Arden 360

07 — FAQs

The questions we hear most.

01

Working with Arden 360

What does Arden 360 actually do?
Arden 360 is a managed IT and infrastructure partner for businesses across NJ, PA, DE, MD, VA, and NY. We handle managed IT and 24/7 monitoring, cybersecurity, VoIP and unified communications, network cabling, camera and access control, and conference-room AV — usually for organizations that have outgrown ad-hoc IT but don't need (or want) a full in-house team.
What makes Arden 360 different from other MSPs?
Three things. We staff senior engineers on every engagement instead of routing everything through a tier-1 queue. We publish our SLAs and can show performance data against them. And we work in a fixed-fee model with the project scope (and what's carved out) defined upfront — no surprise invoices for the work you assumed was included.
Do we need to replace our existing IT team to work with you?
No. About a third of our engagements are co-managed — your internal team owns the day-to-day relationships and we provide the depth (security, compliance, after-hours coverage) that's expensive to build in-house. The split is defined explicitly in writing so there's no ambiguity about who owns what.
What does onboarding look like and how long does it take?
Most onboardings run 2–4 weeks: a structured discovery and documentation pass, security and risk assessment, RMM and EDR rollout, and a controlled cutover. For urgent situations we've compressed full enterprise rollouts into 7 days when the business case required it — but rushed transitions cost more and carry more risk than we'd recommend by default.
Are your engineers based in the US?
Yes. All Arden 360 support is delivered by US-based staff working from our Mount Laurel, NJ headquarters and field locations across the Mid-Atlantic. Nothing is outsourced overseas.
How do you handle pricing?
Standard managed services are priced per-user or per-endpoint with everything stated upfront — onboarding, monitoring, EDR, patch management, helpdesk, and quarterly business reviews are included. Project work (cabling buildouts, AV installs, migrations) is quoted separately as fixed-fee scopes. We'll show you a sample invoice from a comparable client before you sign anything.
02

Monitoring & Support

What does 24/7 monitoring actually catch?
Our RMM platform watches every server, workstation, and network device for failing hardware, disk capacity, service outages, abnormal CPU and memory patterns, missed patches, and security events. Most issues are caught and resolved (often remotely, often after hours) before users notice — that's the difference between proactive managed services and a break-fix shop.
How do users contact support?
Phone, email, ticket portal, or chat — whichever channel works for the user. Every interaction creates a tracked ticket so nothing falls through the cracks, and users can check status from the client portal at any time.
What's your response time SLA?
Critical issues (systems down, security incidents) get an acknowledged response within one business hour and a US-based engineer working the issue immediately. Standard issues are acknowledged within four hours during business hours. We publish performance data against these commitments to clients quarterly.
Do you do remote support, on-site, or both?
Both. Most tickets resolve remotely within minutes — faster than waiting for a truck roll. For issues that need hands-on (hardware swaps, new installs, cabling, AV) our field team covers NJ, PA, DE, and the rest of the Mid-Atlantic with same-day on-site response for most counties.
03

Cybersecurity

What's included in cybersecurity coverage?
A layered baseline: endpoint detection and response (EDR) on every managed device, multi-factor authentication enforced on email and remote access, email security with link sandboxing and attachment detonation, DNS filtering, patch management, security awareness training with phishing simulations, and 24/7 monitoring with documented incident response runbooks. Heavier coverage (SIEM, MDR, penetration testing) is available where the risk profile warrants it.
What happens if we get hit with ransomware?
Our incident response runbook isolates the affected endpoint at the EDR layer within seconds of detection, stopping lateral spread. We then assess the blast radius, restore from immutable backups (which ransomware cannot encrypt), close the entry vector, and produce a written post-incident report. Because we're a Business Associate where applicable, we can sign BAAs and support breach notification timelines.
Do you help with cyber insurance questionnaires?
Yes — this is one of the most common reasons clients first engage us. We help you complete underwriter questionnaires accurately, implement and document any gap controls insurers require, and produce evidence (policies, screenshots, attestations) that satisfies their requirements. Clients commonly see lower premiums and broader coverage after we close the gaps.
Can you help us meet HIPAA, SOC 2, or PCI requirements?
Yes. We implement and document the technical safeguards each framework requires — encryption at rest and in transit, access controls, audit logging, MFA, training, risk assessments — and produce reports suitable for auditors and the HHS Office for Civil Rights. We sign BAAs for healthcare clients and work directly with your auditors on evidence requests.
Why is MFA non-negotiable in our deployments?
A stolen password is worth almost nothing if MFA is enforced — the attacker still can't get in. Credential-based attacks are involved in a majority of breaches, and MFA is the single highest-ROI control available. We enforce it on email, remote access, and cloud apps as part of the baseline for every managed client; opt-outs require a documented exception and aren't something we typically grant.
Do you provide security awareness training?
Yes — recurring training modules plus phishing simulations that measure real click-through and reporting rates over time. The data tells us which teams need targeted follow-up and gives you the evidence cyber insurers want to see.
04

Backup & Recovery

What do you back up, and where is it stored?
Servers, workstations, Microsoft 365 and Google Workspace tenants, line-of-business applications, and databases. Backups are encrypted, written to immutable storage that ransomware cannot alter or delete, and follow the 3-2-1 principle: three copies, two media types, one offsite with geographic redundancy.
How fast can you restore after a disaster?
Individual files come back in minutes. Full server restores typically run a few hours depending on data volume. The number you actually care about — your Recovery Time Objective (RTO) — gets defined upfront based on what your business can tolerate, and we architect the backup strategy to hit it.
Do you test restores or just run backups?
We test. Automated daily restore verification proves the backup is actually recoverable, not just present. We also run scheduled full restore tests with clients to validate the end-to-end recovery procedure — most organizations that discover their backups are broken do so during an outage, when it's too late.
Are Microsoft 365 and Google Workspace backed up by default?
No — Microsoft and Google explicitly don't take responsibility for user-deleted or ransomware-encrypted data in their tenants. Third-party backup is the only reliable protection. We include cloud-tenant backup in our standard managed services packages.
05

Email & Cloud

Do you manage Microsoft 365 and Google Workspace?
Yes — licensing, mail flow, identity, conditional access, SharePoint and OneDrive permissions, Teams configuration, and tenant-wide security policies. Where you have a choice, we'll help you pick based on what your business actually does, not what's trendy.
Can you migrate email from our current provider?
Yes — including coexistence configurations during the cutover so no mail is lost or delayed. We handle DNS records, MX cutover timing, SPF/DKIM/DMARC, and end-user communication so the transition is invisible to most of your team.
How do you stop spam and phishing?
Layered email security: tenant-level reputation filtering, link sandboxing and rewriting, attachment detonation, and behavioral AI catching novel phishing patterns. We tune the policies for your environment instead of leaving you with the vendor defaults that let most threats through.
Can you migrate workloads to Azure or AWS?
Yes. We assess what should move (commodity workloads, scale-variable apps), what should stay (latency-sensitive, data-sovereign), and plan the migration in phases with documented rollback. We also set up cloud cost governance from day one — runaway cloud spend is the most common post-migration surprise.
06

VoIP & Communications

Can we keep our existing phone numbers?
Yes — we port your numbers from any carrier and handle the entire cutover so your inbound calls keep working through the transition. Porting timelines vary by carrier but most complete within 2–4 weeks of submitting the order.
What does VoIP actually save us?
Most businesses switching from traditional PBX to hosted VoIP cut their monthly telecom spend 40–60%. The bigger win is usually the features that come with it — auto-attendants, call routing logic, voicemail-to-email, real-time analytics — that would have been cost-prohibitive on legacy systems.
What happens if our internet goes down?
Failover rules we set up in advance reroute calls to mobile numbers, secondary trunks, or hosted call queues automatically — no manual intervention during the outage. For locations with high call volume we recommend a redundant ISP, which makes the whole system tolerant to a primary circuit failure.
Does VoIP work for remote and hybrid teams?
That's where VoIP wins decisively. Employees take calls from softphone apps on their laptop and phone with the same extension, the same caller ID, and the same call flow whether they're in the office or working from home. The system doesn't care where they are.
Do you handle the network readiness assessment first?
Yes. Call quality on VoIP is a function of bandwidth, jitter, and packet loss — not the phone hardware. Before any migration we test your network, configure QoS to prioritize voice, and verify your circuit can handle peak concurrent calls. This is where most failed VoIP deployments go wrong.
07

Network, Cabling & AV

Do you run structured cabling for new offices and retrofits?
Yes — CAT6/CAT6A, fiber, demarc extensions, and rack buildouts across NJ, PA, and DE. Every run is labeled, tested to TIA-568 standards, and documented so the next technician (us or anyone else) can troubleshoot from the paperwork instead of pulling ceiling tiles.
Can you design and deploy SD-WAN for multi-location businesses?
Yes — this is one of our specialties. SD-WAN replaces expensive MPLS circuits and ad-hoc VPN configurations with intelligent traffic routing that prioritizes voice and video over the fastest available path. The result is usually better performance at lower cost compared to traditional WAN architectures.
Do you install security cameras and access control?
Yes — cloud-managed and on-prem video surveillance with analytics (motion detection, vehicle tracking, time-based search), plus access control via keycard, PIN, mobile credential, or biometric. We design the system around your facility, not a template.
Do you handle conference-room AV and Teams/Zoom Rooms?
Yes — certified Teams Rooms and Zoom Rooms installations, custom AV programming, presentation systems, digital signage, and the cabling that connects all of it. We treat the conference room as an extension of your IT environment, not a separate problem.
Can you secure our Wi-Fi network properly?
Yes — WPA3, VLAN segmentation, captive portals for guests, RADIUS authentication, and ongoing monitoring for rogue access points. Most Wi-Fi networks we audit are configured insecurely by default; fixing that is usually a one-day engagement.
08

End-User Support

Do you handle user onboarding and offboarding?
Yes — provisioning accounts, email, devices, and permissions for new hires, and the inverse for departures (revoking access, disabling accounts, wiping or reclaiming devices, transferring mailbox data). Both are documented workflows with audit trails for compliance.
Do you help users with software and licensing?
Yes — recommendations, procurement, installation, configuration, and ongoing license compliance. Including the awkward conversations about retiring software no longer needed (which is usually most of what's sitting in a SaaS bill).
What if our primary IT contact is unavailable?
Our entire team has access to your documented environment, so the next engineer who picks up your ticket already knows your configuration, vendors, and history. Documentation is non-negotiable for us — it's what lets us deliver consistent service regardless of who handles a given issue.
Can you train our staff on new systems?
Yes — for VoIP, Microsoft 365, cybersecurity awareness, and any new platform we deploy. Training is included in onboarding scope and available for refreshes whenever your team grows.
09

Patching & Updates

How often do you deploy patches?
Continuously. Critical security patches deploy immediately after vendor release and brief validation; routine updates follow a tested release schedule. We patch operating systems, browsers, and third-party software (Office, PDF readers, Java, etc.) — not just Windows, which is where most exploit chains actually live.
Can patches break things?
Occasionally. That's why we run new patches through a pilot group before broad deployment, and maintain rollback procedures for the ones that do cause problems. The risk of an unpatched system being exploited is consistently larger than the risk of a patch causing a few hours of disruption.
Do patch installs cause downtime?
Most don't. The ones that require a reboot are scheduled outside business hours by default. For servers we use rolling reboot strategies during maintenance windows to keep services available.
Can we delay patches for legacy software?
Temporarily, with a documented exception and a target date. Permanent patch deferrals are not a path we recommend — they're where most preventable breaches originate. We'll work with you on migration paths for software that can't accept current patches.