Skip to main content
Man Connecting Cables in Server Cabinet

IT-as-a-Service (ITaaS)

IT-as-a-Service (ITaaS) is for institutions who want assistance with their IT- and security related efforts. Services range from assisting onsite system administration and security personnel with network security consulting and project needs, to supporting bank management and staff with network and system administration. These services are designed to help client institutions fulfill requirements related to business operations, security, and compliance standards.

BMA’s ITaaS offerings are available in the following ways:

  • IT/Security Consulting
  • IT/Security Project Contracting
  • Virtual Systems Administrator
  • Virtual Back-up Systems Administrator

Details of each of these offerings are included in the following sections

IT/Security Consulting

BMA offers a security gap analysis of the IT infrastructure to gauge the level of resiliency of the environment to possible attacks. The Security Gap Analysis (SGA) is a high-level security evaluation of the IT infrastructure and common attack vectors in these environments, paired with resolution recommendations and consultation. Recommendations and a visual representation document are included for future IT/security projects designed to improve infrastructure resilience and security. We will make recommendations on how to improve overall network and data security.

If desired, BMA’s IT and Security teams can be scheduled to assist with project support related to the SGA findings. The initial Statement of Work will include assistance with at least two of the analysis findings. Assistance with additional projects is also available and would be detailed in a separate Statement of Work. Hours will be determined per project (see IT/Security Project Contracting below).

Additionally, BMA’s IT/Security teams can be held on a per month retainer at a minimum cost if on-going assistance or administration is desired. See Virtual System Administrator and Virtual Back-up System Administrator below. If on-site visits are determined necessary, the customer will be charged for associated travel expenses (airfare, lodging, ground transportation, meals) in addition to hours and costs defined in a Statement of Work.

  • Onsite Security Officer
  • Onsite Systems Administrator
  • Responsible for hardware and software decisions and purchasing any  necessary licenses/software/hardware/services to fulfill associated Statement of Work
A virtaul system admin working at their computer.

IT/Security Project Contracting

For customers that require a more in-depth setup and configuration of the IT infrastructure, BMA will utilize our Security Gap Analysis (SGA) tool to assess the present IT environment and architect an updated environment to achieve a secure infrastructure according to industry standards. We will build the infrastructure over a six to 12-month period.

Once complete, system management and maintenance will be handed off to the client’s onsite IT or system administrator and/or security officer. Alternatively, If desired by the client, BMA can take the role of Virtual System Administrator or Virtual Back-up System Administrator (see sections below) to continue to assist with management of the IT infrastructure. In any case, the on-going security aspects will be managed by the customer’s on-site security officer/team.

Rates for IT/Security Contracting will vary based on the requirements of the project. Estimated hours and costs will be detailed in a Statement of Work signed by the customer. Depending on the complexity of the project, up to three BMA team members (two IT, one Security) could be working on the project at any given time.

Customer Responsibility:

  • Onsite Security Officer
  • Sign-off for hardware and software decisions and purchasing any necessary licenses/ software/hardware/services to fulfill associated Statement of Work.

Virtual System Administrator

BMA will assist bank staff by providing specific remote systems administration functions for the IT infrastructure:

  • Routine patch management of servers, workstations, network equipment, firewalls, and some third-party applications.
  • Network management of switches, routers, and endpoint integration.
  • Firewall management for the following manufacturers: Fortinet, Palo Alto, and Cisco ASA.
  • Support in fixing vulnerabilities found through a vulnerability scanning software/service.
  • User creation through Active Directory and email account creation/setup. Annual Security Gap Analysis with two (2) project entitlements included for the year.
  • Audit Support and documentation including topology, workstation/server reports, application reports, and project reports. Support in new service setups.
  • A monthly conference call to review current projects, planned projects, and other issues or services, including audit and examination support.
  • On call support with an SLA of 2 hours for emergencies, 4 hours for end-user support, 24 hours for projects and non-critical issues.

Customer Responsibility:

  • Onsite remote hand support
  • Onsite Security Officer
  • Onsite Auditor
  • Required to purchase BMA’s support software licensing. (BMA currently requires the PDQ Software Suite for system management and documentation, and Beyond Trust Remote Support software for remote administration capabilities.)

Virtual Back-up System Administrator

For institutions that have a dedicated system administrator or IT staff, but would like the peace of mind or assurance of a back-up administrator, BMA will assist bank staff by providing specific remote systems administration functions for the IT infrastructure:

  • Emergency patching of servers, workstations, network equipment, firewalls, and some third-party applications.
  • Network support of switches, routers, and endpoint integration.
  • Firewall support for the following manufacturers: Fortinet, Palo Alto, and Cisco
    ASA.
  • Support in fixing vulnerabilities found through a vulnerability scanning
    software/service.
  • User creation through Active Directory and email account creation/setup.
  • Support in new service setups.
  • On call support with an SLA of 2 hours for emergencies, 4 hours for end-user
    support, 24 hours for projects and non-critical issues.
It support working at computer.

Customer Responsibility:

  • Primary Systems Administrator
  • Onsite “remote hands” support
  • Onsite Security Officer

Optional Services:

  • Annual Security Gap Analysis (TBD)