At your Company, our goal is to keep your business secure by proactively identifying risks before attackers can exploit them. We combine automated testing with expert analysis to give you clarity, confidence, and actionable results. Our minimum contract term for Security Assessment and Penetration Testing Services is (1) One Year. Please refer to your original proposal/invoice as to whether this services has been included.
External Security Testing
· Simulated cyberattacks from outside your network, just like real hackers would attempt.
· Identification of vulnerabilities in public-facing systems (websites, servers, VPNs, cloud apps).
· Reputation and brand protection through discovery of exposed information online (e.g., social media, DNS records, leaked data).
Internal Security Testing
· Comprehensive assessment of your internal IT environment.
· Detection of misconfigurations, weak passwords, and exploitable vulnerabilities.
· Demonstrates how an attacker could move inside your network if initial defenses were bypassed.
Gray Box Penetration Testing
· Deeper testing with partial knowledge or access (like a rogue insider or compromised account).
· Explores lateral movement, privilege escalation, and sensitive data exposure.
· Results are mapped to the MITRE ATT&CK Framework so you can see how real-world attacks apply to your environment.
Prospecting & Rapid Assessments
· Lightweight testing designed to quickly highlight obvious risks.
· Identifies outdated systems, insecure services, and unsafe configurations.
· Provides a “snapshot” of your environment’s exposure — ideal for executive overviews.
Application & Technical Testing
· Security scans and manual reviews of web applications, APIs, and other services.
· Testing for weak authentication, default credentials, patching gaps, and insecure protocols.
· Helps ensure your applications are secure against common and advanced threats.
How We Test
· OSINT & Reconnaissance: Identify what attackers can see about your company online.
· Discovery & Enumeration: Detect live systems, services, and potential entry points.
· Vulnerability & Exploitation: Confirm which weaknesses are real risks.
· Post-Exploitation: Simulate attacker techniques like lateral movement and data theft.
· Actionable Reporting: Clear executive summaries, detailed technical findings, and step-by-step remediation guidance.
This agreement is based on the following information agreed upon by you. Any change to this information requires an updated service agreement.
The WAVE TECH., INCORPORATED Service Desk provides a point of initial contact and escalation for your IT group when they have an issue or question. WAVE TECH., INCORPORATED’s staff are available during business hours to log issues and support your team. You can contact the IT Service Desk via the web site http://autotask.net using the credentials we provide to you, email, or via the telephone number listed herein. We commit to responding to your questions promptly (response times guaranteed, based on severity). If you are contacting WAVE TECH., INCORPORATED to escalate a service outage, we will route the call to our technical support center for prompt attention and handling. WAVE TECH., INCORPORATED understands that CLIENT does not always have support staff resources available to work with a WAVE TECH., INCORPORATED technician, either on the phone in a remote capacity, or onsite to aid in diagnosing technology-related issues. In conjunction with CLIENT’s desire to minimize the time
their staff needs to allocate to computer-related issues, WAVE TECH., INCORPORATED, has initiated the following procedures:
1. Trouble Ticket software has been installed and set up to register, track, and proactively manage all support requests at a user-selectable severity ranking. Access to the Internet is required to create a new support request.
2. A Trouble Ticket set to priority ‘urgent’ and tagged with the identifier “GSI – [Office Acronym] – EMER” will indicate that CLIENT wishes the issue resolved as soon as possible with the highest priority and that CLIENT wishes to have minimal interaction in achieving a resolution to the issue.
3. When a Trouble Ticket has been tagged “GSI – [Office Acronym] – EMER”, interaction with the end-user will be limited to 20 minutes, where after, WAVE TECH., INCORPORATED will dispatch a technician, whenever possible, to resolve the issue as outlined within this agreement under ‘Service Desk Severity Rankings and Response Times’.
4. Train your IT Group on how to log into the Web Site, correctly enter a trouble ticket, and check the status from any computer with Internet access.
5. All other terms and conditions shall remain in force.
The WAVE TECH., INCORPORATED Managed Services Program enables access to emergency support services. Should CLIENT’s team detect an issue with a service, or device,
outside standard business hours, CLIENT can contact the Emergency Support team to report the issue. WAVE TECH., INCORPORATED’s team (security or network,as appropriate) will investigate the issue and act appropriately.
Problem Severity | Initial Response Time | Escalation | Expected Time to Resolution |
Emergency (Business Hours) | 2-4 hours | N/A | Determined by the nature of the event |
Blocker | 4 hours/next business day | 1 Hour | Determined by the nature of the event |
Critical | 4 hours/next business day | 2 Hour | Determined by the nature of the event |
Major | 6 hours/next business day | 4 Hour | Determined by the nature of the event |
Normal | 12 hours/next business day | 6 Hour | Determined by the nature of the event |
Cosmetic | 16 hours/2nd business day | 8 Hour | Determined by the nature of the event |
As not every support case can be resolved at the initial point of report, Wave Tech., Incorporated and CLIENT’s management shall agree on the path of escalation to pursue with each incident.
While we strive to provide you with the best possible support at all levels, we leave an open communication channel right up to “the top executive level” for you in the event you ever need to escalate an issue further.
As outlined in the Service Desk Severity Rankings and Response Times chart above, our service desk team will escalate any unresolved issue(s) to our Operations team within the time allotted for that severity level.
If you ever need to escalate a Service Request or Issue, you agree to use the following escalation order to ensure quickest possible resolution time.
a. Name: Justin Bannister
b. Email: bannisterjr@wavetechinc.com
c. Phone: (714) 847-5945 ext. 104
a. Name: J. R. Harris
b. Email: harrisjr@wavetechinc.com
c. Phone: (714) 847-5945 ext. 101
Please note that these Escalation Points are not to be used for lodging Service Requests.
All Service Requests must be lodged through the normal methods as outlined in our General Terms and Conditions.
If you lodge a Service Request through one of these Escalation Channels, this will be treated as an “Emergency Upgrade” Service Request and will be charged at the “Emergency Upgrade” rate found on our Rate Schedule.
Time of Service | Rates |
Business Monday – Friday, 8:00am – 6:00pm | Onsite: $165 / hour |
Remote: $150 / hour | |
After Monday – Friday, 6:00pm – 11:00pm Saturday, 9:00am – 5:00pm | Onsite: $280 / hour |
Remote: $265 / hour | |
Overnight Monday – Friday, 11:00pm – 8:00am Saturday 5:00pm – Monday 8:00am | Onsite: |
Remote: $300 / hour | |
Holidays | Onsite: $400 |
Remote: $365 / hour |
The cost of the Managed Services Agreement Program is based upon several key factors:
1. Base program cost that includes monitoring of total devices, including computer workstations, servers, and networking hardware. These are the devices that have been identified in Appendix B that will require maintenance and support as determined by your organization’s critical business functions (NAS, SAN, backup and archive, email, Internet, file sharing, fax server, telephone, content filtering, intrusion protection, firewalls, etc.).
2. Any additional servers or devices that exceed the device limit of the Managed Services Agreement Program.
3. Inclusion of any optional modules over and above the base program.
4. Total number of monthly pre-scheduled maintenance hours or block of hours that are required to maintain said devices, as determined by WAVE TECH., INCORPORATED.
5. Any additional dispatch, support, or emergency fees.
Ø “Agreement” means any arrangement between us and you (whether alone or in conjunction with any other person) for Services and/or the provision of Goods provided by us under an arrangement in connection with Work agreed to be done or progressed for or on behalf of you or any other person at your request, including as set out in this Agreement and any corresponding Proposal;
Ø “Plan Fee” means a quote provided to you by us;
Ø “Proposal” means a Quote or Proposal provided to you by us;
Ø “Rate Schedule” means the schedule of rates, charges and conditions for the services of Ours as set, and as may be varied, by us from time to time in our absolute discretion;
Ø “Recommended Technology Platform” is the list of Software and Hardware found at www.wavetechinc.com/rtp and updated by us from time to time.
Ø “Response Time” Response Time is measured as the difference between the time we are first notified of a New Service Request as per the process outlined in our General
Terms and Conditions and the time that we start providing Service on the Service Request. We do not count any triage, scheduling or dispatch work when calculating Response Times.
Ø “Services” means the provision of any services by us including Work, advice and recommendations;
Ø “Service Request” means any request for work that either you ask us to perform, or we perform proactively on your behalf;
Ø “Software” includes software and any installation, update, associated software and any services provided in connection with any of these things;
Copy and paste this text on to your letterhead and then modify to suit each vendor that we will need to work with while we support you:
To Whom it may concern:
This letter is to inform you that we have contracted Wave Tech., Incorporated at 7602 Talbert Avenue, Suite H, Huntington Beach, California, to help support our IT and Technology needs.
To be able to do this effectively, Wave Tech., Incorporated, needs to be able to support and manage our Technology Suppliers on our behalf.
As such, this letter authorizes anyone from the team at Wave Tech., Incorporated to access and modify all aspects of our account and all the products and services that we have with <Vendor Name> effective immediately.
Anyone on the team at Wave Tech., Incorporated is authorized to act on our behalf at the same level as our own Authorized Contacts.
Should you require any further details, or if you are ever unsure of a particular request, please either call me on XXX-XXX-XXXX or email me at <me@client.com>.
This authorization is valid until we give you written notice otherwise.
Regards,
<Client Name>
<Title>
From our discussion about your critical business needs, you have decided to incorporate the following modules as part of the base program:
Security | Provides in-depth security monitoring. Allows for coordination and maintenance services for CLIENT’s Firewall and security-related applications. Also includes a combination of mandatory and recommended network policies. |
Enhanced Data Protection | Assessment, analysis and other consulting to maintain that the latest antivirus and intrusion detection practices are implemented and deployed to the workstations and servers as applicable for your organization. Maintained and tested on a regular basis to ensure ongoing relevance and reliability. |
Remote Management & Monitoring | Provides the ability to immediately log and monitor issues, attacks, and potential anomalies that affect your network, workstations, network hardware, and software. Additionally, it allows for real time response and remediation of many workstation concerns through remote access. |
Patch Management | Provides timely and unobtrusive capability for Microsoft Updates, Patch Management, and critical security updates to be installed as needed and in real time. |
SaaS Protection | Provides secure backups for GSuite, Google Workspace, Office365, Microsoft365, and Sharepoint data for each user in your organization. |
Security Awareness Testing & Training | Provides Security Awareness Testing & Training support for all users and monitors for incident violations. |
Graphus E-mail Security | Provides Phishing protection, support, and monitoring for all of your user accounts. |
Compliance Management | Provides the ability to scan your entire environment for potential compliance issues, bugs, and conformity. |
Acronis Server Backups | Provides full management, service, and support for your existing Acronis Server backup solution Subscription not included. |
Helpdesk | Provides the ability to immediately log a request for support and monitor that incident through completion in a timely manner. Additionally provides end-user support for approved applications, including minor version upgrades, |
|
|
| ||
Customer Information |
|
|
Business Legal Name: ____________________________________________________________________________________
Business DBA: ____________________________________________________________________________________________
Full Name: _______________________________________________________________________________________________
Last First M.I.
Street Address: ___________________________________________________________________________________________
____________________________________________________________________________________________
City State Zip Code
Business Phone: _________________________________________
Cell Phone: _____________________________________________
Email Address: _____________________________________________________________________________________________
| |||
Billing Address |
|
|
|
Name (If Different from Above):___________________________________________________________________________
Address: _________________________________________________________________________________________________
Street Address: ___________________________________________________________________________________________
___________________________________________________________________________________________
City State Zip Code
Business Phone: _________________________________________
Cell Phone: _____________________________________________
Preferred Invoice Method:
Email Address: __________________________________________ FAX: __________________________________________
Mail: ______________________________________________________________________________________________________
| |
Shipping Address |
|
Address: | YES |
Loading Dock Available – YES NO
| ||
Key Contact [please answer
Admin Contact:________________________________________________________________________________________ Name Phone Email
Accounting Contact: __________________________________________________________________________________ Name Phone Email
Technical Contact: ____________________________________________________________________________________ Name Phone Email
Alternate Contact: ____________________________________________________________________________________ Name Phone Email | ||
|
|
|
General Information [please answer all questions] |
|
|
Customer Type: ________________________________________________________________________________________
Individual Company Govt. Agency (If Applicable
Briefly describe Company/agency’s primary endeavors:
________________________________________________________________________________________________________
Signature:
_______________________________________________________________ Date: ________________________________
The Keys you must have to your IT Kingdom:
