This Managed IT Services Agreement (“Service Schedule”) forms part of the Master Services Agreement (“MSA”) between Empreus IT Support (“Provider”) and the Client. This Service Schedule should be read in conjunction with the MSA and all referenced legal documents.

In the event of any conflict between this Service Schedule and the MSA, the terms of this Service Schedule shall prevail to the extent of the inconsistency.

The Provider shall supply the Client with the following Managed IT Services (the “Services”), as further detailed in the accepted Quote:

2.1 Managed Desktop Service

• Monitoring, patching, and updates for workstations and end-user devices
• Endpoint security management including antivirus, anti-malware, and intrusion detection
• Software deployment and lifecycle management for standard business applications
• Operating system updates and patch management
• Remote and on-site user support for desktop-related issues

2.2 Managed Server Service

• Proactive monitoring and maintenance of on-premises and/or cloud-hosted servers
• Server patch management, configuration, and performance optimisation
• Backup management and disaster recovery planning
• Active Directory and identity management
• Server hardware health monitoring and alerting

2.3 Helpdesk and User Support

• Single point of contact for all IT support requests via phone, email, or ticketing portal
• Tiered support (Level 1, Level 2, Level 3) with escalation procedures
• User account management including onboarding, offboarding, and password resets
• Troubleshooting of hardware, software, and connectivity issues
• End-user training and guidance on IT systems and security best practices

Note: Only those services explicitly detailed in the Quote and accepted by the Client are within the scope of this Service Schedule.

3.1 Priority Definitions

• Priority 1 (Critical): Complete loss of a mission-critical service or function causing severe impact on the Client’s business operations (e.g., major server outage, complete network failure, cybersecurity breach).
• Priority 2 (Major): Significant but non-critical degradation of service affecting multiple users or systems (e.g., intermittent connectivity, partial service outage, critical application malfunction).
• Priority 3 (Minor): Moderate problem affecting one or more users without severe business impact (e.g., software glitches, peripheral failures, user account issues).
• Priority 4 (Service Request): General service or information requests, user training, or scheduled maintenance that does not directly affect immediate productivity or security (e.g., new user setups, minor configuration changes).

3.2 Response and Resolution Targets

Priority	Description	Response	Resolution Goal	Escalation
P1	Critical Issue	1 hour	Continuous until resolved	Immediate to senior
P2	Major Issue	4 hours	8 business hours	After 4 hours unresolved
P3	Minor Issue	Next business day	2–3 business days	After 2 days unresolved
P4	Service Request	2 business days	5 business days	As needed

3.3 Business Hours and After-Hours Support

Standard Business Hours: 9:00 AM to 5:00 PM, Monday to Friday, excluding public holidays observed in the Australian Capital Territory.

After-Hours Support: The Provider offers emergency support outside standard business hours for Priority 1 and Priority 2 issues. After-hours and out-of-scope work is charged in accordance with the Rate Schedule below. A minimum charge of one (1) hour applies to all after-hours, Saturday, Sunday, and public holiday engagements.

3.4 Rate Schedule

The following rates apply to all work performed outside the scope of the Client’s monthly subscription, including after-hours support, emergency callouts, and on-site visits. All rates are inclusive of GST.

Service	Rate (inc. GST)	Notes
Out-of-scope work (business hours)	$190/hr	Standard rate for additional or ad-hoc work
After-hours (Mon–Fri)	$190/hr	1 hour minimum charge
Saturday	$190/hr	1 hour minimum charge
Sunday / Public Holiday	$250/hr	1 hour minimum charge
Emergency P1 callout (after-hours)	$190 flat fee	Covers first hour; thereafter at applicable hourly rate
Travel time (on-site visits)	Applicable hourly rate	Billed at the rate for the time of travel

The Provider reserves the right to review and adjust the rates set out in this Rate Schedule upon 30 days’ written notice to the Client, in accordance with the fee adjustment provisions of the Payment – Terms & Conditions.

3.5 Emergency P1 After-Hours Callout

For Priority 1 critical issues reported outside of standard business hours, the Provider will dispatch support subject to the following terms:

• A flat emergency callout fee of $190 (inc. GST) applies, which covers the first hour of work;
• Work beyond the first hour is charged at the applicable after-hours, Saturday, Sunday, or public holiday hourly rate;
• The one (1) hour minimum charge described in Section 3.3 is satisfied by the emergency callout fee;
• The Client will be notified of estimated costs as soon as reasonably practicable after the initial assessment of the issue.

3.6 On-Site Visits and Travel

Where on-site attendance is required, travel time to and from the Client’s premises is billed at the applicable hourly rate for the time of travel (business hours, after-hours, Saturday, or Sunday/public holiday rate as relevant).

Travel time is calculated from the Provider’s office at Fyshwick, ACT to the Client’s premises. For clients located within the ACT, travel time is typically minimal. For clients located outside the ACT, travel time and any associated expenses (e.g., tolls, parking, accommodation) will be quoted in advance where feasible.

3.7 Uptime and Availability

The Provider will strive to maintain 99.9% uptime for systems and services under its direct management, excluding scheduled maintenance periods and incidents outside the Provider’s reasonable control (e.g., natural disasters, widespread ISP outages, third-party vendor disruptions).

3.8 Maintenance Windows

Scheduled Maintenance: The Provider will notify the Client at least 5 business days in advance of any planned maintenance expected to cause service disruption. Maintenance will be performed during off-peak hours where feasible.

Emergency Maintenance: For urgent security patches or critical fixes, the Provider may conduct short-notice maintenance and will make every reasonable effort to inform the Client as soon as possible.

3.9 Performance Reporting

Upon request or as specified in the Quote, the Provider may furnish monthly or quarterly performance reports detailing incident tickets, response times, resolution metrics, and uptime statistics. Regular service review meetings can be scheduled to address improvements and concerns.

3.10 Service Credits

If the Provider consistently fails to meet agreed-upon response and resolution times, the Client may be entitled to service credits as mutually agreed in writing or as specified in the Quote. Service credits, if any, are applied to future invoices and do not constitute refunds or damages unless otherwise stipulated.

3.11 Exclusions from SLA

• Issues resulting from the Client’s negligence, misuse, or failure to comply with the Provider’s instructions
• Downtime caused by Client-requested changes outside of normal change management procedures
• Force majeure events or factors beyond the Provider’s reasonable control
• Systems or services not covered under the scope of the accepted Quote (e.g., unmanaged devices, personal hardware)

4.1 Access and Cooperation

The Client shall provide the Provider with all necessary access to systems, networks, hardware, and software environments to perform the Services effectively, including administrative credentials, VPN connections, and physical access where appropriate.

The Client shall cooperate with the Provider’s requests for information, documentation, or assistance promptly. Delays may affect service levels and timelines.

4.2 Designated Point of Contact

The Client shall appoint at least one representative authorised to make decisions on behalf of the Client and coordinate with the Provider. The Client will ensure the Provider has up-to-date contact information for escalation purposes.

4.3 Accurate and Timely Information

The Client is responsible for providing clear and accurate information regarding existing systems, software licenses, and ongoing projects. The Client shall promptly inform the Provider of any significant organisational, network, or infrastructure changes that could impact the Services.

4.4 Software Licensing and Compliance

The Client is responsible for ensuring that all software, applications, or tools utilised within their environment are properly licensed, unless otherwise stipulated in the Quote. The Client shall not use the Services for any unlawful, unethical, or unauthorised activities.

4.5 Data Classification and Protection

The Client is responsible for classifying and identifying sensitive, confidential, or regulated data, and communicating any special handling requirements to the Provider. The Client shall define and communicate retention policies for data backups and archives.

If the Client operates in regulated industries (e.g., healthcare, finance), the Client is responsible for informing the Provider of any specific compliance requirements.

4.6 Backup Cooperation

While the Provider may implement backup solutions as outlined in the Quote, the Client must collaborate in scheduling backups, verifying backup integrity, and performing test restores. The Client is responsible for instructing staff to save data in locations included in the backup scope.

4.7 Physical Environment and Security

The Client shall ensure that on-premises hardware and infrastructure are located in a secure, climate-controlled area with appropriate physical access controls. The Client shall exercise reasonable care to prevent damage to all equipment and promptly report any lost, stolen, or damaged items.

4.8 Change Management

The Client agrees to follow a structured change management process for significant modifications to their IT environment. Changes made without the Provider’s knowledge or approval may result in service disruptions, security vulnerabilities, or unanticipated costs, for which the Provider is not liable.

4.9 User Training and Security Practices

The Client is responsible for ensuring staff receive basic training on new systems or software. The Client shall encourage end-users to follow security best practices (e.g., strong passwords, phishing awareness). Repeated user-related security incidents may necessitate additional services or policy enforcement.

4.10 Timely Reporting of Incidents

The Client agrees to promptly report any technical issues, suspected security breaches, or unusual system behaviour through the Provider’s designated support channels.

4.11 Insurance

The Client shall maintain adequate insurance coverage (e.g., general liability, cyber liability) consistent with industry standards. The Provider is not responsible for arranging or managing the Client’s insurance.

4.12 Failure to Comply

Failure to meet these responsibilities may limit the Provider’s ability to perform Services effectively, potentially impacting service levels and uptime commitments. Persistent or severe violations may constitute a material breach of this Agreement.

5.1 Definitions

“Confidential Information” means any non-public, proprietary, or sensitive information disclosed by one party to the other, including trade secrets, client lists, business strategies, financial data, technical documentation, software code, network designs, user credentials, and any information clearly identified or reasonably understood as confidential.

“Data Protection Laws” means all applicable legislation relating to the protection of personal data and privacy, including the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and if applicable, the General Data Protection Regulation (GDPR) (EU) 2016/679.

5.2 Confidentiality Obligations

Each party shall use Confidential Information solely for the purpose of fulfilling obligations under this Agreement. Neither party shall disclose Confidential Information to any third party without prior written consent, except as necessary to perform under this Agreement or as required by law.

Each party agrees to protect the other’s Confidential Information using the same degree of care it uses to protect its own confidential information, and in no event less than a reasonable standard of care.

Access to Confidential Information shall be restricted to employees, contractors, or advisors with a legitimate need to know, who are bound by confidentiality obligations at least as stringent as those herein.

5.3 Exclusions

• Information that is or becomes generally available to the public through no breach by the Receiving Party
• Information lawfully in the Receiving Party’s possession prior to disclosure
• Information received from a third party not bound by confidentiality obligations
• Information independently developed without use of or reference to the Disclosing Party’s Confidential Information
• Information required to be disclosed by law, regulation, or court order (with prompt notice to the Disclosing Party where legally permissible)

5.4 Return or Destruction

Upon written request or termination of this Agreement, the Receiving Party shall promptly return or securely destroy all Confidential Information, including copies, summaries, or derivatives. Retention is permitted only to the extent required by applicable law or legitimate internal compliance policies.

5.5 Data Privacy and Protection

Both parties shall comply with all applicable Data Protection Laws. The Provider shall process personal data only to the extent necessary to perform the Services or as instructed by the Client, unless otherwise required by law.

The Provider shall implement commercially reasonable technical, administrative, and organisational measures to safeguard Client data against unauthorised processing, accidental loss, destruction, or damage, including encryption, firewalls, intrusion detection, and regular security assessments.

5.6 Data Breach Notification

In the event of a confirmed or reasonably suspected data breach affecting the Client’s personal data, the Provider shall promptly notify the Client and provide sufficient details about the nature and scope of the breach. The Provider shall investigate, take reasonable steps to mitigate, and cooperate with the Client in any subsequent actions required by law.

5.7 Data Retention and Backup

The Provider shall retain Client data only for the duration needed to perform the Services or as agreed in writing, except where a longer period is required by law. Backups will be maintained according to agreed procedures and securely destroyed at the end of the retention period.

5.8 International Data Transfers

If the provision of Services involves transfer of personal data outside the Client’s jurisdiction, the Provider shall ensure compliance with applicable international data transfer regulations and implement lawful transfer mechanisms where required.

5.9 Survival

The confidentiality and data protection obligations under this section shall survive termination of this Agreement for as long as the Receiving Party possesses or controls any Confidential Information or personal data belonging to the Disclosing Party.

6.1 Performance Warranty

The Provider warrants that the Services will be performed in a professional and workmanlike manner, consistent with generally recognised industry standards. If the Provider fails to meet this standard, the Provider will use commercially reasonable efforts to re-perform or correct the deficient Services at no additional cost, provided the Client notifies the Provider within a reasonable timeframe.

6.2 No Guarantee of Continuous Operation

The Provider does not warrant that the Services will be uninterrupted, error-free, or immune from security breaches at all times. Periodic maintenance, updates, or emergency repairs may cause temporary interruptions which do not constitute a breach of warranty.

6.3 Third-Party Products and Services

Any hardware, software, or services provided by a third party are subject to that third party’s warranties. The Provider does not assume liability for, nor make any representations regarding, third-party products or services. Additional work to resolve integration issues may be subject to extra fees if not covered in the Quote.

6.4 Security Disclaimers

The Provider implements generally accepted security measures but does not warrant complete security against all cyber threats. The Client must follow the Provider’s recommended security practices. The Provider disclaims liability for security incidents arising from the Client’s failure to adhere to these practices.

6.5 Disclaimer of Implied Warranties

Except as expressly set forth herein, the Provider makes no other warranties, representations, or conditions, whether express, implied, or statutory, including implied warranties of merchantability, fitness for a particular purpose, title, or non-infringement.

Nothing in this Agreement excludes or limits any consumer guarantee or statutory right that cannot be excluded under Australian Consumer Law.

6.6 Data Accuracy

The Provider’s performance may depend on the accuracy of data supplied by the Client. The Provider disclaims liability for issues stemming from inaccurate, outdated, or incomplete data provided by the Client.

6.7 Reliance on Client Instructions

The Provider may rely upon instructions provided by the Client or the Client’s personnel. The Provider disclaims liability for outcomes resulting from incomplete, erroneous, or contradictory Client directives. Additional fees may apply for significant rework caused by incorrect instructions.

7.1 Neither party shall be liable to the other for any indirect, incidental, exemplary, punitive, special, or consequential damages, including lost profits, lost savings, lost or corrupted data, business interruption, or loss of goodwill, regardless of the legal theory, even if advised of the possibility of such damages.

7.2 The Provider’s aggregate liability for all claims arising under this Service Schedule shall not exceed the total amount actually paid by the Client for the Services in the six (6) months immediately preceding the date on which the claim arose.

7.3 The Provider shall not be liable for any actions or omissions of any third-party vendor, supplier, or licensor. The Client acknowledges that use of third-party services may be subject to additional licence terms.

7.4 While the Provider implements backup and recovery measures, the Provider’s liability for any data loss is limited to commercially reasonable efforts to restore or recover such data.

7.5 The Provider’s liability is contingent upon the Client fulfilling its responsibilities under this Agreement.

7.6 Any claim must be brought within twelve (12) months from the date on which the Client first became aware, or reasonably should have become aware, of the basis for such claim.

7.7 The limitations in this section shall not apply to damages resulting from the Provider’s gross negligence or wilful misconduct, the Provider’s indemnification obligations, or any liability that cannot be excluded by law.

8.1 By the Provider: The Provider shall indemnify and hold the Client harmless from any third-party claims arising from the Provider’s gross negligence or wilful misconduct in performing the Services.

8.2 By the Client: The Client shall indemnify and hold the Provider harmless from any third-party claims arising from the Client’s misuse of the Services or violation of applicable laws or regulations.

9.1 Pre-Existing IP

Any intellectual property owned by either party prior to this Agreement remains that party’s exclusive property. Neither party acquires any rights in the other’s pre-existing IP except as explicitly granted for the scope and duration of this Agreement.

9.2 Work Product and Deliverables

All custom work product or deliverables expressly identified in the Quote or project scope shall be owned by the Client upon full payment, unless otherwise specified. The Client grants the Provider a non-exclusive, non-transferable licence to use deliverables for internal record-keeping and ongoing support.

Any tools, libraries, frameworks, or know-how proprietary to the Provider that are used in creating deliverables remain the Provider’s property, with a limited licence granted to the Client for use within the deliverables.

9.3 Third-Party Licences

If the Provider integrates third-party or open-source software, the Client’s rights to use such components are subject to the applicable licence terms. The Provider disclaims liability for licence violations due to unauthorised Client actions.

9.4 Infringement Claims

The Provider shall defend and indemnify the Client from third-party claims alleging that the Provider’s deliverables (excluding third-party components or Client-contributed material) infringe intellectual property rights, provided the Client promptly notifies the Provider and cooperates in the defence.

Neither party shall be liable for delays or failures due to events beyond their reasonable control, including natural disasters, war, strikes, pandemics, or governmental actions. The affected party shall notify the other promptly and use reasonable efforts to resume performance as soon as feasible.

If a Force Majeure event prevents performance for more than 30 days, either party may terminate this Service Schedule upon written notice.

All fees for Services provided under this Service Schedule are as specified in the accepted Quote.

All payment obligations are governed by the Payment – Terms & Conditions published at empreusitsupport.com.au/payment-terms-and-conditions, which are incorporated by reference. This includes invoicing, due dates, payment methods, direct debit, late payment interest and penalties, disputed invoices, debt recovery, and fee adjustments.

Termination of this Service Schedule is governed by the Termination – Terms & Conditions published at empreusitsupport.com.au/termination-terms-conditions, which are incorporated by reference.

This includes termination by the Provider (for non-payment, material breach, misuse, or insolvency), termination by the Client (for convenience with 30 days’ notice, or for uncured material breach by the Provider), early termination costs, automatic renewal, post-termination services, and the Provider’s retention of rights.

13.1 Relationship to MSA

This Service Schedule supplements and forms part of the Master Services Agreement. All terms of the MSA (including the Director’s Guarantee, Governing Law and Dispute Resolution, and Privacy Policy reference) apply to this Service Schedule as if set out in full herein.

13.2 Cross-References

This Service Schedule is subject to the following Empreus IT Support legal documents, all of which are incorporated by reference:

(a)   Master Services Agreement (EMPREUS-MSA-001)

(a)   Payment – Terms & Conditions (empreusitsupport.com.au/payment-terms-and-conditions)

(a)   Termination – Terms & Conditions (empreusitsupport.com.au/termination-terms-conditions)

(a)   Quote – Terms & Conditions (empreusitsupport.com.au/quote-terms-conditions)

(a)   Privacy Policy (empreusitsupport.com.au/privacy-policy)

13.3 Amendments

No modification to this Service Schedule shall be valid unless made in writing and signed by both parties.

13.4 Severability

If any provision of this Service Schedule is found to be unenforceable, the remaining provisions shall remain in full force and effect.

13.5 Entire Agreement

This Service Schedule, together with the MSA and all incorporated documents, constitutes the entire agreement between the parties regarding the Managed IT Services described herein and supersedes all prior agreements, representations, and understandings on this subject matter.