sweet spot is a BC business that has grown past the point where managing IT internally makes sense, but is not yet large enough to justify a full in-house IT department.

We work across professional services, healthcare-adjacent offices, legal, accounting, construction, and growing tech companies. If you're not sure whether you're a good fit, get in touch and we'll tell you honestly.

Most issues are resolved remotely and faster that way. Onsite visits are included in Professional and Enterprise plans for issues that genuinely require physical presence. For Basic and Essential plans, onsite work is available at the applicable discounted rate for plan clients.

We serve Metro Vancouver and surrounding areas. If you are outside the Lower Mainland, talk to us about what makes sense for your location.

Our plans are priced per user per month. The monthly invoice covers all the services included in your plan tier. You know the number before the month starts.

Some items are billed separately: third-party software licensing (Microsoft 365, for example) is passed through at cost or with transparent markup, and project work outside the scope of managed services is quoted separately.

See the full breakdown on our plans page.

Yes. There is a one-time onboarding fee that covers the initial environment assessment, documentation build-out, tooling deployment, and the first 30-day stabilization period. The fee varies based on your environment size and complexity.

We are transparent about this upfront. You will see the onboarding charge on your quote before you sign anything.

Items billed separately include:

• Third-party software and licensing (Microsoft 365, security tools, cloud storage)
• Hardware (computers, servers, networking equipment)
• Project work: migrations, new office setups, major deployments
• After-hours emergency support for Basic and Essential clients
• Penetration testing and formal compliance audits

We are clear about this before you sign. There are no hidden fees that appear six months in.

Billing adjusts monthly based on your active user count. If you hire five people in March, those users are added to your invoice starting that month. If you reduce headcount, we reconcile accordingly.

There is no penalty for normal business growth or contraction. Significant changes (like an acquisition or a major layoff) are handled on a case-by-case basis to make sure your service coverage stays right-sized.

Our standard agreement is a 12-month term. This allows us to properly staff and plan for your environment. In practice, clients stay because the service works, not because they're locked in.

After the initial term, agreements renew on a rolling basis with standard notice provisions. We will always tell you what the terms are before you sign.

We have done this many times. The process is straightforward when both parties are professional about it. Here is how it typically works:

• We do an initial discovery call and scoping session
• Once you sign with us, we manage the transition timeline with you
• We request documentation and access from your outgoing provider
• We run parallel monitoring during the handover period
• Your team has a working support line throughout the transition

If your previous provider is difficult about the handover, we help you navigate that too. You own your environment.

There are two common scenarios. In the first, your internal person handles day-to-day requests and we provide the tooling, security stack, monitoring, backup, and strategic guidance they do not have time or expertise to manage alone. This is sometimes called co-managed IT.

In the second, your internal person is leaving or moving to a different role, and you want to fully hand IT over. We handle the full transition in that case.

Either way works. Tell us your situation and we'll propose the right fit.

The first 30 days are the most intensive. We deploy our tooling, document your environment, and establish the baseline. By day 30, your team is submitting tickets and getting responses through our system, and we have a clear picture of your setup.

The 30-to-90 day period is stabilization: we address any gaps found during onboarding, run your first patch cycle, and prepare for your first Technology Business Review. After 90 days, you're in steady-state managed services.

We assess your existing equipment during onboarding and give you an honest assessment of what to keep, what to plan to replace, and on what timeline. We do not require you to replace everything immediately.

Hardware procurement can go through us (we handle vendor relationships and procurement) or through your existing suppliers. We are flexible here. Our priority is that your environment is well-documented, monitored, and supported, regardless of who supplied the equipment.

Your team can reach us by phone, email, or through the client portal we set up during onboarding. All three create a ticket in our system and get triaged based on priority.

We also deploy a tray icon or client app on managed devices that gives your team a one-click path to support. Most clients settle into whatever method works for their culture.

Support hours are tiered by plan:

• Basic and Essential: Monday to Friday, 9:00 AM to 5:00 PM Pacific, excluding BC statutory holidays
• Professional: Monday to Friday, 7:00 AM to 7:00 PM Pacific, excluding BC statutory holidays
• Enterprise: 24 hours a day, 7 days a week, 365 days a year

After-hours emergency support for P1 (business-down) issues is available to Basic and Essential clients at applicable rates. Full response time targets by priority level are documented in our Service Level Agreement.

Our monitoring runs 24/7 regardless of plan. If a critical system alert fires at 2 AM, we see it. For Enterprise clients, we respond immediately. For Basic and Essential clients, critical after-hours support is available at the applicable rate, and our monitoring will flag the issue so we are already aware when business hours begin.

We recommend Enterprise for organizations where any after-hours downtime has direct revenue or regulatory impact.

Yes. We support Mac, Windows, and mixed environments. Mac support is included across all plans. We will note during scoping that environments with a higher Mac-to-PC ratio have slightly different tooling and licensing costs, which we account for in your quote.

Our primary focus is Microsoft 365 and Azure, which is where the majority of our BC clients operate. We also support Google Workspace environments and have experience with hybrid setups.

For AWS or other cloud infrastructure, support scope depends on what is being managed. Describe your environment and we will tell you what is included and what falls outside scope.

Security is built into every plan, not sold as an add-on:

• Basic and Essential: Endpoint Protection (EP), MFA setup, basic email filtering, and security awareness training access
• Professional: Endpoint Detection and Response (EDR), advanced email threat protection, vulnerability scanning
• Enterprise: Full MDR with 24/7 SOC coverage, active threat hunting, and dedicated incident response

See the full comparison on our plans page or the detail on our cybersecurity page.

Yes. Cyber insurers are increasingly requiring specific technical controls: MFA on all accounts, EDR on endpoints, documented backup and recovery, and security awareness training. We help you meet those requirements as part of your managed services engagement.

If you are applying for cyber insurance or renewing a policy, we can provide documentation of the controls we manage on your behalf. Many clients find that our security stack satisfies the technical requirements their insurer asks for.

This is why we take backup and security seriously from day one. Our response depends on your plan and what was in place at the time of the incident.

With proper backups and a good security posture, ransomware recovery is painful but survivable. Without them, it can be catastrophic. We document your recovery time and recovery point objectives during onboarding so everyone understands what the realistic outcome is if something goes wrong.

Enterprise clients with MDR have active threat detection that catches many ransomware attacks before encryption begins. All clients can add our incident response service. Read more about our security approach.

We help you meet the technical controls that support PIPEDA and BC PIPA compliance: access controls, encryption, audit logging, breach detection, and documented policies. We are not a law firm and cannot provide legal compliance advice.

If you operate in healthcare, we understand PHIPA-adjacent requirements and have experience supporting clinics and healthcare-adjacent organizations. For formal compliance audits, we work alongside your legal or compliance consultant.

External vulnerability scanning is included at the Professional and Enterprise tiers. Full penetration tests (adversarial, scope-defined engagements) are available as a separate quoted service through our trusted security partners.

We coordinate the engagement, brief the testers on your environment, and review the findings with you so the results are actionable, not just a report that sits on a shelf.