Frequently Asked Questions

Managed IT pricing is based on the number of users and devices, the complexity of your environment, and the specific compliance requirements for your industry. Most of our clients invest between $125 and $250 per user per month for fully managed services including help desk, cybersecurity, backup, and compliance support. We provide transparent, fixed-fee pricing with no hidden charges — you will know exactly what you are paying before signing anything.

Our fully managed IT service includes 24/7 monitoring, help desk support, patch management, endpoint security (SentinelOne), email security (Proofpoint), managed firewall, cloud backup with disaster recovery, Microsoft 365 or Google Workspace management, and compliance documentation for your industry. Everything your business needs to operate securely — in one fixed monthly fee.

We offer both month-to-month and annual agreements. Annual agreements include a modest discount. We do not lock clients into multi-year contracts because we believe you should stay with us because our service is excellent — not because a contract forces you to.

Fully managed IT means GCS handles everything — your entire IT environment from help desk to cybersecurity to compliance. Co-managed IT means you have an internal IT person or team and GCS supplements them with specific capabilities they lack — typically cybersecurity, compliance, backup, or after-hours coverage. We tailor the co-managed scope to fill your exact gaps.

Yes, large projects like cloud migrations, office relocations, and major infrastructure upgrades are scoped and quoted separately from your monthly managed service fee. We provide a detailed project scope and fixed-price quote before any work begins — no surprises, no hourly billing that spirals out of control.

Yes. We implement every technical safeguard required by the HIPAA Security Rule — encryption, access controls, audit logging, backup, and incident response. We also provide the documentation your auditor needs, including risk assessments, policy documents, and training records. Our healthcare clients have maintained a 100% HIPAA audit pass rate.

Yes, we execute a comprehensive BAA with every healthcare client on day one. Our BAA covers all services we provide, addresses sub-contractor obligations, and includes breach notification procedures. We also maintain and track BAAs with all third-party vendors in your environment who have access to PHI.

We implement the technology controls required by ABA Model Rules 1.1 (technology competence), 1.6 (confidentiality), and 5.3 (vendor supervision). This includes encryption, MFA, access controls, email security, audit logging, and documented security policies. We also provide the documentation demonstrating your firm meets these obligations.

Yes. We create a custom WISP document for your firm — not a generic template. We implement all nine elements of the FTC Safeguards Rule, deploy the technical controls IRS Publication 4557 recommends, and maintain the documentation your firm needs to demonstrate compliance during any IRS review.

Yes. We maintain a complete compliance documentation package including security policies, risk assessments, incident response plans, training records, and technical control evidence. When an auditor, insurance carrier, or regulator requests documentation, we produce it immediately — not after a scramble to assemble it.

A typical onboarding takes 2-4 weeks depending on the size and complexity of your environment. During this period, we install monitoring and security agents on all devices, configure backup, deploy email security, document your environment, and transition support responsibilities from your previous provider — all with zero downtime for your team.

No. We perform all onboarding tasks during business hours with zero impact to your operations. Agent installations, security deployments, and configuration changes are all done in the background. Your team keeps working normally throughout the entire transition.

Day one, your team has a phone number and email to reach our help desk. We begin monitoring your environment immediately, provide emergency support for any issues, and start the systematic onboarding process. You are never without IT support — not even for a single day during the transition.

Absolutely. Our co-managed model is designed for exactly this scenario. We work alongside your existing IT staff, filling gaps in cybersecurity, compliance, backup, and after-hours coverage. We define clear responsibilities so there is no confusion about who handles what.

Our help desk is staffed Monday through Friday, 7 AM to 6 PM Alaska Time. After-hours, weekends, and holidays, we provide emergency support for critical issues — server down, security incidents, and system outages. Our monitoring operates 24/7/365 and alerts our on-call team to critical issues automatically.

Critical issues (server down, security incident): 15-minute response. High priority (multiple users affected): 30-minute response. Normal priority (single user issue): 1-hour response. Low priority (requests, projects): next business day. These SLAs are documented in our service agreement with escalation procedures if they are not met.

Phone, email, or our client portal. Call our help desk directly for urgent issues. Email support@gcsprior.com for non-urgent requests. Or submit a ticket through our client portal where you can track status, add notes, and view your complete ticket history. All three methods create a tracked ticket with SLA timers.

Yes. We resolve approximately 85% of issues remotely within minutes. For hardware problems, network infrastructure work, and new employee setups that require physical presence, we dispatch a technician to your office. On-site visits are included in your managed service agreement — no extra charges for dispatch.

We guarantee full system recovery within 4 hours (RTO) with a maximum data loss of 15 minutes (RPO). This applies to any scenario — ransomware, hardware failure, natural disaster, or user error. We test this recovery monthly and document the results for your compliance records.

We deploy enterprise-grade security tools: SentinelOne for endpoint detection and response (EDR/XDR), Proofpoint for email security and phishing protection, FortiGate firewalls with intrusion detection, and Microsoft Defender for cloud application security. Every tool is monitored 24/7 by our security operations team.

Our layered defenses are designed to prevent ransomware from executing. If ransomware does get through, our SentinelOne agents detect and isolate the infected machine in milliseconds. We then restore all data from immutable backups within 4 hours. No ransom paid. No data lost. We have maintained a zero-ransom-paid record across all clients for 27 years.

Yes. We provide annual security awareness training customized for your industry — healthcare-specific phishing scenarios, legal-specific social engineering, or accounting-specific tax fraud attempts. We also run monthly simulated phishing campaigns to test and improve your team's response. Staff who click simulated phishing are automatically enrolled in additional targeted training.

Yes. We perform annual penetration testing — both external (attacking your public-facing systems) and internal (simulating a compromised insider). Results are documented in a detailed report with prioritized remediation recommendations. We also run quarterly vulnerability scans and continuous monitoring for new threats.