Minimum Standards
for Managed Services

Managed services work best when the environment is supportable. Devices running end-of-life software, hardware without a warranty repair path, or configurations that undermine basic security controls create risk that cannot be managed — only inherited. These standards set the baseline for what CSI Tech will take responsibility for.

Hardware

Endpoints

• Intel Core i5 (10th generation or newer), AMD Ryzen 5 (4000 series or newer), or Apple Silicon equivalent
• 16 GB RAM minimum
• 256 GB SSD minimum (spinning hard drives excluded for primary OS drive)
• Manufactured within the last five years

Servers

• Must be under active manufacturer warranty or a current extended support agreement
• Hardware with no available warranty repair path is excluded from managed scope

Network infrastructure

• Business-grade router or firewall (consumer-grade equipment excluded)
• Minimum 500 Mbps internet connection for the primary office link
• Network switches must support managed configuration where remote diagnostics are required

Software

Operating systems

• Windows: Windows 11 Pro or Windows Server 2019 and above. End-of-life versions (Windows 10 after October 2025, Windows 7, Windows Server 2016 and earlier) are excluded.
• macOS: Current major version or one major version behind. Versions outside this window are excluded.
• Linux servers: Current LTS release with active vendor security support.

Productivity and licensing

• Microsoft 365 Business Premium or above. Consumer, personal, and Home licences are excluded.
• All software must be genuine, properly licenced, and within the vendor's current support lifecycle.
• Unlicensed, cracked, or end-of-support software cannot be included in managed scope.

Security baseline

These controls represent the minimum security posture CSI Tech will manage. They are not optional additions — they are prerequisites for service delivery.

• Multi-factor authentication (MFA) enabled on all Microsoft 365 accounts, without exception
• No shared administrator credentials — all privileged accounts must be individually attributable
• All devices in scope must be enrolled in, or enrollable into, the CSI Tech RMM agent at onboarding
• Microsoft Intune enrolment (or enrolment readiness) required for endpoint management under Secure and Executive tiers

What is excluded from managed scope

The following will not be taken into managed scope under any service tier, regardless of other factors.

Exceptions and transition periods

Where a client environment does not fully meet these standards at onboarding, CSI Tech will assess the gap and agree a documented remediation timeline as part of the onboarding SOW. Non-compliant items remain outside managed scope until remediated and confirmed.

CSI Tech does not provide support, triage, or incident response for excluded items. If an incident originates from or involves an excluded item, that remediation will be treated as out-of-scope work and quoted separately.

These standards are reviewed annually and updated when vendor support lifecycles, security baselines, or service delivery requirements change. Last reviewed: April 2026.