Managed IT / National Service Pillar

Managed IT Services Cybersecurity-First MSP

Petronella Technology Group runs your complete IT department as a contracted, monthly engagement: 24/7 monitoring, named-engineer helpdesk, EDR and MDR security, immutable backup, identity and access controls, and vCIO strategy. Built for regulated mid-market firms across the US, headquartered in Raleigh, NC since 2002.

24/7 SOC + Helpdesk
15 min P1 Response SLA
3 Tiers Foundation / Pro / Enterprise
Book a Free IT Assessment Call (919) 348-4912
Free 30-min IT health check, written quote inside one week, no contract pressure
RPO #1449 CMMC-AB Registered Provider Organization
DFE #604180 NC Digital Forensic Examiner License
Since 2002 23+ Years Operating in NC
BBB A+ Accredited Since 2003
Definition

What Managed IT Services Actually Means

Strip the brochure language away and managed IT is a simple operating bargain. You pay a predictable monthly fee. In exchange, a contracted partner takes responsibility for keeping your technology working, keeping it safe, and keeping it aligned with where the business is going. Not break-fix. Not on-demand billing. Not a block of hours you hoard and never use.

For a US business with 10 to 500 employees, a full managed IT engagement with our team replaces what you would otherwise build as an internal IT department: a helpdesk, a network operations function, a security operations capability, a backup and disaster recovery program, a compliance documentation function, and a technology strategist who understands the business. Building all of that internally is expensive, slow, and prone to single-person dependency. The senior engineer who owns it leaves, takes a year of institutional knowledge with them, and the business is exposed until the replacement spins up.

Outsourcing the right slice to a contracted MSP is not about saving money on a single line item. It is about turning an unpredictable cost (incidents, downtime, audit failures, key-person risk) into a predictable cost with a written SLA behind it. That is the real value of managed IT services in 2026, and that is the engagement Petronella Technology Group has been refining inside North Carolina since 2002.

When to outsource. If your current IT answers yes to any of the following, you are probably ready for a real managed IT engagement: something breaks and the only person who knew how it worked does not work for you anymore; you are paying for tools you cannot prove are configured correctly; you have a compliance audit on the calendar and nobody owns the prep; every IT budget conversation is reactive; or you are one ransomware event away from a week of business chaos. Any one of those is a signal. Three or more and the clock is already running.

When to keep IT internal. Some scenarios still favor in-house ownership: a deeply specialized product team that ships software where IT is part of engineering, a regulated environment where leadership wants every engineer on the badge list, or a strict cost model that has already justified the full FTE load. In those cases co-managed IT is usually the right hybrid, with internal staff keeping daytime ownership and Petronella bringing 24/7 coverage, security depth, and compliance bench. That decision should be made deliberately rather than by default.

What Is Included

The Petronella Managed IT Stack

A short, standardized capability stack so every Petronella Technology Group engagement inherits the same operational discipline. These are the layers we deliver. Specific product SKUs are chosen per client based on environment, compliance scope, and what tooling you already own. No rip-and-replace for its own sake.

24/7 Monitoring and Alerting

Servers, workstations, network devices, cloud tenants, and backup jobs all report to a single pane of glass. Automated remediation handles routine issues before a person sees them. Anything that needs human judgment pages an on-call engineer with a contracted response time. No "monitoring" that just sends emails into a dead inbox.

Patch and Configuration Management

Windows, macOS, Linux, third-party applications, firmware, and SaaS platforms. Patch testing before rollout for anything business-critical. Configuration hardening benchmarked against CIS Level 1 by default, CIS Level 2 or NIST 800-171 baseline on request. Quarterly drift reports so you know what changed and why.

Named-Engineer Helpdesk

Phone, email, Microsoft Teams, and Slack channels all route to a single ticketing system with no per-ticket billing. Every ticket carries a named primary engineer and a named senior escalation engineer. No offshore tier-1, no script readers, no three-day loops between tiers before resolution. Metrics reported monthly: first-response time, time to resolve, first-contact resolution rate, and per-ticket satisfaction.

Endpoint Detection and Response

Next-generation EDR on every workstation and server, tuned and monitored by our security team rather than left on default policy. Behavioral detection, automated rollback where supported, and 24/7 alert review instead of alert generation with nobody watching. Linked into our Managed XDR Suite for cross-source correlation when the engagement calls for it.

Identity and Access Management

Microsoft Entra ID or equivalent, conditional access policies, phishing-resistant or passwordless MFA, privileged access controls, and quarterly access reviews. Offboarding an employee should take minutes and leave zero dangling permissions. Too often it does neither. A clean identity layer is the single highest-leverage control most US SMBs are missing.

Backup, Disaster Recovery, and BCP

Immutable, off-site, encrypted backups with tested restores. Quarterly recovery drills with written runbooks. Recovery Time and Recovery Point Objectives negotiated to match what the business can tolerate, not a generic 24-hour default. Microsoft 365 and Google Workspace backed up separately because the tenant is not a backup. Deeper detail at our data backup and disaster recovery page.

Email Security and Awareness Training

Anti-phishing, anti-spoofing, DMARC enforcement, and impersonation protection on top of Microsoft 365 or Google Workspace. Quarterly simulated phishing through KnowBe4-class tooling with role-based training assignments. Business email compromise is still the single largest dollar-loss category for US SMBs, and a well-tuned email layer prevents most of it.

Asset and Vendor Management

Every endpoint, every license, every vendor contact, every warranty, every renewal date documented in IT Glue or Hudu encrypted storage. We renegotiate vendor contracts at renewal on your behalf. Shadow IT gets surfaced and either sanctioned or shut down. Your next engineer (ours or yours) can find anything they need without archaeology.

Mobile Device Management

Microsoft Intune or equivalent for Windows, macOS, iOS, and Android. Conditional access policies for corporate data on personal devices. App protection policies, encryption-at-rest enforcement, remote wipe, and BYOD container separation. Mobile is no longer optional in 2026, especially for regulated firms with employee-owned phones touching client data.

Strategic Planning and vCIO

Quarterly business reviews with your leadership team, a rolling 12-month technology roadmap, IT budget forecasting, vendor coordination, and renewal negotiation. Need deeper strategic and security leadership? Our vCIO and vCISO services sit on top of the managed IT engagement when scope justifies it.

Service Tiers

Three Tiers, Built for Where You Are

Every Petronella Technology Group managed IT engagement scopes into one of three tiers based on your environment, compliance posture, and required SLAs. Pricing is quoted per user and per server after the free assessment because two firms of the same headcount can have wildly different technology footprints. We do not publish flat per-seat numbers on the website because doing so misleads clients into picking the wrong scope.

Tier 1 / Foundation

Foundation Managed IT

From custom quote / per user / per month
  • 24/7 monitoring + automated remediation
  • Helpdesk (business hours + on-call after hours)
  • Windows + macOS patch management
  • Standard EDR + email security baseline
  • Backup with quarterly restore tests
  • Annual technology business review
  • Best fit: 10 to 50 employees, no regulated data
Quote Foundation Tier
Tier 2 / Professional

Professional Managed IT

From custom quote / per user / per month
  • Everything in Foundation, plus:
  • 24/7 SOC with EDR + MDR layered
  • Conditional access + phishing-resistant MFA
  • Mobile device management (MDM)
  • HIPAA / PCI / SOC 2 readiness add-ons
  • Quarterly business reviews + roadmap
  • Best fit: 50 to 250 employees, regulated data
Quote Professional Tier
Tier 3 / Enterprise

Enterprise Managed IT

From custom quote / per user / per month
  • Everything in Professional, plus:
  • CMMC Level 2 or Level 3 program ownership
  • Private LLM hosting + AI governance
  • Dedicated vCIO + vCISO bench time
  • Annual pen test or tabletop exercise
  • DFE-licensed incident response retainer
  • Best fit: 100+ employees, multi-framework scope
Quote Enterprise Tier

Custom-tier engagements exist for organizations with unusual scope (multi-state covered entities, classified-adjacent environments, manufacturing OT/IT convergence, large-scale GPU compute hosting). The free 30-minute discovery call is the right place to start that conversation. Pricing is honest and itemized in writing once we understand what the engagement actually entails.

Engagement Model

Co-Managed IT vs Fully Managed IT

Not every business wants to outsource all of IT. A meaningful share of our clients already have one or two strong internal IT people. We work both ways, and the engagement model should match what actually exists inside your company rather than what looks tidy on a brochure.

Co-Managed IT

Best when: You have one to three internal IT staff doing solid day-to-day work, but the team is thin on security operations, compliance documentation, after-hours coverage, or specialized project work. You want decision-making and employee-facing relationships to stay internal.

We provide: 24/7 monitoring + after-hours helpdesk, security operations and EDR / MDR tuning, compliance program ownership (CMMC, HIPAA, PCI, SOC 2), backup and disaster recovery, vendor escalation bench, and quarterly strategic reviews alongside your IT lead.

Your internal team keeps: Daytime helpdesk, line-of-business application ownership, hands-on projects, and the employee-facing relationship. We handle the depth work they do not get to do often enough to stay sharp at it.

Fully Managed IT

Best when: You have no internal IT, or the person doing it inherited it and does not want it anymore, or your existing IT lead is about to retire and you need a clean transition. You want a single accountable vendor owning the entire stack.

We provide: Everything in the co-managed model, plus all daytime helpdesk, employee onboarding and offboarding, line-of-business application support coordination, project execution, and full vCIO strategic planning.

Your team keeps: The business. That is the point. Leadership sets direction at quarterly business reviews and we operate the technology to match it, with monthly reporting that makes the work visible without anyone internal having to chase it down.

Industries

Industries We Serve

Managed IT is not industry-agnostic. The control set, evidence requirements, and operating cadence vary meaningfully by vertical. Petronella Technology Group has standing depth in the verticals below, and the engagement scope adapts to each one. Full vertical detail lives on our industries hub.

Defense Contractors and DoD Suppliers

If you have a DFARS 252.204-7012 clause in your contract, CMMC is coming for you. We consult across all three CMMC levels: Level 1 for FCI-only contractors, Level 2 for the majority handling Controlled Unclassified Information, and Level 3 for primes under NIST 800-172 enhanced requirements. The Enterprise tier includes full CMMC program ownership: SSP authoring, POAM management, CUI enclave design, and C3PAO readiness.

Healthcare and Medical Practices

HIPAA Security Risk Assessments, EHR integration, BAA program management, and ransomware readiness. Medical practices remain a top-three target for ransomware, and most cyber-insurance carriers now require MFA, EDR, phishing simulation, and incident response planning before they will renew. Pairs with our HIPAA compliance program and HIPAA-to-NIST mapping for the regulatory side.

Law Firms and Professional Services

State Bar ethics opinions hold attorneys to a competence standard that includes reasonable technology safeguards around client data. Insurance carriers increasingly require MFA everywhere, EDR on every endpoint, phishing simulation, and documented incident response before they will renew a cyber policy. We have standardized engagement patterns for firms running on iManage, NetDocuments, Clio, and PracticePanther.

Financial Services and Wealth Management

GLBA Safeguards Rule, the FTC amendments that took effect in 2023, SEC cyber disclosure rules, and PCI DSS for anyone handling card data. We also operate full SOC 2 readiness programs for wealth management firms whose institutional clients now demand a Type II report before they will sign.

Manufacturing and Distribution

OT and IT convergence, supply chain attack exposure, and the reality that a ransomware event on a manufacturer often costs more in downtime than the ransom itself. We design segmented networks that keep the production floor running even when an office-side endpoint gets hit. CMMC scope often overlays here as well for defense-adjacent manufacturers.

Engineering and AEC Firms

AEC firms working on federal or DoD infrastructure projects increasingly see CMMC flow-down clauses in their subcontracts. CAD, BIM, and simulation workloads also pair cleanly with our private AI cluster for design-assist and document-review automation. AI plus CMMC is the edge for engineering firms in 2026, and most generalist MSPs cannot deliver both.

Compliance Fit

Compliance Frameworks Built Into Managed IT

Managed IT at Petronella is compliance-aware by default. The tooling, documentation, and operating procedures are designed so a formal compliance program can sit on top of the managed IT engagement without bolt-on cost. These are the frameworks we run for clients today.

CMMC Levels 1, 2, and 3

Petronella Technology Group is a CMMC-AB Registered Provider Organization (RPO #1449, verified at cyberab.org). Every engineer holds CMMC Registered Practitioner certification. We consult across Level 1 for FCI-only contractors, Level 2 for the CUI majority under NIST 800-171, and Level 3 for the smaller number of primes under NIST 800-172 enhanced requirements. Deeper detail at the CMMC compliance program page.

HIPAA Privacy, Security, and Breach Notification

Security Risk Assessments, administrative and technical safeguard implementation, BAA program management, workforce training, and incident response planning. Paired with managed IT, HIPAA becomes something you operate rather than something you renew annually and hope. See HIPAA compliance services.

NIST CSF 2.0 and NIST 800-171

The Cybersecurity Framework 2.0 (Govern, Identify, Protect, Detect, Respond, Recover) is the universal control language we map every engagement to. NIST 800-171 is the underlying control set for CMMC Level 2. NIST 800-172 layers on for Level 3. The control mapping is documented in the managed IT engagement evidence pack so audits do not become emergency consulting fees.

SOC 2 Type I and Type II

Readiness programs for SaaS companies, data-processing firms, and MSPs themselves. Trust Services Criteria mapping, control evidence collection, auditor coordination, and the kind of boring, documented operational discipline that passes a SOC 2 audit without panic. See SOC 2 program detail.

PCI DSS v4.0

For firms taking card-not-present or card-present payments. Scope reduction through tokenization, network segmentation for the cardholder data environment, and Self-Assessment Questionnaire or Report on Compliance preparation depending on transaction volume. Full detail at the PCI DSS compliance page.

ISO 27001 and Sector Specifics

ISO 27001:2022 Information Security Management System readiness for firms operating internationally or selling into European clients. We also operate state-specific frameworks (NC Identity Theft Protection Act, NY DFS 23 NYCRR 500) and sector-specific mandates (NC State Bar ethics opinions, FERPA for education, GLBA for financial services). See ISO 27001.

Compliance is a reporting byproduct of a well-operated environment, not a separate project. Clients carrying two or three frameworks at once (HIPAA plus SOC 2, or CMMC plus PCI) pay a single operational cost and harvest evidence across all of them. That is the point of running managed IT through a team that lives inside the frameworks every day instead of treating them as a yearly fire drill.

Onboarding

What Managed IT Onboarding Looks Like

A structured 30 to 90 day transition from signed agreement to steady-state operations. Compliance-driven engagements (CMMC Level 2, HIPAA-covered entities, SOC 2 prep) run longer and we say so up front. No surprises, no scope creep dressed up as discovery.

W1

Week 1 / Discovery and Documentation

A network engineer and account manager walk your office (or coordinate remotely for distributed environments). Every asset, cloud tenant, vendor contact, line-of-business application, and shadow-IT pocket gets documented. We interview department heads to understand workflows that are invisible to IT but critical to the business. Compliance scope gets named: CMMC, HIPAA, SOC 2, PCI, GLBA, ISO 27001. Nothing changes in week one. We learn first.

W2

Week 2 / Tooling Deployment

RMM agents, EDR, MDR, backup tooling, and identity baseline deploy quietly in the background. Ticketing stands up and your employees learn how to reach us. Email security and DMARC enforcement get aligned with our standards. We run this in parallel with your incumbent provider when one exists so there is zero coverage gap during the cutover.

W3

Week 3 / Risk Assessment and Quick Wins

A formal security and IT risk assessment produces a ranked list of findings. Anything flagged critical gets remediated immediately at no extra cost as part of onboarding. Everything else lands on a 90-day remediation roadmap with named owners and dates. Compliance gaps surface (HIPAA, CMMC, PCI, SOC 2) so we can scope any required programs before they become fire drills.

W4

Week 4 / Steady-State Handoff

Your named account manager, primary engineer, and backup engineer are introduced to your team. Monthly and quarterly reporting cadences are set. The first quarterly business review gets scheduled. Anything that belongs on the 90-day remediation list gets owners and start dates. From this point forward the engagement is boring in the best possible way.

M+

Month Two Onward / Steady-State Operations

Monthly operations reports to the business owner. Quarterly business reviews with leadership, including a refreshed 12-month roadmap, budget forecast, and compliance posture. Annual penetration test or tabletop exercise depending on risk profile. Continuous improvement of the environment rather than big-bang projects. Most clients renew here for five to ten years running.

SLAs

Response Times and Escalation

Every ticket gets a priority based on business impact. These are the SLAs we contract to for a standard Petronella Technology Group managed IT engagement. Premium and regulated-industry agreements carry tighter contracted numbers when scope requires it.

P1 Outage

Response: 15 minutes. On-site dispatch inside 60 minutes in Wake County for true outages. Work continues 24/7 until resolved. Hourly updates to the named business contact until the system is back online.

P2 Partial Outage

Response: 30 minutes. A workgroup or major application is down but the business is not fully halted. On-site dispatch same business day when remote remediation will not resolve.

P3 Standard

Response: 4 business hours. Single-user or low-impact issue. Most P3 tickets resolve the same day. First-contact resolution is our goal and our internal benchmark.

P4 Scheduled

Response: Next business day. Requests that are not time-sensitive: new hire setup, equipment orders, software installs, documentation changes, scheduled maintenance windows.

Escalation is automatic, not something the client has to ask for. If a P1 is not resolving inside 60 minutes, it goes to a senior engineer. If that escalation fails to make progress, it goes to our operations lead. If we still are not moving fast enough, founder Craig Petronella gets paged. This chain is written into the service agreement so there is no confusion at 2 AM about whether escalating is the right call. We measure ourselves against the SLA on every ticket and publish the results in the monthly operations report. No marking your own homework.

Operating Stack

The Standardized Tooling Stack

A short, vetted product family per layer so every Petronella managed IT engagement inherits the same operational discipline. Specific SKUs are chosen per client based on scope, compliance fit, and what you already own. We do not publish "exclusive" or "authorized" partnerships we do not actually hold.

Stack Layer What We Run
EDR / EndpointSentinelOne Singularity or CrowdStrike Falcon on every workstation and server. Behavioral detection, automated rollback where supported, 24/7 alert review by our security team. Default policies tuned to your environment, not left on factory settings.
MDR / DetectionHuntress Managed EDR and Managed ITDR layered behind primary EDR for human-analyst coverage on threats automated tooling misses. Identity threat detection across Microsoft 365. Two pairs of eyes on every real incident.
Identity / AccessMicrosoft Entra ID with conditional access policies, phishing-resistant MFA, privileged identity management, and quarterly access reviews. Okta for environments already committed to it. No locally synced passwords outside PIM scope.
Email SecurityProofpoint Essentials or Check Point Harmony Email (formerly Avanan) in front of the tenant for impersonation, business email compromise, and account-takeover protection. DMARC, DKIM, and SPF enforced, not just configured.
Backup / DRVeeam Data Platform or Datto SIRIS for on-premise and hybrid environments with immutable cloud tiers. Microsoft 365 and Google Workspace backed up separately because the tenant is not a backup. Recovery drills quarterly with written RTO and RPO tied to business impact.
RMM / PatchNinjaOne RMM for monitoring, patching, and remote remediation across Windows, macOS, and Linux endpoints. Patch testing before rollout for anything business-critical. CIS Benchmark hardening for major operating systems.
Ticketing / PSAConnectWise Manage or HaloPSA for ticketing and SLA enforcement. Every ticket carries a named primary engineer and named senior escalation engineer. SLA breaches reported monthly without prompting.
Network / SASEFortinet FortiGate or Cisco Meraki firewalls with IDS/IPS and SD-WAN where topology calls for it. Cloudflare Zero Trust or Cisco Umbrella for DNS-layer security and ZTNA. Segmentation designed around compliance scope.
Vulnerability / PostureTenable Nessus or Rapid7 InsightVM for authenticated vulnerability scanning. CIS Benchmark hardening for Windows, macOS, and common Linux distros. Attack-surface monitoring for internet-exposed assets.
Documentation / KBIT Glue or Hudu for encrypted client documentation. Every password, every warranty, every vendor contact, every network diagram stored where your next engineer can find it. Quarterly documentation audits are part of the engagement.
Security AwarenessKnowBe4 or Hoxhunt for quarterly simulated phishing and role-based training assignments. Reporting to leadership monthly. Phishing failure rates measured per department so the targeting is data-driven.
AI Integration

24/7 AI + Human Hybrid Threat Analysis

Petronella Technology Group does not pitch AI as a bolt-on or a marketing layer. We operate a private enterprise AI cluster on our own infrastructure and run it inside our security operations every day. For regulated clients, the same cluster can host private LLM deployments inside your audit boundary so prompts and outputs never leave the controlled environment.

Private AI Cluster, Not Public Inference Calls

Public AI tools train on prompts by default. For firms under HIPAA, CMMC, or client-confidentiality obligations, that is a data loss pattern disguised as productivity. We stand up private AI deployments inside your tenant or on our enterprise cluster so the prompts and the outputs stay inside the audit boundary. No training on your data, no third-party inference calls, full logging. Data sovereignty matters to compliance, and compliance is what most managed IT providers cannot deliver alongside AI.

AI-Assisted SOC and Ticket Triage

Our internal operations use AI assistance for log review, anomaly detection, and first-pass ticket triage. That is not a ceiling on engineer quality. It is how we let senior engineers spend their time on work that actually needs senior judgment. The outcome for clients is faster first-response times and fewer missed signals in telemetry noise. Faster mean-time-to-detect on real threats is the difference between an isolated workstation and a ransomware event.

AI Governance and Acceptable-Use Policy

If your team is already pasting client data into public chatbots, you have an AI governance gap whether you have admitted it yet or not. The managed IT engagement includes a written AI acceptable-use policy, DLP rules that detect common paste patterns, and a sanctioned private-model alternative so the urge to use AI does not push people to unsanctioned tools. Governance is cheap and the alternative is an unmanaged data egress problem.

Voice Agents and Workflow Automation

We build production AI voice agents in-house. Call (919) 348-4912 right now and Penny picks up, triages the call, books a free 15-minute assessment, and escalates to a human engineer when warranted. Managed IT clients who want their own version for after-hours intake, appointment booking, or first-line customer service get one built on the same proven pattern. That is anti-commodity managed IT: capabilities most providers cannot deliver because they do not actually build any of the technology themselves.

Geography

Geographic Coverage and On-Site Response

Petronella Technology Group is headquartered in Raleigh, NC at 5540 Centerview Dr., Suite 200. On-site response is routine across the Triangle and Eastern North Carolina. Remote management covers clients anywhere in the United States, including multi-site footprints with offices in multiple states. We do not subcontract on-site work outside our coverage radius without telling you.

Primary on-site coverage. Wake, Durham, Orange, Chatham, Johnston, Franklin, Wilson, Wayne, Cumberland, Mecklenburg, Forsyth, Guilford, Alamance, New Hanover counties and the surrounding metros. On-site dispatch inside 60 minutes for a true P1 in Wake County. Same-business-day on-site outside the immediate metro when remote remediation will not resolve.

Remote management coverage. Anywhere in the United States. Multi-site organizations with offices across multiple states route through a single named account team rather than fragmented regional support. Time-zone-aware coverage for clients with West Coast or international satellite operations.

City-specific service pages. We maintain dedicated landing pages for the cities where we deliver routine on-site service. If your primary office is in one of these locations, the city-specific page covers travel time, local market context, and the specific compliance flavor most common in that area:

Managed IT Raleigh Managed IT Durham Managed IT Cary Managed IT Apex Managed IT Chapel Hill Managed IT Charlotte Managed IT Wilmington Managed IT Burlington Managed IT Fayetteville Managed IT Greensboro Managed IT Wilson Managed IT Wake Forest
Why Petronella

Why Petronella Technology Group

Most managed IT providers do the same four things: monitoring, patching, helpdesk, backups. That is table stakes and we do all of it. The reason our clients stay with us for a decade or longer is what sits underneath the table stakes.

23+ Years of Operating Discipline

Petronella Technology Group was founded in 2002 and has held BBB A+ accreditation since 2003. That history pre-dates every current major compliance framework our clients operate under. We have watched HIPAA evolve through multiple rule updates, CMMC emerge from DFARS, two generational shifts in PCI DSS, and the entire lifecycle of "cloud" going from punchline to default. That history shows up in better recommendations and fewer first-time-fool mistakes.

Deep Compliance Bench

Every engineer holds CMMC Registered Practitioner status. Founder Craig Petronella also holds CCNA, CWNE (Certified Wireless Network Expert, fewer than 500 globally), Digital Forensic Examiner license #604180 issued by the NC Private Protective Services Board, and is MIT-Certified in AI and Blockchain. Our firm carries PPSB accreditation. CMMC-AB RPO #1449. When a regulated mid-market firm needs an MSP that can handle CMMC scope, HIPAA risk assessment, or forensic response, they are not stitching together three vendors.

Senior-First Staffing Model

A lot of MSPs load their front line with tier-1 junior staff and escalate only when things truly fail. We inverted that. Your first touch is an experienced engineer who can actually fix what you called about. That is more expensive for us per ticket and cheaper for you across the year because issues do not loop between tiers for three days before resolution. Named primary and named senior escalation per ticket, every ticket.

DFE-Licensed Forensics Bench

Craig Petronella holds Digital Forensic Examiner license #604180 issued by the NC Private Protective Services Board, and our firm carries PPSB accreditation. Most managed IT providers cannot lawfully perform digital forensics in North Carolina. When something serious happens at a client site, we preserve evidence, perform analysis, and support law enforcement or insurance proceedings without bringing in a third vendor. See our digital forensics services for the full scope and the explicit "What We Do Not Do" panel.

Anti-Commodity Positioning

The reason commodity MSPs cannot beat our price on enterprise-tier engagements is that we run the infrastructure they outsource. Private AI cluster on our own hardware. In-house forensics. CMMC RPO. The work that competitors mark up through subcontractors lives inside our P&L, which means better integration, faster response, and a single contract for the client to read.

Honest Pricing, Honest Vendor Claims

We do not publish "exclusive" or "authorized" partnerships we do not actually hold. Where we are an authorized partner, we say so in writing. Where we are not, we tell you, and we tell you if that should change which product you choose. That approach costs a little marketing polish and saves clients real money at renewal. From custom-quote pricing model, written line items, no surprise auto-increases buried on page 14 of the agreement.

Team Credentials

The Team Behind Your Tickets

Credentials without context are marketing. Here is the practical version of who does what, and what certifications back up the work.

Craig Petronella

Founder and CEO

CMMC-RP, CCNA, CWNE, DFE #604180, MIT-Certified in AI and Blockchain

Blake Rea

VP of Sales and Client Partnership

CMMC-RP

Justin Summers

Security Consultant

CMMC-RP

Jonathan Wood

Security Consultant

CMMC-RP

Firm-level credentials include CMMC-AB Registered Provider Organization status (RPO #1449, verified at cyberab.org), PPSB accreditation from the NC Private Protective Services Board, BBB A+ rating maintained since 2003, and a founding date of 2002 that pre-dates every current major compliance framework our clients operate under. Full team and credential roster on our team page.

Related Services

Adjacent Petronella Services

Managed IT is the baseline. Most clients also engage us for one or more of the following depending on what the business actually needs.

Cybersecurity Services

Penetration testing, security operations, incident response, and advanced threat hunting beyond what is bundled into managed IT.

Managed XDR Suite

Cross-source detection and response stitching EDR, identity, email, and network telemetry into a single 24/7 SOC view with named analysts on every incident.

CMMC Compliance

Full Level 1, Level 2, and Level 3 program ownership for DoD suppliers. SSP, POAM, CUI enclave design, NIST 800-172 enhanced controls, and C3PAO readiness.

Compliance Programs

Multi-framework compliance hub covering CMMC, HIPAA, NIST CSF 2.0, PCI DSS, SOC 2, ISO 27001, and sector-specific mandates. Built into the managed IT engagement.

AI Services

Private AI cluster, LLM deployments inside your tenant, AI governance programs, and voice agents built in-house. Anti-commodity AI without leaking data to public models.

Data Backup and DR

Immutable, encrypted, tested backup and disaster recovery programs. Standalone or bundled into managed IT for predictable cost.

vCIO and vCISO Services

Fractional senior IT and security leadership for organizations that need strategic depth without hiring a full-time executive.

IT Services Hub

Top-level catalog of every Petronella IT service category, including helpdesk, infrastructure, cloud, and project work outside the managed IT recurring scope.

Industries We Serve

Vertical-specific landing pages: defense contractors, healthcare, law firms, financial services, manufacturing, engineering firms, and more.

FAQ

Frequently Asked Questions

What does managed IT services actually include?

Managed IT services from Petronella Technology Group bundles 24/7 monitoring, helpdesk for end users, patch and configuration management, endpoint detection and response, identity and access management, email security, immutable backup with tested disaster recovery, vendor management, vCIO strategic planning, and compliance-aligned operating procedures into a single predictable monthly engagement. Hardware purchases and one-time project work sit outside the recurring scope and are quoted separately so there are no mystery line items.

How is managed IT different from break-fix or staff augmentation?

Break-fix bills you per incident, has no operating discipline, and rewards firefighting. Staff augmentation rents you bodies without owning outcomes. Managed IT is a contracted engagement with named engineers, written SLAs, monthly reporting, and accountability for keeping the environment healthy. The work happens before the incident, not after, so leadership stops absorbing every outage personally and finance stops paying surge rates per crisis.

Does Petronella support co-managed IT for businesses with internal staff?

Yes. Roughly a third of our managed IT clients have one to three internal IT people we work alongside. The internal team owns daytime helpdesk, business-application relationships, and project priorities. We bring 24/7 monitoring, after-hours coverage, security operations, compliance program ownership, and a senior engineering bench for the work the internal team does not get to do often enough to stay sharp at it. Co-managed and fully-managed are both first-class engagement models, not afterthoughts.

What is the response time SLA for a managed IT support ticket?

Standard tier SLA for Petronella Technology Group managed IT is 15 minutes for a Priority 1 outage, 30 minutes for Priority 2 partial outage, 4 business hours for Priority 3 standard issues, and next business day for Priority 4 scheduled work. On-site dispatch in Wake County for a true P1 is typically inside 60 minutes. Premium and regulated-industry agreements (CMMC Level 2 and Level 3, HIPAA, financial services) carry tighter contracted numbers when scope requires it.

Can Petronella manage IT for CMMC, HIPAA, and other compliance frameworks?

Yes. We are a CMMC-AB Registered Provider Organization (RPO #1449) and the entire engineering team holds CMMC Registered Practitioner certification. We consult across all three CMMC levels: Level 1 for contractors handling only Federal Contract Information, Level 2 for the majority band handling Controlled Unclassified Information under NIST 800-171, and Level 3 for the smaller number of primes under NIST 800-172 enhanced requirements. We also operate HIPAA, NIST CSF 2.0, PCI DSS v4.0, SOC 2, and ISO 27001 programs as part of the managed IT engagement when contracts require them.

What does managed IT services cost?

Petronella Technology Group quotes per user and per server with a small platform fee that covers the tooling stack. We do not publish a flat per-seat number on the website because two firms of the same headcount can have wildly different environments, compliance scopes, and SLA requirements. The free 30-minute discovery call and written assessment produce a quote with every line item spelled out. Most regulated mid-market clients land between modest and moderate per-user pricing depending on compliance scope and after-hours requirements.

How long does onboarding to managed IT take?

Typical onboarding runs 30 to 60 days for a mid-market environment and 60 to 90 days when CMMC or HIPAA evidence collection is in scope. Week one is documentation and access. Week two is tooling deployment (RMM, EDR, backup, identity baseline). Weeks three and four are the risk assessment, any emergency remediation, and a handoff to steady-state operations. We run this alongside your incumbent provider when one exists so there is zero coverage gap during the transition.

What is the difference between an MSP and an MSSP, and which one is Petronella?

An MSP (managed service provider) owns the IT environment: monitoring, patching, helpdesk, identity, backup. An MSSP (managed security service provider) owns the security posture: SOC, threat hunting, EDR/MDR tuning, incident response. Petronella Technology Group operates as both inside a single engagement, which avoids the seam where most IT-only MSPs hand the security ball to a separate vendor and tickets fall through the gap. The Managed XDR Suite plus our DFE-licensed digital forensics bench gives us the depth an MSP-only provider cannot match.

Start Here

Ready to Talk About Managed IT?

Free 30-minute discovery call. Written quote inside one week. No contract pressure, no offshore scripts, no mystery line items. Just a candid conversation about what your business actually needs and what it would cost to run it right.

Book a Free IT Assessment Call (919) 348-4912

Petronella Technology Group, Inc. | 5540 Centerview Dr., Suite 200, Raleigh, NC 27606 | (919) 348-4912 | craig@petronellatech.com