Book a Meeting Client Portal

Master Services Agreement

Miami Cyber Solutions LLC d/b/a Miami Cyber

Effective Date: Upon execution of Statement of Work

Last Updated: February 2025

This Master Services Agreement ("Agreement" or "MSA") is entered into by and between Miami Cyber Solutions LLC, a Florida limited liability company doing business as Miami Cyber ("Miami Cyber," "Provider," "we," "us," or "our"), and the customer identified in an applicable Statement of Work or Order Form ("Client," "you," or "your"). Miami Cyber and Client may be referred to individually as a "Party" and collectively as the "Parties."

1. Effective Date and Order of Precedence

1.1 Effective Date

This Agreement becomes effective on the date Client first executes a Statement of Work ("SOW"), Order Form, or similar ordering document referencing this Agreement (the "Effective Date").

1.2 Order of Precedence

In the event of conflict, the following order controls:

  • (a) the applicable SOW or Order Form,
  • (b) the applicable Service Schedule,
  • (c) this Agreement.

2. Definitions

  • "Services" means the services expressly described in an active SOW or Service Schedule.
  • "Deliverables" means tangible work product expressly identified as deliverables in an SOW.
  • "Client Data" means data provided by or on behalf of Client.
  • "Third-Party Services" means products or services not provided by Miami Cyber.

3. Scope of Services

3.1 Services

Miami Cyber shall provide Services only as expressly described in an active SOW or Service Schedule.

3.2 Changes

Changes to scope must be documented in a written amendment or change order signed by both Parties.

3.3 Subcontractors

Miami Cyber may use subcontractors and remains responsible for their performance.

4. Client Responsibilities

4.1 Cooperation

Client shall provide timely access to systems, data, approvals, and personnel.

4.2 Authorized Contacts

Client shall designate authorized representatives.

4.3 Third-Party Services

Client is responsible for procuring and maintaining Third-Party Services unless expressly included in an SOW.

4.4 Client Standards

Client must continuously comply with Miami Cyber's mandatory IT and cybersecurity standards ("Client Standards"). Failure to comply suspends SLA obligations.

5. Fees, Invoicing, and Payment

5.1 Fees

Fees are as stated in the applicable SOW and exclude taxes.

5.2 Billing

Recurring services are billed monthly in advance unless otherwise stated.

5.3 Late Payment and Suspension

Past-due amounts may accrue interest at 1.5% per month or the maximum allowed by law. Miami Cyber may suspend Services for non-payment. SLAs are suspended during any suspension period.

5.4 Taxes

Client is responsible for all applicable taxes other than those based on Miami Cyber's income.

6. Term and Termination

6.1 Term

This Agreement continues until terminated in accordance with this Section. Each SOW has the term stated therein ("Initial Term").

6.2 Automatic Renewal

Unless otherwise stated in the applicable SOW, upon expiration of the Initial Term or any renewal term, the SOW shall automatically renew for successive one (1) year renewal terms.

Either Party may prevent renewal by providing written notice at least thirty (30) days prior to the end of the then-current term.

Miami Cyber may adjust fees for any Renewal Term upon prior written notice, applied prospectively only.

6.3 Termination for Convenience

Unless otherwise stated in the SOW, either Party may terminate for convenience upon thirty (30) days' written notice.

6.4 Termination for Cause

Either Party may terminate for material breach not cured within ten (10) days. Failure to pay undisputed fees is a material breach.

6.5 Effect of Termination

Upon termination or expiration:

  • All outstanding invoices become immediately due
  • Client shall pay for Services performed through termination
  • Licenses terminate except as expressly stated

6.6 Early Termination Fee (ETF)

If Client terminates for convenience prior to the end of the term, Client shall pay an Early Termination Fee equal to 100% of the remaining contract value, unless otherwise stated in the SOW.

If termination results from Client non-payment or uncured breach:

  • All fees accelerate
  • ETF becomes immediately due
  • Any unused service credits are forfeited

The ETF represents a reasonable estimate of damages and is not a penalty.

7. Service Level Agreements

7.1 Applicability

SLAs apply only during an active contractual engagement and only to Services expressly covered by an SOW.

7.2 SLA Suspension

SLAs are suspended during:

  • Non-payment
  • Client non-compliance with Client Standards
  • Lack of access or approvals
  • Third-party failures
  • Force majeure events

7.3 Service Credits

Service credits, if applicable, are Client's sole and exclusive remedy for SLA failures and are capped at 20% of the affected monthly fees. Credits are not cash-refundable and may not offset ETFs or past-due balances.

8. SLA Exclusions

No SLAs apply to:

  • AI consulting or managed AI services
  • Business process consulting
  • Compliance consulting
  • Assessments, audits, workshops, or advisory services

9. Confidentiality

Each Party shall protect the other's Confidential Information and use it solely for purposes of this Agreement.

10. Data Security

Miami Cyber will implement commercially reasonable safeguards. No system is guaranteed to be secure, and Miami Cyber does not guarantee prevention of all incidents.

11. Intellectual Property

Miami Cyber retains ownership of its tools, methodologies, templates, automation logic, and reusable components. Upon full payment, Client receives a non-exclusive, non-transferable license to use Deliverables internally.

12. Warranties and Disclaimers

Miami Cyber warrants Services will be performed in a commercially reasonable manner. All other warranties are disclaimed, including implied warranties of merchantability and fitness.

13. Limitation of Liability

Miami Cyber's total aggregate liability shall not exceed the fees paid for the affected Services during the six (6) months preceding the claim. Miami Cyber shall not be liable for indirect, incidental, consequential, or punitive damages.

14. Client Indemnification

Client shall indemnify Miami Cyber against claims arising from Client misuse of Services, Client Data, or violation of law.

15. Non-Solicitation

During the term and for twelve (12) months thereafter, Client shall not solicit or hire Miami Cyber personnel involved in providing Services.

16. Force Majeure

Miami Cyber is not liable for delays or failures caused by events beyond its reasonable control, including internet outages or cyberattacks not caused by gross negligence.

17. Governing Law and Venue

This Agreement is governed by Florida law. Venue lies exclusively in Miami-Dade County, Florida.

18. General

This Agreement constitutes the entire agreement. Amendments must be in writing. Electronic signatures are permitted. If any provision is unenforceable, the remainder remains in effect.

EXHIBIT A

Client IT and Cybersecurity Standards

This Exhibit A ("Client Standards") forms part of the Master Services Agreement ("MSA") between Miami Cyber Solutions LLC d/b/a Miami Cyber ("Miami Cyber") and Client. Capitalized terms not defined herein have the meanings set forth in the MSA.

Compliance with these standards is mandatory for all Clients receiving managed IT services, cybersecurity services, AI services, or any other services delivered by Miami Cyber.

Failure to meet or maintain these standards materially impacts service delivery and automatically releases Miami Cyber from all Service Level Agreement ("SLA") obligations, as set forth in the MSA.

1. Purpose and Philosophy

Miami Cyber operates under a standards-driven, prevention-first model designed to reduce operational risk, security incidents, and dependency on reactive support.

These standards exist to:

  • Establish secure and supportable client environments
  • Enable predictable service delivery
  • Reduce helpdesk volume through system design and automation
  • Support advanced security and AI capabilities

Miami Cyber does not support unmanaged, ad hoc, or non-standard environments.

2. Operating System and Endpoint Requirements

2.1 Supported Operating Systems

All end-user computing devices must run vendor-supported operating systems, including:

  • Windows 11 Pro or later
  • A supported version of macOS that is not end-of-life

Consumer, home, or unsupported editions are not permitted.

2.2 Endpoint Lifecycle

All end-user computing hardware must:

  • Be no more than seven (7) years old from the original manufacture date
  • Be capable of receiving current operating system and security updates
  • Meet minimum performance and security requirements as determined by Miami Cyber

Unsupported or end-of-life devices must be replaced or removed from service.

2.3 Device Management

All endpoints must:

  • Be enrolled in centralized device management
  • Remain compliant with configuration, security, and update policies
  • Support remote management and security enforcement

3. Identity and Access Control

3.1 Multi-Factor Authentication

Multi-factor authentication ("MFA") must be enforced without exception for:

  • All user accounts
  • All administrative accounts
  • All business applications
  • All remote access methods

3.2 Least Privilege

Access must be granted based on the principle of least privilege. Administrative access must be:

  • Time-bound
  • Logged
  • Restricted to approved users

3.3 User Lifecycle Management

User onboarding, role changes, and termination must be enforced consistently and promptly. Departed users must be disabled immediately.

4. Endpoint Security and Monitoring

4.1 Endpoint Protection

All endpoints must have:

  • Endpoint Detection and Response ("EDR") installed, enabled, and protected from tampering
  • Centralized monitoring and alerting

4.2 Managed Detection and Response

All Clients must be enrolled in Miami Cyber-approved Managed Detection and Response ("MDR") services.

5. Network and Infrastructure Standards

5.1 Supported Network Hardware

All network infrastructure, including:

  • Firewalls
  • Switches
  • Wireless access points
  • Routers

must be vendor-supported and covered by active support and firmware licenses.

5.2 Firewall Requirements

Firewalls must:

  • Maintain current security subscriptions
  • Support threat prevention and intrusion detection
  • Be centrally managed where applicable

End-of-life or unsupported network equipment is not permitted.

5.3 Administrative Access

Miami Cyber must have administrative access to all managed network infrastructure.

6. Email, Application, and Data Security

6.1 Email Security

Email security controls must be enabled and actively monitored.

6.2 Data Protection

Controls must exist to:

  • Prevent unauthorized data access
  • Reduce accidental or malicious data leakage
  • Support data retention and recovery requirements

6.3 Backup and Recovery

Backup protections must be in place for business-critical data and systems and must support recovery from accidental deletion, security incidents, or system failure.

7. Security Awareness and User Responsibility

Clients must participate in ongoing security awareness training, including:

  • Phishing awareness
  • Reporting procedures
  • Acceptable use expectations

Users must comply with published security policies and guidance.

8. AI Services Eligibility

AI-related services are available only after all Client Standards outlined in this Exhibit are fully implemented and continuously maintained.

Failure to maintain these standards immediately suspends AI services without penalty to Miami Cyber.

9. Non-Compliance and SLA Abdication

Failure to meet or maintain any requirement in this Exhibit constitutes non-compliance.

During any period of non-compliance:

  • Miami Cyber is automatically released from all SLA guarantees
  • Services may be limited, suspended, or delivered on a best-efforts basis
  • Miami Cyber bears no responsibility for delays, degradation, or incidents attributable to non-compliance

SLA obligations do not automatically reinstate until full compliance is restored and validated.

10. Client Acknowledgment

Client acknowledges that:

  • These standards are mandatory
  • Compliance is a condition of service delivery
  • Non-compliance materially increases operational and security risk
  • Miami Cyber's SLA, liability, and service commitments depend on continuous compliance

END OF EXHIBIT A

EXHIBIT B

Service Schedules

This Exhibit B ("Service Schedules") forms part of the Master Services Agreement ("MSA") between Miami Cyber Solutions LLC d/b/a Miami Cyber ("Miami Cyber") and Client. Capitalized terms not defined herein have the meanings set forth in the MSA.

All services described in this Exhibit are subject to:

  • The MSA
  • Exhibit A - Client IT and Cybersecurity Standards
  • SLA applicability, suspension, service credit, ETF, and limitation of liability provisions set forth in the MSA

Service Schedule 1 - Managed IT Services

Scope of Services

Standards-driven managed IT services designed to deliver secure, stable, and supportable environments while reducing dependency on reactive helpdesk activity. Services are delivered under a defined monthly support allocation. Unlimited support is not provided.

Core Deliverables

  • Endpoint and identity management
  • Patch and update management
  • Backup monitoring and recovery support
  • Incident response and root cause analysis
  • Technology standardization and optimization
  • Defined monthly support hours

Service Levels (Response Time SLAs)

SLAs apply only during an active contractual engagement and in accordance with the MSA.

Critical / High (Response ≤ 1 hour)

Applies only to:

  • Full business outages, or
  • Issues impacting more than three (3) users simultaneously

Examples:

  • Organization-wide network outage
  • Identity or authentication failure preventing multiple users from logging in
  • Email or core business application outage impacting more than three users

Single-user issues do not qualify.

Medium (Response ≤ 4 hours)

Examples:

  • Single-user inability to access a critical application
  • Degraded performance affecting three users or fewer
  • Backup failures without immediate data loss

Low (Response ≤ 8 hours)

Examples:

  • Non-urgent service requests
  • Minor configuration changes
  • Informational or advisory requests

Response time means acknowledgment, triage, and initiation of work. Resolution times are not guaranteed.

Technical Standards

  • Supported operating systems only
  • Centralized device management
  • Endpoint Detection and Response (EDR)
  • Vendor-supported hardware and software
  • Compliance with Exhibit A

Ownership

All tools, scripts, configurations, and methodologies remain Miami Cyber intellectual property. Client receives a limited license to use deliverables during the term.

Exclusions

  • Unlimited or on-demand support
  • End-of-life or unsupported systems
  • Non-standard or unmanaged environments

Service Schedule 2 - Cybersecurity Services

Scope of Services

Managed cybersecurity services emphasizing prevention, detection, vulnerability reduction, and coordinated response.

Core Deliverables

  • 24/7/365 Security Operations Center (SOC)
  • Managed Detection and Response (MDR)
  • Vulnerability management (scanning, prioritization, reporting)
  • Security alert triage and escalation
  • Incident coordination and post-incident reporting
  • Ongoing security posture review and recommendations

Service Levels (Security Response SLAs)

Critical / High (Response ≤ 1 hour)

Applies only to:

  • Active security incidents posing material organizational risk, or
  • Confirmed compromise impacting more than three (3) users, systems, or identities

Examples:

  • Active ransomware or malware outbreak
  • Credential compromise affecting multiple users
  • Lateral movement or privilege escalation across systems

Medium (Response ≤ 4 hours)

Examples:

  • High-risk vulnerability identified without active exploitation
  • Suspicious activity affecting a single user or system
  • Phishing incident with limited scope

Low (Response ≤ 8 hours)

Examples:

  • Informational alerts
  • Low-risk vulnerabilities
  • User-reported suspicious activity without confirmation

Response includes alert acknowledgment, severity validation, and escalation. Containment and remediation timelines vary.

Technical Standards

  • 24/7/365 SOC monitoring
  • Active vulnerability management program
  • Active MDR enrollment
  • MFA for all users and business applications
  • Supported firewalls with current security subscriptions
  • Ongoing security awareness training

Ownership

Detection logic, playbooks, SOC procedures, and security tooling remain Miami Cyber intellectual property. Client retains ownership of its data.

Exclusions

  • Incidents caused by unsupported systems or Client non-compliance
  • Third-party platform or cloud provider failures
  • Legal or regulatory determinations

Service Schedule 3 - AI Consulting and Managed AI Services

Scope of Services

AI consulting and managed AI services provided only after full compliance with Exhibit A.

Core Deliverables

  • AI readiness assessments
  • Workflow and automation design
  • AI governance and usage guidance

Service Levels

No SLAs apply. Services are delivered on a commercially reasonable efforts basis.

Ownership

AI frameworks, prompts, automation logic, and reusable components remain Miami Cyber IP. Client retains ownership of its data and AI outputs.

Service Schedule 4 - Business Process Consulting

Scope of Services

Advisory services focused on documenting and optimizing business processes.

Core Deliverables

  • Process discovery and mapping
  • Gap analysis
  • Future-state recommendations
  • Execution roadmap

Service Levels

No SLAs apply. Milestones are governed by the applicable SOW.

Service Schedule 5 - Digital Marketing Services

Scope of Services

Digital marketing services supporting secure, compliant, and measurable growth.

Core Deliverables

  • Website content updates
  • SEO and campaign optimization
  • Analytics and reporting

Service Levels (Response Time SLAs)

Critical / High (Response ≤ 1 hour)

Applies only to:

  • Public-facing outages or failures impacting more than three (3) users, customers, or active campaigns

Examples:

  • Website outage or defacement
  • Live paid campaign failure during active spend
  • Security issue impacting marketing domains or assets

Medium (Response ≤ 4 hours)

Examples:

  • Broken forms or tracking impacting limited traffic
  • Campaign delivery issues affecting a small audience
  • Publishing failures delaying scheduled content

Low (Response ≤ 8 hours)

Examples:

  • Content edits
  • SEO adjustments
  • Reporting or analytics questions

Performance outcomes (rankings, traffic, revenue) are not guaranteed.

Service Schedule 6 - Web and Application Development

Scope of Services

Project-based web and application development services.

Core Deliverables

  • Design specifications
  • Developed code and configurations
  • Testing and deployment support
  • Post-launch warranty support

Service Levels (Response Time SLAs)

Critical / High (Response ≤ 1 hour)

Applies only to:

  • Production outages or defects impacting more than three (3) users, customers, or workflows

Examples:

  • Live application outage
  • Security vulnerability in production
  • Blocking defect preventing multiple users from completing core actions

Medium (Response ≤ 4 hours)

Examples:

  • Functional defect with workaround
  • Performance degradation affecting limited users
  • Integration failures without full outage

Low (Response ≤ 8 hours)

Examples:

  • Cosmetic defects
  • Minor UI issues
  • Enhancement or optimization requests

Response time covers acknowledgment and triage only. Fix timelines depend on scope and complexity unless stated in the SOW.

Service Schedule 7 - Compliance Consulting Services

Scope of Services

Advisory services supporting regulatory and security compliance initiatives.

Core Deliverables

  • Gap assessments
  • Policy and control guidance
  • Evidence preparation support

Service Levels

No SLAs apply. Deliverable timelines are governed by the applicable SOW.

END OF EXHIBIT B

Contact Us

Miami Cyber Solutions LLC dba Miami Cyber

252 NW 29th St, Floor 9, Office 943, Miami, FL 33127

Email: legal@miamicyber.tech

Website: miamicyber.tech