How We Work

Predictable IT. Documented outcomes. Full accountability.

We follow the same structured process for every client — from first conversation through ongoing operations. No shortcuts, no improvisation, no gaps. Here is exactly what that process looks like.

Three phases. One standard.

01

Discovery & Assessment

Before we touch anything, we understand everything. The first phase is a thorough, documented assessment of your current technology environment — what you have, how it is configured, where the gaps are, and what risk looks like in your specific environment.

  • Complete inventory of every workstation, server, network device, printer, and peripheral in your environment — including serial numbers, warranty status, and software versions.
  • Network topology mapping — switches, firewalls, Wi-Fi access points, VLANs, ISP connections, and any remote access configurations currently in place.
  • Security posture review — MFA status on every account, encryption status on every device, backup verification, firewall rule audit, and email security configuration check.
  • Software audit — every application installed across the environment, including business management software, licensing status, and integration points.
  • Risk summary delivered in plain language — not a 40-page technical document, but a clear picture of where you are exposed, what the consequences look like, and what we recommend addressing first.
02

Stabilize & Secure

Once we understand the environment, we bring it to our baseline standard. Every Nexanova-managed environment meets the same security and operational requirements before we consider it stable. This phase closes the gaps identified during discovery and installs the monitoring, security, and management infrastructure that makes proactive IT possible.

  • Deployment of our security baseline — endpoint detection and response, MFA enforcement, full-disk encryption, DNS filtering, email security hardening, and patch management on every device.
  • Installation of remote monitoring and management agents on every workstation and server, providing real-time visibility into device health, performance, and security status.
  • Backup configuration and verification — local and cloud backups established, initial full backup completed, and a test restore performed to confirm recoverability.
  • Documentation buildout — every asset, credential, configuration, vendor contact, and network diagram recorded in our documentation platform, accessible to our team for fast support and incident response.
  • Remediation of critical and high-priority issues identified during discovery — unpatched systems, expired certificates, misconfigured firewalls, shared credentials, and any active security exposures.
03

Operate & Improve

With the environment stabilized and secured, we shift to ongoing operations. This is where managed IT delivers its real value — continuous monitoring, proactive maintenance, responsive support, and steady improvement month over month. You receive a mandatory monthly report. We earn your continued business through documented outcomes.

  • 24/7 monitoring with automated alerting — if a backup fails, a disk fills, a security event fires, or a device goes offline, we know before your team does and we respond accordingly.
  • Proactive patch management — operating system and third-party application patches applied on a regular cycle, with critical security patches deployed within 72 hours of release.
  • Help desk support — your team contacts us directly by phone, email, or portal for any technology issue, from password resets to complex software problems. Every request is tracked, documented, and resolved.
  • Quarterly business reviews — a face-to-face or video meeting with your leadership team to review the quarter's data, discuss upcoming changes, and align technology priorities with business goals.
  • Continuous improvement — every month, we identify and implement at least one measurable optimization to your environment, whether that is a performance improvement, a security hardening step, or a workflow efficiency.

The first 90 days

Days 1-30: Foundation
  • Signed agreement and onboarding kickoff meeting with your team.
  • Full environment discovery — every device, account, network component, and software license documented.
  • Security baseline deployed across all workstations, servers, and accounts.
  • Remote monitoring and management agents installed and verified on every device.
  • Backup systems configured, initial backup completed, and test restore verified.
  • Team introductions — your staff receives contact information, support procedures, and knows exactly who to call and how.
  • First monthly report delivered at day 30 with baseline metrics for the environment.
Days 31-60: Stabilization
  • Remediation of legacy issues identified during the discovery phase — unpatched systems, misconfigured services, insecure credentials.
  • Network optimization — bandwidth analysis, switch and Wi-Fi performance review, firewall rule cleanup.
  • Resolution of recurring problems that your team may have accepted as normal — slow logins, printer issues, intermittent connectivity.
  • Microsoft 365 environment review and hardening — conditional access policies, sharing permissions, mailbox security.
  • Second monthly report with comparative data showing measurable improvement from the baseline.
Days 61-90: Optimization
  • Proactive improvement recommendations based on 60 days of operational data — hardware replacements, workflow changes, software updates.
  • AI readiness assessment — evaluating where governed AI tools could save your team measurable time on administrative tasks.
  • Full documentation review — confirming every asset, credential, and configuration is current and accurate.
  • 90-day review meeting with your leadership team — reviewing what was delivered, confirming alignment with expectations, and setting priorities for the next quarter.
Quarterly: Ongoing Review
  • Quarterly business review with your leadership team covering environment health, security posture, budget planning, and technology roadmap.
  • Hardware lifecycle review — identifying devices approaching end-of-life and planning replacements before they become problems.
  • Security posture reassessment — confirming that the environment still meets baseline requirements as threats and compliance expectations evolve.
  • Technology alignment — ensuring your IT environment supports any changes in your business operations, staffing, or growth plans.

What every client gets from day one

Our security baseline is not an upsell. It is the minimum standard we deploy before we consider any environment operational. Every Nexanova-managed client receives the same foundational security posture, regardless of business size or plan level. If your current IT provider treats these as add-on packages, that should concern you.

  • Endpoint detection and response on every workstation and server — not just antivirus, but behavioral threat detection that catches sophisticated attacks traditional antivirus misses.
  • Multi-factor authentication enforced on every user account — Microsoft 365, email, VPN, remote access, and any cloud application that supports it.
  • Full-disk encryption on every device — if a laptop is lost or stolen, the data on it is unreadable without the encryption key.
  • DNS filtering — blocking access to known malicious domains, phishing sites, and categories of web content that represent security risk.
  • Email security hardened with SPF, DKIM, and DMARC properly configured — preventing domain spoofing and reducing phishing exposure.
  • Automated patch management — operating system and critical application patches applied within 72 hours of release, with emergency patches deployed same-day.
  • Verified local and cloud backups — with regular test restores to confirm your data is actually recoverable, not just backed up.
  • Firewall configuration with documented rule sets — every port, protocol, and access rule reviewed, justified, and recorded.
  • Monthly security report — plain-language documentation of what was blocked, patched, monitored, and recommended.

The mandatory monthly report

Every Nexanova client receives a monthly report. It is not optional and it is not a dashboard screenshot. The report is our accountability mechanism — it makes the invisible work visible so you can see exactly what your IT investment produced. It is written in plain language so business owners and office managers can read it without an IT background.

Security events — phishing attempts blocked, malware detections, suspicious login attempts, and any incidents that required active response.

Patch status — operating system and application patches applied during the month, including specific CVE references for critical vulnerabilities addressed.

Backup verification — backup success and failure rates, storage utilization, and the date and result of the most recent test restore.

Device health — compliance status for every managed device, including encryption status, agent health, and any devices that need attention.

Microsoft 365 security — account activity, conditional access events, sharing permission changes, and any security recommendations.

Help desk summary — total tickets, average resolution time, tickets by category, and any patterns that suggest a systemic issue.

Recommendations — specific, prioritized actions for the coming month based on what the data from this month revealed.

How we communicate

You report a critical issue during business hours

Response within 15 minutes. You hear from a named person who already knows your environment. First message includes what we know so far, what we are doing, and when you will hear from us next.

A security event is detected by our monitoring

Immediate containment. You are notified within 30 minutes with a plain-language explanation of what happened, what we did, and what it means for your business. A written incident report follows within 24 hours.

Your team submits a standard support request

Acknowledgment within 1 hour during business hours. Estimated resolution time provided in the first reply. Updates if resolution takes longer than originally estimated. Confirmation when resolved.

A planned change requires downtime

Minimum 48 hours advance notice. Clear description of what is changing, when the downtime window is, how long it will last, and what your team needs to do — which is usually nothing.

We identify a risk or improvement opportunity

Proactive notification by email with a clear explanation of the issue, the risk level, our recommendation, estimated cost if applicable, and no pressure to act immediately unless the risk is critical.

Monthly report delivery

Delivered by the 10th of each month for the previous month. Available for review at your quarterly business review or anytime by request.

See if we are the right fit for your business.

Book a 15-Minute IT Assessment

Or call (604) 613-0150