Fixed-Fee Managed IT for Medical, Legal, and Financial Practices in Dayton, Columbus, and Cincinnati
One monthly cost covers your entire IT environment: 24/7 monitoring, encrypted backups, email security, compliance documentation, security training, help desk, and quarterly evidence packages. No hourly charges, no per-incident billing, no surprise invoices.
Designed for regulated practices with 2–50 staff that don’t employ internal IT.
Most of the practices we work with have the same core problem: they need IT that works reliably, keeps them on the right side of their regulators and insurers, and doesn’t require someone on staff who understands firewalls and HIPAA simultaneously. They’ve usually been through one of two experiences — either they’re paying an hourly break-fix provider who shows up after things fail, or they’re cobbling together free tools and hoping nothing breaks during an audit cycle.
Capstone’s managed IT model is different. We implement a documented set of security controls, monitor them 24/7, test them on a regular schedule, and produce the evidence packages your insurer, regulator, or examiner expects to see. Everything is covered under one fixed monthly cost — no hourly charges for help desk calls, no separate bills for monitoring versus support, no surprise invoices when something breaks at 2am.
We’ve been doing this since 2004, and we work exclusively with practices in the 2–50 person range. We know what regulators actually ask for, what insurers actually require on applications, and what controls actually matter at your scale — versus what’s designed for enterprise environments and doesn’t translate to a 12-person medical practice or a 6-attorney law firm.
What’s Included in Your Monthly Cost
Every service listed here is covered under one fixed monthly cost. No tiers, no add-ons, no per-incident charges. The monthly cost is based on the number of users and devices in your environment — we’ll give you the exact number during your assessment.
24/7 SOC Monitoring and Threat Detection
A Security Operations Center monitors your systems around the clock using endpoint detection and response (EDR) on every workstation and server, SIEM log analysis that correlates events across your environment, and automated containment that isolates compromised machines before an attack spreads. When our SOC detects a threat at 2am, it’s contained before your staff arrives in the morning.
Encrypted Backups and Disaster Recovery
Immutable, encrypted backups stored offsite so ransomware can’t overwrite or encrypt your recovery copies. We test restores on a scheduled cadence and document the results — not just “backup completed” but actual verified recovery with timestamps. Your insurer and regulator both want this evidence.
Email Security and DNS Filtering
Advanced email filtering blocks phishing, malware, and spoofed messages before they reach your inbox. DNS filtering prevents access to known malicious websites across your entire network. Email encryption for sensitive communications and retention/archiving policies configured to your regulatory requirements.
Identity and Access Management
Multi-factor authentication enforced on email, remote access, and administrative accounts. Enterprise password management so your team uses unique, strong passwords without writing them down. Role-based access controls that limit who can see what, and audit logs documenting every login attempt.
Security Awareness Training
Ongoing training with simulated phishing campaigns that test your team’s response to realistic attacks. Completion tracking and certificates for every staff member, included in your quarterly evidence package for insurers and regulators. Total annual time commitment per employee: roughly 2–3 hours spread across the year.
Policy Development and Compliance Documentation
Written security policies covering acceptable use, incident response, data handling, and remote access — developed for your practice and reviewed annually. Controls documentation aligned to HIPAA, GLBA, Ohio Rule 1.6, FTC Safeguards Rule, and CIS/NIST frameworks. Evidence packages formatted for insurance applications, examiner requests, and audit responses.
Network Management and Patch Management
Firewall configuration and management, automated patch deployment across all workstations and servers, vulnerability scanning, and secure remote access configuration. Updates are applied systematically — not when someone remembers — and documented in your quarterly evidence package.
Help Desk and On-Site Support
One number to call for any IT issue. Remote support handles most problems within minutes. On-site visits when needed — for network infrastructure work, equipment setup, or vendor coordination. After-hours support is included, not billed separately. Your staff calls us instead of trying to fix it themselves.
Quarterly Evidence Packages and Reporting
Every quarter you receive a documented evidence package covering six categories: access controls, endpoint and monitoring, network security, data protection, email security, and training. This is the documentation your insurer, regulator, or examiner expects — produced on a regular schedule, not assembled at the deadline.
Your Quarterly Evidence Package
✓ Privileged access documentation
✓ Password manager status
✓ SOC monitoring summaries
✓ Patch & vulnerability summary
✓ Vulnerability scan results
✓ Secure remote access config
✓ Backup test results
✓ Business continuity & disaster recovery plan
✓ Encrypted email configuration
✓ Retention/hold settings
✓ Phishing simulation results
✓ Policy acknowledgment records
Updated quarterly. Ready for insurance applications, regulatory examinations, and audit documentation requests.
“I have been a client of Capstone Technology for 16 years. No matter the concern — network issues, software, hardware, HIPAA — you name it, Capstone has the answers. Beyond the technical capabilities, what makes Capstone unique is accessibility and personal touch. I have always worked with Brian, and no matter what time of day or night, he has been available. He is always pleasant, attentive, and gets the job done. I am proud to be a client of Capstone Technologies Group.”
How This Works in Practice
You call one number. Whether it’s a printer that won’t connect, a new hire who needs accounts set up, a vendor asking technical questions, or a laptop that’s acting strange — you contact Capstone and we handle it. Remote support resolves most issues within minutes. On-site visits happen when the situation requires hands-on work.
You don’t manage the security. Our SOC monitors your environment 24/7. Patches are deployed automatically. Backups run and are tested on schedule. Email filtering blocks threats before they reach your inbox. If something needs your attention, we tell you — otherwise, it’s handled.
You don’t assemble the documentation. When your cyber insurance renewal arrives, the evidence package is already prepared. When your regulator asks for proof of safeguards, we produce it. When your malpractice carrier or funder wants to know about your security controls, we provide the documentation — not a checklist you filled out yourself, but actual evidence that controls were implemented and operating.
You know what IT costs every month. One fixed cost, no tiers, no hourly charges. Your accounting team knows the number in January and it doesn’t change in July because a server had a problem.
Industry-Specific Managed IT
The core managed IT services are the same across industries. What changes is the regulatory framework, the compliance documentation, and the specific systems your practice depends on. Each industry page covers the regulations, controls mapping, and evidence requirements specific to your vertical.
“Capstone Technologies has provided service since 2002. They were involved with the installation and maintenance of the network system and continue to provide excellent service at a reasonable cost. I have used their services in multiple businesses and have no hesitation in recommending Capstone Technologies Group. With all the new rules and regulations in relation to security, I am glad to have Brian from Capstone Technologies for all my IT needs.”
Frequently Asked Questions
Everything on this page — 24/7 SOC monitoring, EDR on all endpoints, encrypted backups with recovery testing, email security and DNS filtering, MFA and password management, security awareness training, patch management, help desk and on-site support, policy development, and quarterly evidence packages. There are no separate charges for help desk calls, after-hours support, or on-site visits. The monthly cost is based on the number of users and devices in your environment.
A Security Operations Center (SOC) is a team of security analysts supported by automated detection tools that monitor your systems around the clock. It detects, investigates, and responds to threats in real time. This matters because attacks typically deploy outside business hours — nights, weekends, holidays — when nobody at your practice is watching. Without 24/7 monitoring, a ransomware attack that starts Friday evening isn’t discovered until Monday morning, by which point your data may already be encrypted. With SOC monitoring, that same attack is detected and contained within minutes.
We develop written security policies, implement the controls those policies describe, and produce quarterly evidence packages documenting that the controls are operating. The documentation is aligned to whatever regulatory framework applies to your practice — HIPAA, GLBA, Ohio Rule 1.6, FTC Safeguards Rule, or a combination. When your insurer, regulator, or examiner requests documentation, it’s already current and formatted for their requirements. We also coordinate directly with your insurance broker during renewals if needed.
Typical onboarding takes 2–4 weeks depending on the size of your environment and what’s already in place. We start with an assessment of your current setup, then deploy controls in a sequence that minimizes disruption to daily operations. Your team’s main involvement is enrolling in MFA and completing their first round of security training. Most of the work happens in the background.
In most cases, yes. We assess what you have during the initial review and tell you honestly what can stay and what needs to be replaced or upgraded. We don’t push unnecessary hardware purchases — if your current equipment supports the security controls we need to deploy, we work with it. If something does need to be replaced, we’ll explain why and give you options at different price points.
Yes. Adding users or devices adjusts your monthly cost proportionally. If you open a second location, we extend the same monitoring, backups, security controls, and documentation to that site. The controls and evidence packages scale with your environment — you don’t need to negotiate a new contract or switch to a different service tier.
Capstone Technologies Group has been providing managed IT and cybersecurity services to Ohio practices since 2004. If you’re currently managing IT without dedicated staff — or paying hourly for reactive support and hoping for the best — we should talk about what a fixed-fee managed model looks like for your environment.
Schedule Your IT Assessment
15-minute call to review your current setup, identify the gaps, and walk through what a fixed-fee managed IT plan looks like for your practice.
Pick a 15-minute slot that works for you
Talk to our team directly
Send us the details and we’ll follow up within one business day
