Our Models
Our models — three ways we engage.
Fully Managed. Co-Managed alongside your in-house IT. Project-Based with defined scope and timeline. Pick the shape that fits the team you have today and the journey you're on.
- Sydney HQ
- Service-desk-led
- Named lead
- ITIL-aligned
- Microsoft Solutions Partner
Three shapes, one operating philosophy
Three engagement models. One operating philosophy underneath all three.
We earn the right to do bigger, more strategic work by doing the unglamorous work well. Service desk leads. Cloud and security engagements grow out of operational trust, not slide-deck promises. Co-management is the default, not the upgrade tier. Honest scoping is non-negotiable.
We don't use the word "transformation." Most of what mid-market organisations need is steady, defensible operational excellence — the boring kind that holds up under audit, after-hours, and at year-end. The three engagement shapes below differ on how much of the operation we own end to end — not on whether we're the right partner.
Fully Managed Service
End-to-end operational ownership
We own the whole IT operation. 24×7 service desk, infrastructure management, security operations, and continuous improvement — under a single SLA, with a named lead and engineering depth on tap.
What's in scope as standard
- 24×7 first, second, and third-line service desk with first-fix rate published quarterly
- Infrastructure operations (cloud + on-premise + hybrid) including patching, monitoring, capacity planning
- M365 / Azure / Entra ID administration including identity, access, and licence optimisation
- Endpoint management (Intune-led for most engagements)
- Network and firewall operations (Cisco + Meraki primary)
- Optional: managed security tier (Foundation / Defence / Resilience)
- Monthly board-grade reporting; quarterly business review with the named lead
- Ideal customer profile
- Organisations between roughly 50 and 2,000 staff who don't have an internal IT operations function — or whose internal IT lead is focused on strategy, vendor management, and project sponsorship rather than day-to-day operations. Common shapes: banks, mid-tier law firms, multi-site accounting practices, NDIS providers, healthcare networks.
- Onboarding rhythm
- Six to eight weeks for a typical mid-market engagement. Discovery and runbook capture in the first fortnight. Embedded shadow with the existing partner (where applicable) for two to four weeks. Cutover with named accountability transfer in writing. Steady-state with monthly review cadence from week seven onwards.
- Contract shape
- Three-year master service agreement is the default. Twelve-month minimum is available where the shape genuinely fits. Pricing is per-user, per-endpoint, or per-environment depending on what makes the most sense for the customer's posture. No hidden cost clauses.
- What success looks like
- At 30 days, the runbook is captured and the named team is on first-name terms with your senior staff. At 90 days, the first-fix rate is published, the service-desk volume curve is settling, and the first quarterly review is on the calendar. At 365 days, you've moved one or two strategic items off your CIO's desk because the operational floor is no longer a problem.
Co-Managed / Augmented
Extend your in-house team without replacing it
We embed alongside your in-house IT team — not in place of them. Your CIO, IT Manager, or Head of Technology stays accountable for direction, vendor strategy, and budget. We provide the hands, the runbooks, the after-hours coverage, and the specialist depth your in-house team doesn't carry full-time.
What we typically take on
- After-hours service-desk coverage (your in-house team owns business hours; we own everything outside)
- Specialist skills your in-house team doesn't carry (M365 tenant deep work, Intune, Entra ID, Azure infrastructure, security operations)
- Patching and endpoint hygiene at scale
- Project capacity for migrations, upgrades, and security uplifts
- Optional: managed security tier (where customers want senior security operations depth without standing up their own)
- Monthly review cadence with your IT Manager or CIO
What stays with your in-house team
Strategy. Vendor management. Budget ownership. Direct relationships with your business stakeholders. Direction-setting on every project we contribute to. We're explicitly not trying to replace what works.
- Ideal customer profile
- Organisations with an existing internal IT lead — typically an IT Manager, Head of Technology, or small in-house team of 2–8 people — who need depth in specific areas without losing control of the overall function. Common shapes: mid-market financial services firms with an internal CISO; partnership-led law firms with a Head of IT and one or two staff; multi-site healthcare networks with a clinical-IT lead.
- Onboarding rhythm
- Three to six weeks. Faster than fully managed because your in-house team owns most of the documentation already. We capture our slice of the runbook, agree the escalation matrix, and start coverage on the agreed date.
- Contract shape
- More flexible than fully managed. Common shapes: a fixed monthly retainer for after-hours coverage, a block-of-hours arrangement for specialist work, or a co-managed master agreement that combines both. Twelve-month minimum is typical.
- What we won’t do
- We won't go around your IT Manager to talk to your CFO directly. We won't escalate over their head. We won't propose work without their sign-off. The point of the co-managed shape is to amplify the in-house function, not undermine it.
Project-Based Delivery
Defined scope. Defined timeline. Defined budget.
Some work is genuinely one-off: an Azure migration, an EOL Windows Server uplift, an M365 cutover, a security hardening exercise to Essential Eight Maturity Level 2, an endpoint refresh, a Privacy Act readiness uplift, a CPS 234 evidence-pack production run.
What project-based delivery looks like
- Discovery first, before scope is locked. We won't quote before we've spent enough time to scope honestly.
- Statement of work with defined deliverables, milestones, named team members, and explicit out-of-scope items
- Fixed-price for the agreed scope; clearly delineated change-control process for genuine scope changes
- Named project manager and named technical lead — not pooled
- Customer acceptance criteria agreed up front, not retrofit at sign-off
- Honest scoping commitment: if the right answer is a systems integrator, a Microsoft FastTrack engagement, or a vendor's professional services, we'll tell you on the discovery call
Typical project shapes
- Azure migration (greenfield or brownfield) — landing-zone, identity, migration waves
- Microsoft 365 transition or tenant-to-tenant migration (mergers, divestitures, brand consolidations)
- Endpoint estate refresh including Intune-led modern management
- Essential Eight Maturity Level 2 uplift project (control-by-control implementation)
- Privacy Act readiness uplift including breach response runbook production
- CPS 234 evidence-pack production (point-in-time uplift for an upcoming review)
- Network refresh (Cisco / Meraki) including SD-WAN where appropriate
- Security hardening exercise (post-incident or pre-renewal cyber-insurance scrutiny)
- Ideal customer profile
- Any of the above shapes where the customer has a clear one-off transition coming up and doesn't need an ongoing managed-services relationship to land it. Project-based engagements often lead into co-managed or fully managed shapes once the project completes — but never as a precondition.
- Honest scoping commitment
- Not every project we get asked about is a project we should do. Sometimes the right answer is a systems integrator with deeper estate-specific runbooks, a Microsoft FastTrack engagement we'll help orchestrate, a vendor's professional services arm, or a competitor whose shape fits the work better. We will tell you that on the discovery call. It is the single most-cited reason customers come back to us with the next project — even when the first one went elsewhere.
Why service-desk leads, always
There's a reason we list service desk first in every engagement, regardless of shape. It's the same reason we list the six pillars in Service-Desk → Cloud → Managed Security order on the homepage: operational trust earns strategic work, not the other way around.
Boring done well is what holds up at audit. It's what makes your CFO sign off on the budget for the bigger project. It's what your auditor reaches for when they ask “How do we know the controls actually run?” The answer is the ticket data, the change log, the patch report — not the slide deck.
We don't run a follow-the-sun model. We don't pass your tickets through three timezones before someone with context picks them up. The service desk is owned by a named lead, with engineering depth from Colombo on tap. That structure is deliberate. It's the only way "named accountability" means anything past the marketing page.
Onboarding rhythm — three phases
Whatever the engagement shape, onboarding follows the same three-phase rhythm. The duration varies; the rhythm doesn't.
- 01
Phase 1 — Discovery & Runbook Capture
Weeks 1–2
Named team members are introduced. Existing documentation is captured (or written, where it doesn't exist). Escalation matrix is agreed in writing. Service-desk handover scripts are produced. Initial control assessment is run for security-tier engagements. Customer's in-house IT lead is the day-to-day partner in this phase.
- 02
Phase 2 — Embedded Shadow & Transition
Weeks 3–6
Our team works alongside the customer's existing arrangement. Tickets are handled in parallel. Issues are surfaced and triaged. The cutover date is agreed and the named-accountability transfer is documented. For fully managed engagements, this phase is the longest and most important — it's where the operational reality lands, not the SOW prose.
- 03
Phase 3 — Steady State with Monthly Review
Week 7+
Named lead owns the monthly review cadence. First quarterly business review is on the calendar by month two. Reporting cadence is steady. First-fix rate is published quarterly. SLA dashboards go live and stay live.
What you end up with by the end of onboarding: a captured runbook your team contributes to, an escalation matrix that survives staff change, an SLA dashboard you can show your board, and a named-team relationship that doesn't depend on a single account manager.
What we don't do
A few honest disqualifiers, on the record.
We don't run a follow-the-sun model
Named accountability sits on every contract. Engineering depth from Colombo is named, briefed, and on the runbook — not anonymous handoff.
We don't use the word "transformation"
Most mid-market work is steady operational excellence with periodic uplift projects. Transformation is a budget signal that usually outruns the actual work.
We don't claim AI in security operations
Humans do that work. SIEM and EDR platforms include ML-based detection at the platform layer; that's table stakes, not differentiation. The accountability chain in our security operations is human, named.
We don't reassign your named lead after we sign you
Our economics are built around named-team continuity, not senior-time inflation.
We don't do offshore cost arbitrage as our primary value driver
If price is your primary lens, we're probably not the cheapest partner you'll evaluate. Customers who pick us are making a value-and-defensibility decision.
We don't propose scope creep masquerading as agility
Project SOWs are tight. Change control is explicit. We'd rather have an honest conversation about the next project than win it by under-scoping the current one.
Which model fits you?
Twenty minutes on a discovery call. We'll listen first, propose a shape that fits, and tell you if a different partner is the better answer for the work you're describing.
or call (+61) 413 649 132