Legal IT Services and Support: A Practical Guide to Managed IT for Legal Teams
Your law firm runs on trust, billable hours, and client secrets. But one phishing email,...
Effective Date: June 5, 2025
Last Updated: June 2, 2026
Version 2.0
This Service Level Agreement (the “SLA”) describes the service commitments that Premier Hosting, Inc., d/b/a SafePoint IT, an Illinois corporation (“SafePoint IT,” “SafePoint,” “we,” “us,” or “our”) makes to its clients (each, a “Client”) in connection with the managed IT and related services provided under a signed Master Services Agreement (“MSA”) and one or more accepted service quotes (each, a “Quote”) prepared by SafePoint IT and accepted by Client. This SLA is incorporated into and made part of the MSA. In the event of a conflict between this SLA and the MSA or a Client’s Quote, the MSA and Quote control.
1. Definitions
- Business Hours. Monday through Friday, 8:30 AM to 5:00 PM Central Time, excluding U.S. federal holidays observed by SafePoint IT.
- After-Hours. All hours outside of Business Hours, including weekends and observed U.S. federal holidays.
- Observed Holidays. New Year’s Day, Memorial Day, Independence Day (July 4), Labor Day, Thanksgiving Day and the day after, and Christmas Day. When a holiday falls on a weekend, SafePoint IT observes the holiday on the nearest business day.
- Incident. An unplanned interruption to, or reduction in the quality of, a Covered Service.
- Service Request. A standard, non-disruptive request such as a user add/change, password reset, software install, or how-to question.
- Response Time. The elapsed time from when a ticket is received through an Approved Channel until a SafePoint IT technician acknowledges the ticket and begins active work or substantive triage.
- Resolution Target. The elapsed time from initial acknowledgment until SafePoint IT delivers either a permanent fix or an acceptable temporary workaround that restores Client functionality. Resolution Targets are objectives that SafePoint IT uses commercially reasonable efforts to meet; they are not guarantees.
- Approved Channel. One of the intake methods listed in Section 4. Tickets reported outside Approved Channels are not subject to the Response Time or Resolution Target commitments below.
- Covered Services. The services described in Section 2 below, as further defined in the Client’s MSA and Quote(s).
- Scheduled Maintenance. Pre-planned maintenance activities communicated to Client in advance per Section 10.
- Emergency Maintenance. Maintenance activities required to address active or imminent security, stability, or data-protection threats, performed on short notice.
2. Covered Services
Unless otherwise specified in an Quote, the following SafePoint IT services are covered by this SLA:
- Managed IT support and help desk;
- Remote monitoring and management of endpoints and servers;
- Microsoft 365 and Google Workspace administration;
- Network monitoring (routers, switches, firewalls, wireless) under SafePoint IT management;
- Managed backup services;
- Managed cybersecurity services (endpoint protection, patching, security monitoring);
- SafePoint IT cloud-hosted services, including virtual desktop and server services where included in the Client’s Quote; and
- Vendor coordination on Client’s behalf for third-party services purchased through or referenced in the Quote.
3. Out of Scope
The following are not covered by this SLA unless expressly included in a signed Quote:
- Project work, new deployments, migrations, and upgrades (handled under separate project Quotes);
- Hardware procurement, RMAs, and warranty work performed by hardware manufacturers;
- Issues caused by third-party software, services, or carriers outside SafePoint IT’s direct control (e.g., Microsoft cloud outages, ISP outages, application bugs in non-managed software). SafePoint IT will act as facilitator with the relevant vendor but cannot commit to vendor resolution times;
- End-user training beyond reasonable how-to guidance;
- Custom software development, modification of software code, and ongoing software (program) maintenance;
- Consumables, including printer toner, ink, paper, batteries, and printer maintenance kits;
- On-site work outside the standard service area defined in the Quote;
- Issues arising from Client-side actions or inactions, including but not limited to denied access, unapproved changes, or refusal to apply recommended remediations; and
- Recovery from incidents caused by Client’s failure to maintain a current backup, security agent, or supported software version.
4. Approved Channels
To ensure Response Time and Resolution Target commitments apply, tickets must be submitted through one of the following:
- Client Portal: https://www.safepointit.com/client-portal/
- Support Request Form: https://forms.safepointit.com/support-request
- Email: support@safepointit.com
- Support Line: (847) 499-1515
Requests made through personal email, social media, text message to staff personal phones, hallway conversation, or other unofficial channels may be worked at SafePoint IT’s discretion but are not subject to the timing commitments in this SLA. For emergencies after hours, please call the Support Line.
5. Onboarding / Transition Period
For the first sixty (60) days following the start of a managed-services engagement, SafePoint IT will use commercially reasonable efforts to meet the timing commitments in this SLA but will not be bound by them. During this transition period, SafePoint IT is documenting the environment, deploying monitoring and security tooling, and stabilizing known issues. Standard SLA commitments take effect at the conclusion of the transition period or earlier if mutually agreed in writing.
6. Priority and Severity Framework
6.1 Priority Definitions — Standard Business Environments
Priority is determined by combining the Impact of the issue with its Urgency:
- Impact measures how broadly the issue affects the business:
- High — Whole company affected.
- Medium — A department or large group of users affected.
- Low — One user or a small group of users affected.
- Urgency measures how time-sensitive the impact is:
- High — Critical business processes are stopped.
- Medium — Business is degraded but a reasonable workaround exists.
- Low — More of an irritation than a work stoppage.
| Urgency: High | Urgency: Medium | Urgency: Low | |
|---|---|---|---|
| Impact: High | Priority 1 | Priority 2 | Priority 3 |
| Impact: Medium | Priority 2 | Priority 3 | Priority 4 |
| Impact: Low | Priority 3 | Priority 4 | Priority 4 |
6.2 Priority Definitions — Clinical & Patient Workflow Environments
In healthcare environments (medical, dental, and veterinary), any interruption to systems supporting active patient care, clinical documentation, imaging, prescribing, or in-progress patient encounters is treated as High Impact by default, regardless of how many users are affected.
Systems considered clinical / patient-workflow by default include:
- Medical practices — Electronic Health Record (EHR/EMR) systems (e.g., Epic, eClinicalWorks, Athenahealth, Practice Fusion, Kareo, NextGen), e-prescribing, PACS / medical imaging, laboratory interfaces, and scheduling systems during active clinic hours.
- Dental practices — Dental practice management software (e.g., Dentrix, Eaglesoft, Open Dental, Curve Dental), digital imaging and CBCT systems, and chairside operatory workstations.
- Veterinary practices — Practice Information Management Systems / PIMS (e.g., Cornerstone, AVImark, ezyVet, IDEXX Neo, Hippo Manager), in-house lab analyzers (e.g., IDEXX, Heska), and digital radiography systems.
When any of these is interrupted, the matrix below treats the issue as Impact: High and assigns Priority 1 regardless of the number of users affected. Non-clinical systems at the same practice (billing, administrative scheduling outside encounters, general office productivity) use the Standard Business matrix in Section 6.1.
| Urgency: High | Urgency: Medium | Urgency: Low | |
|---|---|---|---|
| Impact: High (clinical system down — patient care affected) | Priority 1 | Priority 1 | Priority 1 |
| Impact: Medium (non-clinical degradation with workaround) | Priority 2 | Priority 3 | Priority 4 |
| Impact: Low (non-clinical irritation, single user) | Priority 3 | Priority 4 | Priority 4 |
7. Response and Resolution Targets
For tickets submitted through an Approved Channel, SafePoint IT’s targets are as follows. Response Times are committed; Resolution Targets are objectives SafePoint IT uses commercially reasonable efforts to meet.
| Priority | Response Time (Business Hours) | Response Time (After-Hours) | Resolution Target |
|---|---|---|---|
| P1 — Critical | 30 minutes | 1 hour | 4 hours |
| P2 — High | 1 hour | 2 hours | 8 hours |
| P3 — Medium | 2 hours | Next Business Day | 1–2 business days |
| P4 — Low | Next Business Day | Next Business Day | 3–5 business days |
Notes on resolution.
- Resolution may consist of a permanent fix or an acceptable temporary workaround. Workarounds are commonly used to restore P1 and P2 functionality while a permanent fix is developed.
- The resolution clock starts at SafePoint IT’s initial acknowledgment and ends when the solution is delivered and the Client (or designated point of contact) verifies that the issue is resolved.
- SafePoint IT may pause Resolution Targets where progress is blocked by Client action or inaction, by third-party vendor response time, or by a documented force majeure event (see Section 13).
8. Issue Types and How They’re Handled
| Issue Type | Description | Subject to Resolution Target? | Notes |
|---|---|---|---|
| Service Outage (P1) | Critical system failure, network or server down | Yes | Full restoration target typically within 4 hours where the issue is within SafePoint IT’s control. |
| User Productivity Issue (P2/P3) | Email, printing, or application issues affecting an individual or small group | Yes | Resolution timeframes vary based on priority. |
| How-To or Training Request | Guidance on using software or tools | No | Handled on a best-effort basis; extended training may be billable or referred to a separate engagement. |
| Third-Party Software Issue | Problems with tools not under SafePoint IT management (e.g., QuickBooks, Zoom) | No | Resolution depends on vendor support; SafePoint IT acts as a facilitator and coordinates with the vendor on Client’s behalf. |
| Projects and Installations | New deployments, upgrades, or migrations | No | Handled under separate project Quotes, not subject to standard SLA timing. |
| Low-Priority Change Requests | Non-urgent changes such as user creation or printer installs | Yes | Typically handled within 1–3 business days. |
| Security Incidents | Malware, phishing, suspected unauthorized access | Yes — see Section 9 | May require investigation and could be escalated to external cybersecurity firms. |
| Recurring (Chronic) Issues | Repeated issues needing root-cause analysis | No | May lead to a separate project or formal root-cause analysis (RCA) engagement. |
9. Security Incident Response
Security incidents (suspected or confirmed malware, ransomware, phishing-based credential compromise, unauthorized access, data loss, or similar events) are handled under the following targets, in addition to the general priority framework:
- Acknowledgment. Within 30 minutes during Business Hours and within 1 hour After-Hours, for incidents reported through Approved Channels.
- Initial Containment. SafePoint IT will begin containment actions (account lockout, endpoint isolation, network segmentation as appropriate) immediately upon acknowledgment of a credible high-severity incident.
- Client Notification. SafePoint IT will notify Client’s designated security or executive point of contact promptly upon identification of a credible incident affecting Client systems or data.
- Escalation. Where the incident exceeds SafePoint IT’s standard incident-response scope (e.g., forensics, legal hold, breach notification), SafePoint IT will recommend and help engage a qualified third-party incident-response firm under a separate engagement.
Security incident response is delivered on a best-efforts basis. The nature of security incidents (vendor zero-days, novel attack techniques, evidence preservation requirements) means resolution timelines cannot be guaranteed.
10. Maintenance Windows and Status Page
- Scheduled Maintenance. Routine maintenance is performed during scheduled maintenance windows, typically Sundays between 12:00 AM and 4:00 AM Central Time, or another window agreed with Client. SafePoint IT will provide at least 5 business days’ notice of scheduled maintenance affecting Client systems, except for routine patching covered by Section 11.
- Emergency Maintenance. Where security or stability requires immediate action (e.g., active zero-day exploitation, imminent system failure), SafePoint IT may perform Emergency Maintenance on short notice or without prior notice and will inform Client as soon as reasonably possible.
- Status Page. SafePoint IT uses status.safepointit.com to communicate incidents and scheduled maintenance affecting SafePoint IT-managed services. Client is encouraged to subscribe to updates at that page so designated personnel are notified when an incident or maintenance event is posted.
11. Patch and Update Management
- Critical and security patches for supported operating systems and managed third-party software are evaluated and deployed on an expedited schedule, typically within 72 hours of vendor release for confirmed critical vulnerabilities, subject to vendor advisory and testing.
- Standard patches are deployed on a monthly cadence during scheduled maintenance windows.
- Firmware and infrastructure updates (network equipment, hypervisors, backup appliances) are reviewed quarterly and applied as appropriate during maintenance windows.
- Client may request a deferral or alternative schedule for a specific patch; SafePoint IT will document the deferral and any associated risk.
12. Backup and Recovery
Where SafePoint IT provides managed backup services under the Client’s Quote, the Quote will define the applicable Recovery Point Objective (RPO) and Recovery Time Objective (RTO) targets for Client systems. Standard targets, unless otherwise specified, are an RPO of 24 hours and an RTO of one (1) business day for protected systems, recognizing that full restoration depends on data volume, available infrastructure, and the nature of the incident.
13. Exclusions and Force Majeure
The Response Time and Resolution Target commitments in this SLA do not apply, and SafePoint IT will not be considered to have missed an SLA commitment, where a delay or failure to meet a target results from:
- A third-party vendor, carrier, or service provider outside SafePoint IT’s direct control (e.g., Microsoft, Google, ISP, hardware manufacturer);
- Client-side inaction, including failure to provide access, approvals, or required information in a timely manner;
- Issues with software, hardware, or services not covered by the Client’s MSA or Quote;
- Scheduled Maintenance or Emergency Maintenance performed in accordance with Section 10;
- Tickets submitted outside of Approved Channels; or
- Force majeure events — circumstances beyond SafePoint IT’s reasonable control, including natural disasters, fire, flood, severe weather, pandemic, war, terrorism, civil unrest, government action, regional power or internet outage, or large-scale cyberattack on the public internet.
14. Escalation Process
If a ticket is not progressing as expected, SafePoint IT operates an internal escalation process to ensure additional resources and senior engineers are engaged. Clients may also request escalation at any time by:
- Replying to the ticket and specifically requesting escalation; or
- Calling the Support Line at (847) 499-1515 and asking to speak with the Service Manager.
For executive-level escalation, contact legal@safepointit.com.
15. On-Site Response
On-site response is delivered on a commercially reasonable best-efforts basis. Where on-site work is required to resolve an incident, SafePoint IT will dispatch a technician as soon as practicable during Business Hours, prioritized by the assigned ticket priority. Travel outside the standard service area defined in the Quote, and any on-site work outside Business Hours, may be subject to additional charges as set forth in the Quote.
16. Client Responsibilities
To allow SafePoint IT to meet the commitments in this SLA, Client agrees to:
- Submit tickets through Approved Channels and provide accurate issue descriptions, screenshots, and any context that helps with diagnosis;
- Designate at least one primary point of contact and at least one backup point of contact for SafePoint IT to communicate with;
- Maintain up-to-date contact information, including after-hours contact details for escalation;
- Provide SafePoint IT with the access, credentials, and physical site access required to perform Covered Services;
- Respond promptly to SafePoint IT requests for information, approvals, or testing;
- Maintain SafePoint IT’s recommended security agents, monitoring tools, and backup configurations on Client systems;
- Notify SafePoint IT of changes to Client’s environment (new offices, new vendors, new applications) that may affect Covered Services; and
- Keep account payments current.
17. Reporting and Reviews
SafePoint IT provides the following recurring reporting and review cadence:
- Monthly ticket summary — volume, priority distribution, and SLA performance for the prior month.
- Recurring Business Reviews — reviews of service performance, security and patching posture, recommended improvements, and upcoming projects with Client’s designated point of contact. The cadence of these reviews (e.g., monthly, quarterly, or semi-annually) is determined for each Client during onboarding and is calibrated to the complexity of Client’s environment and operational needs. SafePoint IT may propose adjustments to the cadence over the life of the engagement as the environment evolves.
- Ad hoc reporting available on reasonable request.
18. Termination and Data Handling
Upon termination or expiration of the MSA, SafePoint IT will, in accordance with the MSA, return or securely destroy Client data in SafePoint IT’s possession and provide reasonable transition assistance as described in the MSA or applicable Quote. Specific transition timing, data formats, and any associated fees are governed by the MSA.
19. Changes to This SLA
SafePoint IT may update this SLA from time to time. When changes occur, SafePoint IT will revise the “Last Updated” date above and, for material changes, will notify Clients in writing through their designated point of contact. Continued use of the Covered Services after the effective date of an update constitutes Client’s acceptance of the updated SLA.
20. Contact
For questions about this SLA, contact:
Premier Hosting, Inc., d/b/a SafePoint IT
220 N. Smith Street, Suite 430
Palatine, IL 60067
Email: legal@safepointit.com
Sales: (847) 499-1500
Support: (847) 499-1515
