FAQ · MSP · MSSP · Compliance · AI

Answers for business leaders evaluating IT, security, and AI

The questions we hear most from owners, CFOs, and IT leaders across Canada—managed IT, cybersecurity, compliance programs, and practical AI adoption.

Managed IT

MSP — running your technology

What managed service providers do, how pricing works, and when outsourcing beats break-fix support.

What is a managed service provider (MSP)?

An MSP proactively manages your IT environment—servers, workstations, networks, cloud, and Microsoft 365—under a predictable monthly model. Instead of calling someone only when something breaks, monitoring, patching, help desk, and strategic planning are built in. TeckPath acts as your outsourced IT department or as a co-managed partner alongside internal staff.

What is the difference between break-fix IT and managed IT?

Break-fix is reactive: you pay per incident, and downtime is often the trigger to act. Managed IT is proactive: we monitor 24/7, patch before exploits land, maintain documentation, and fix issues before users notice. Over time, managed IT lowers total cost, reduces surprise bills, and gives leadership visibility into risk and spend.

How much does managed IT cost?

Pricing depends on user count, device mix, compliance requirements, and security maturity. Most SMB engagements are structured per user or per device with clear inclusions—help desk, monitoring, patching, vendor liaison, and vCIO hours. We scope after a discovery call so you see exactly what is included before you commit. There are no hidden ticket fees for covered services.

Do I need an MSP if I already have an internal IT person?

Often, yes—in a co-managed model. One internal IT generalist cannot cover 24/7 security operations, compliance audits, major cloud migrations, and tier-3 engineering alone. TeckPath extends your team with SOC monitoring, vCISO guidance, project bandwidth, and after-hours coverage while your staff keeps institutional knowledge and day-to-day relationships.

What response times and SLAs do you offer?

Critical incidents are triaged immediately with 24/7 after-hours call handling. Standard help-desk targets are defined in your service agreement by severity—typically minutes for outages affecting many users and same-day resolution paths for routine requests. SLAs are documented, reported monthly, and tied to escalation paths so nothing sits in a queue unnoticed.

Do you provide on-site and remote support?

Yes. Most issues are resolved remotely for speed. When hardware, cabling, or physical access is required, our Calgary and Toronto teams dispatch on-site. National clients are supported remotely with partner dispatch where needed. Continuous monitoring runs regardless of location.

Cybersecurity

MSSP — protecting your business

Managed security, detection and response, testing, and the controls insurers and auditors expect.

What is an MSSP and how is it different from an MSP?

An MSP keeps systems running; an MSSP (managed security service provider) focuses on preventing, detecting, and responding to cyber threats. TeckPath combines both: we manage your stack and layer EDR/XDR, SIEM, email security, vulnerability management, and 24/7 threat monitoring. One team, one roadmap—security is not bolted on after the fact.

Do I need MDR if I already have antivirus?

Traditional antivirus looks for known malware signatures. Modern attackers use stolen credentials, living-off-the-land techniques, and ransomware that evades legacy tools. Managed Detection and Response (MDR) adds continuous monitoring, behavioral analytics, and human analysts who investigate and contain threats. For most businesses handling sensitive data, MDR is the baseline—not a luxury.

Should we enforce multi-factor authentication (MFA) for everyone?

Yes. MFA is one of the highest-ROI security controls available. The majority of breaches involve compromised passwords; MFA blocks most credential-stuffing and phishing attacks. TeckPath helps you roll out conditional access, hardware keys or authenticator apps, and enforcement policies across Microsoft 365, VPN, and critical SaaS—with minimal friction for executives and frontline staff.

How do you protect Microsoft 365 and business email?

We secure M365 with conditional access, MFA, anti-phishing policies, safe links and attachments, mailbox auditing, and DLP where required. Email remains the #1 attack vector; layered filtering plus user awareness training dramatically reduces successful phishing. We also monitor for impossible travel, mass forwarding rules, and OAuth consent abuse.

What happens if we have a ransomware incident?

Our incident response playbook activates immediately: isolate affected systems, preserve evidence, assess scope, notify stakeholders, and begin recovery from immutable backups. We coordinate forensics, legal/comms guidance, and insurer notification when applicable. Clients on our MSSP stack have 24/7 escalation—after-hours calls reach live triage, not voicemail.

How often should we perform penetration testing?

At least annually, and after major infrastructure or application changes. Regulated industries and cyber insurers often require documented testing. TeckPath offers external, internal, and social-engineering assessments with remediation tracking so findings become fixes—not shelf-ware reports.

What is a vCISO and when do I need one?

A virtual Chief Information Security Officer provides executive-level security leadership without a full-time hire. You need vCISO support when board or clients ask for a security program, cyber insurance demands controls, or compliance frameworks require policies, risk registers, and vendor oversight. TeckPath vCISOs align security spend to business risk and speak the language of leadership and auditors.

Compliance

Prove you are secure

SOC 2, privacy law, cyber insurance, and ongoing compliance programs for Canadian businesses.

What is SOC 2 and does my business need it?

SOC 2 is an attestation that your organization meets trust criteria around security, availability, processing integrity, confidentiality, and privacy. SaaS vendors, professional services firms, and anyone selling to enterprise clients are increasingly asked for SOC 2 Type II. Even if not required today, the controls strengthen cyber insurance position and customer trust. TeckPath is SOC 2 Type II compliant and helps clients build toward their own attestation.

How does Compliance-as-a-Service work?

We map your environment to the frameworks you need—SOC 2, HIPAA-aligned controls, ISO 27001 principles, or cyber-insurance questionnaires. Policies, evidence collection, control monitoring, and audit prep are managed continuously rather than in a frantic annual scramble. Your team gets a dashboard of status, gaps, and remediation owners.

How do we prepare for a cyber insurance audit?

Insurers now require MFA, EDR, offline/immutable backups, privileged access controls, and incident response plans. We run a readiness assessment against current carrier questionnaires, close gaps (patching, logging, MFA enforcement, backup testing), and document evidence so renewal is smoother and premiums are more favorable.

What about PIPEDA and cross-border data?

Canadian businesses must handle personal information under PIPEDA (and provincial laws where applicable). We help classify data, implement encryption and access controls, review vendor subprocessors, and document retention and breach notification procedures. Cloud architecture choices—Canadian regions, data residency—are part of the conversation.

How long does a SOC 2 Type II audit take?

First-time programs typically need 3–6 months of control operation before a Type II observation period (often 6–12 months). Timeline depends on starting maturity. TeckPath accelerates policy creation, technical controls, and evidence workflows so you are audit-ready—not audit-panicked.

Can employee security training satisfy compliance requirements?

Yes. Documented, ongoing awareness training is required or strongly expected under SOC 2, HIPAA-style programs, and many insurance applications. We deliver phishing simulations, role-based modules, and completion reporting suitable for auditor review.

AI & automation

Practical AI for business

Safe adoption, governance, Copilot vs custom models, and automation that pays for itself.

Is AI safe to use in our business?

AI can be safe when governed: defined use cases, data classification rules, private or tenant-isolated models, and human review for high-risk decisions. Public chatbots should never receive confidential contracts, PHI, or credentials. TeckPath designs guardrails—DLP, access policies, and approved tools—so teams gain productivity without leaking IP.

Microsoft Copilot vs custom AI—which is right for us?

Copilot and similar assistants excel inside Microsoft 365 when data is already structured and permissions are correct. Custom model-driven apps fit proprietary workflows—quoting, service dispatch, document analysis—with integrations to your line-of-business systems. We assess readiness (identity, data hygiene, licensing) before rollout so AI projects succeed in weeks, not stall in pilots.

How do you prevent AI from leaking sensitive data?

We combine tenant configuration, sensitivity labels, conditional access, prompt policies, and monitoring. Training staff on what not to paste into public models is equally important. For regulated workloads, private Azure OpenAI or on-prem inference keeps data in your boundary.

What is the difference between RPA and AI automation?

RPA (robotic process automation) follows explicit rules—copying data between systems, generating reports, onboarding steps. AI adds judgment: classifying tickets, summarizing documents, detecting anomalies. TeckPath maps processes first; many wins are rule-based automation with AI layered where it adds measurable accuracy or speed.

Can AI help with IT support and security operations?

Yes. AI assists ticket triage, knowledge-base answers, log correlation, and phishing analysis—always with human escalation for critical actions. We deploy AI to reduce noise and response time, not to replace accountability. Our own operations use AI-assisted workflows under strict change control.

TeckPath

Working with us

Industries, onboarding, geography, and what makes a long-term partnership.

What does TeckPath do?

TeckPath is a security-first MSP and MSSP helping Canadian businesses operate without disruption. We combine managed IT, cybersecurity, compliance programs, cloud modernization, and practical AI under one accountable team—Calgary head office and Toronto presence since 2012.

What industries do you support?

Healthcare, financial services, legal, manufacturing, insurance, engineering, agriculture, aviation, technology, non-profits, and professional services. We tailor controls and workflows to industry regulation—HIPAA-aligned care, legal privilege, OT-adjacent manufacturing—not one generic playbook.

What size businesses are the best fit?

Typically 15–500 employees who need enterprise-grade security and reliability without enterprise overhead. We scale with growth-stage companies and stabilize environments for established firms replacing legacy providers or overwhelmed internal IT.

Which regions do you serve?

Primary operations in Alberta and Ontario with remote support across Canada. On-site in Calgary and Toronto; partner dispatch elsewhere when needed. Toll-free 1.800.772.8593 reaches our team nationwide.

How quickly can we get started?

Onboarding often begins within days of agreement. Discovery covers network, identity, backups, and security posture; we stabilize urgent gaps first, then execute a 90-day roadmap. You see value from week one—not after a six-month transition.

Why choose TeckPath over another IT provider?

We measure success by how smoothly your business runs—not ticket volume. Proactive operations, audited SOC 2 Type II practices, 24/7 triage, offensive security expertise, and AI that solves real workflows differentiate us from reactive break-fix shops. One partner for manage, secure, comply, and modernize.

Still have questions?

Talk to a human

Calgary
(403) 453-5854
160 Quarry Park Blvd SE, Suite 300
Google Maps
Toronto
(647) 494-8696
60 Atlantic Ave, Suite 200
Google Maps
Okotoks
(403) 453-5854
900 Village Ln, Unit 361
Okotoks, AB T1S 2C2

Google Maps
Edmonton
(403) 453-5854
10180 101 St NW, Unit 3400
Edmonton, AB T5J 3S4

Google Maps

Ready for answers tailored to your environment?

Book a no-pressure assessment—we will show you where you stand on IT, security, and compliance.

Book a demo