Hospitality IT Services
A managed IT bundle purpose-built for resorts, hotels, and hospitality groups. Lower per-user base because your front-of-house team captures the easy tickets locally — plus a dedicated on-site analyst as a real productized SKU, not a custom line item. Powered by GITD — our AI-augmented delivery platform.
Hospitality Is Sold Two Ways. Neither Is Quite Right.
Vertical-only providers ship a capability list and a relationship — no published tiers and no rate card. Generalist MSPs ship corporate packaging that does not account for how a property is actually staffed. We ship a hospitality bundle: the same productized tiers as our corporate offering, priced lower because front-of-house staff handles the easy tickets, plus a dedicated on-site analyst SKU with published terms.
Hospitality Pricing, Productized
Per-user rates are lower than our corporate rate card to reflect how labor is actually distributed in a property. Annual escalator is 3% or CPI, whichever is greater. Default term is 36 months.
Standard
Single-property resorts and hotels with on-site staff
From 50 users
From $4,750/month
- Endpoint management, patching, and EDR deployment
- Helpdesk Mon–Fri 7a–9p CST
- 24/7 environment monitoring
- M365 and Google Workspace administration included
- PMS and POS vendor coordination
- Monthly business review and reporting
Advanced
Properties with elevated security or guest data exposure
From 50 users
From $6,750/month
- Everything in Standard
- 24/7 GSOC L2 monitoring and response
- XDR with extended detection and response
- Identity and access management hardening
- vCIO Lite — quarterly strategy and roadmap
Premier
Properties with PCI scope and formal compliance posture
From 75 users
From $13,125/month
- Everything in Advanced
- 15-minute P1 response
- vCIO Pro — weekly cadence with KPI dashboard
- PMS and PCI compliance program
- Dedicated Customer Success lead
Enterprise
Multi-property hospitality groups and brand-managed portfolios
From 250+ users
- Everything in Premier
- Dedicated GSOC pod
- Named vCIO with executive cadence
- On-site presence at flagship property
- Quarterly business reviews with ownership
- Custom contracting and procurement
A Dedicated Body on the Property
The hospitality industry runs on physical presence. Add a dedicated on-site analyst to any tier — published rate, published minimum, published reduction-notice policy. No custom math.
$9,995 / month
Loaded rate for a dedicated on-site analyst, pre-vetted to hospitality operations and the property's technical environment.
12-month minimum
Hospitality on-site relationships are long-cycle. Our minimum reflects the time needed to learn the property and its operational rhythm.
60-day reduction notice
After the 12-month minimum, reduce or end the on-site engagement with 60 days notice — written into the agreement.
What's Included — and What's Not
We tell you up front what is in the per-user rate, what is pass-through, and what is project work. No surprise line items.
Included in the per-user rate
Property operations
- •Helpdesk for back-of-house and corporate users
- •PMS, POS, and key vendor coordination (vendor escalation, no app development)
- •Front-of-house device support escalation from property staff
- •Documented runbooks for the property and its core systems
Microsoft 365 & Google Workspace administration
- •User lifecycle, license assignment, group and team management
- •Mailbox, Teams, SharePoint, OneDrive, Drive administration
- •MFA, SSPR, conditional access policy operation within current architecture
- •Monthly tenant hygiene review and license rightsizing
Security & monitoring
- •Endpoint detection and response (EDR) deployment and management
- •24/7 environment monitoring with automated remediation
- •Identity threat monitoring and alerting
- •PCI scope guidance and quarterly security posture review
Strategy & reporting
- •Monthly business review with ownership or GM
- •Asset and license inventory kept current
- •Documentation maintained in our customer-accessible platform
- •vCIO touchpoints per tier (Lite quarterly, Pro weekly)
Pass-through or scoped separately
- •Endpoint security licenses (CrowdStrike Falcon Pro or equivalent) — billed at MSRP pass-through, or BYOL if you have entitlement
- •Microsoft 365 and Google Workspace licenses — Managed customers consolidate Microsoft licensing through ICS as their CSP
- •PMS, POS, and other hospitality SaaS licenses — pass-through or your direct vendor relationship
- •Backup licenses (M365 backup, endpoint backup) — pass-through at MSRP
- •Hardware procurement (workstations, servers, networking, AV, kiosks) — quoted per project
- •PMS migrations, network refreshes, low-voltage installs, PCI remediation projects — scoped as fixed-bid
Pass-through items are billed at vendor MSRP or your existing license entitlement. Project work is scoped as fixed-bid or T&M against published advisory rates.
Microsoft 365 and Google Workspace administration are included in every tier — no separate admin retainer. PMS, POS, and hospitality SaaS apps are vendor-coordinated by ICS; their licensing is pass-through. Project work is scoped as fixed-bid against our published advisory rate card (provided with proposals).
Both Platforms Supported. Admin Is in the Rate.
Microsoft 365 and Google Workspace day-to-day administration are included in the per-user rate — no separate admin retainer. Project work, tenant migrations, and major architecture changes are scoped separately.
CSP consolidation included
Hospitality customers on Standard, Advanced, and Premier consolidate Microsoft 365 licensing through ICS as their CSP. This gives us licensing-level support escalation with Microsoft, single-pane invoicing across the portfolio, and same-day license adjustments — useful when properties expand or contract seasonally.
Google Workspace, fully managed
A meaningful share of our hospitality book runs Google Workspace. ICS is a Google Cloud Partner. Workspace IAM, messaging, mobile management for property devices, and security are first-class on every tier at the same per-user rate.
Stack What You Need On Top of the Base Tier
Add-ons are named SKUs with published pricing — not custom line items. Your account team can model the monthly impact in minutes, not weeks.
On-Site Analyst (productized SKU)
$9,995/moDedicated on-site analyst pre-vetted to hospitality operations. $9,995/mo, 12-month minimum, 60-day reduction notice.
PCI Compliance Program
From $2,500/moQuarterly self-assessment, evidence collection, and audit support layered onto your tier. Premier includes baseline; this expands scope.
Guest Wi-Fi Operations
From $1,500/moGuest network design, captive portal, and ongoing operations integrated with PMS for room-based authentication.
Email Signature Management
From $3/user/moBranded property and corporate signatures across Microsoft 365 and Google Workspace.
Phishing Simulation & Training
From $4/user/moHospitality-tuned campaigns and risk-scored reporting — front desk, F&B, and management tracks.
Microsoft 365 + Endpoint Backup
From $5/user/moIndependent backup of Exchange, SharePoint, OneDrive, Teams, and endpoints with restore SLA.
Conditional Access Hardening
Fixed-bid projectPolicy redesign and enforcement pack — phishing-resistant MFA, device compliance, legacy auth shutdown.
Multi-Property Rollout
Fixed-bid + monthlyProperty-by-property onboarding plan, shared documentation, and centralized reporting across the portfolio.
Pricing is indicative. Exact rate depends on user count, license entitlement, and term. We will publish your add-on totals in the one-page proposal.
Beyond steady-state ops
Every managed services contract — ours and every reputable competitor's — carves out specific categories of work that sit outside the monthly rate. Here is exactly when you will see a separate quote. We disclose this before you sign so it is never a surprise.
New deployments and migrations
Property openings, PMS or POS go-lives, and platform migrations. Defined deliverable, defined start and finish — quoted before any equipment ships.
Typical examples
- ›New property openings (cabling, network design, AP density, structured wiring)
- ›PMS migrations and go-lives (Opera, Mews, Cloudbeds, StayNTouch, etc.)
- ›POS migrations (Toast, Aloha, Micros, Square, Lightspeed)
- ›Property acquisition and brand conversions
- ›M365 / Google Workspace tenant migrations and M&A merges
How it's priced
Fixed-bid against a written SOW, with milestone billing aligned to opening date or cutover. Includes vendor coordination as the project lead.
Major redesigns of an existing property
Re-architecting infrastructure that is already in production. Steady-state operation stays in MRR — the redesign is project work.
Typical examples
- ›Network re-segmentation (PCI/CDE isolation, guest/staff/IoT separation)
- ›Wi-Fi redesign for coverage, capacity, or new device classes
- ›Conditional Access overhaul on M365 or Workspace
- ›PMS or POS version upgrades requiring infra changes
- ›Email security gateway swap
How it's priced
Fixed-bid against a written SOW. Steady-state operation of the redesigned system returns to MRR.
Incident response beyond a defined runbook
Confirmed breach, ransomware, business email compromise, or anything that crosses into legal hold or PCI forensic investigation. Routine GSOC monitoring stays in MRR.
Typical examples
- ›Ransomware containment and recovery
- ›Business email compromise investigations
- ›PCI forensic investigations triggered by card-brand or processor
- ›Forensic image collection and chain-of-custody work
- ›Sustained P1 after-hours work outside the published SLA window
How it's priced
Hourly at published incident-response rates with a documented retainer option. P1 SLA response on routine outages stays in MRR.
Hardware, licenses, and third-party services
Anything we buy on your behalf or anything you buy yourself that we operate. PMS, POS, and hospitality SaaS stay on your direct vendor agreements; we coordinate them.
Typical examples
- ›Workstations, servers, switches, firewalls, access points
- ›Microsoft 365 and Google Workspace licenses (CSP)
- ›EDR licenses (CrowdStrike Falcon Pro or equivalent)
- ›Backup, phishing simulation, and DLP product subscriptions
- ›PMS, POS, and hospitality SaaS subscriptions (vendor-direct)
How it's priced
Pass-through at vendor MSRP. Hospitality SaaS subscriptions stay on your direct vendor agreements at no markup. BYOL fully supported.
On-site dispatch outside contracted scope
The On-Site Analyst SKU covers a property on a defined schedule. Work outside that schedule — second properties, openings, after-hours emergencies — is quoted up front.
Typical examples
- ›On-site work at a second or third property
- ›After-hours physical equipment swaps outside scheduled coverage
- ›Cabling pulls, structured wiring, AV installs
- ›Multi-property hardware refresh tours
- ›Specialty dispatch for vendor escort during go-live
How it's priced
Quoted as scheduled visits or via the On-Site Analyst SKU at $9,995/mo (12-month minimum). No surprise truck-roll fees.
PCI ROC and other compliance audits
Premier tier includes baseline PCI program operation. The audits and ROC support themselves are scoped projects — we partner with QSAs you choose, we are not the QSA.
Typical examples
- ›PCI ROC support and gap assessments
- ›PCI penetration testing coordination
- ›SOC 2 Type II readiness for hospitality groups with corporate-side audits
- ›IT due diligence for property acquisitions or sell-side
- ›Insurance-driven security control assessments
How it's priced
Fixed-bid against a written SOW. Day-to-day program operation lives in the PCI Compliance Program add-on; the audit work itself is project-scoped.
Hospitality is the vertical most allergic to surprise IT invoices — ownership groups want flat per-key or per-property numbers. We disclose every category that sits outside the per-user rate before you sign and quote each one as fixed-bid against our published advisory rate card (provided with proposals). The first time you see a separate invoice will never be the first time you hear about it.
Published, Contracted, Measured
Every tier is backed by the same SLA matrix — written into the agreement, reported on monthly, and enforced.
| Severity | Definition | Standard / Advanced | Premier / Enterprise |
|---|---|---|---|
| P1 — Critical | System down, loss of operations, security incident | 30 minutes | 15 minutes |
| P2 — High | Significant operational impact; could lead to outage or breach | 1 hour | 30 minutes |
| P3 — Moderate | Moderate loss of functionality | 4 hours | 2 hours |
| P4 — Low | Information / behavior notification | 8 hours | 4 hours |
| Service request | Non-incident standard request | 4 hours | 2 hours |
Tickets in "Awaiting Client Response" auto-close after 3 business days across all tiers.
A Predictable First 90 Days
Onboarding is a fixed scope with a fixed fee — one month of MRR. You see the project plan before you sign, not after.
Property discovery & access
- •On-site walkthrough; PMS, POS, network, and AV inventory
- •Tenant access, identity audit, license posture
- •Documented runbooks for the property and core systems
- •Onboarding fee billed: 1× monthly recurring revenue
Tooling, baseline & vendor integration
- •EDR deployed; GSOC pipelines connected
- •Patch and MFA posture set to baseline
- •PMS and POS vendor escalation paths documented and tested
- •First monthly business review with property leadership
Steady state, PCI & first QBR
- •Tier SLA in full effect
- •PCI scope confirmed and quarterly cadence locked
- •Documentation 100% complete and customer-accessible
- •First quarterly business review with ownership or GM
What This Looks Like in Production
Anonymized snapshots from current ICS clients. Logo case studies are released as clients approve them — these outcomes are verified in our reporting platform.
84% of tickets resolved in under 24 hours
312 tickets across the trailing 90 days, 1-hour median resolution. The on-site analyst handles guest-impacting incidents in real time; the GSOC handles identity, EDR, and after-hours.
196 tickets across the portfolio in 90 days
Single point of contact across properties; one monthly report instead of three. 68% of tickets closed inside 24 hours, 4.5-hour median. Vendor escalation (PMS, POS, ISP) consolidated through ICS.
62% of tickets resolved in under 24 hours
232 tickets across the trailing 90 days at a premium service tier. PCI evidence collection, PMS support, and Google Workspace IAM all included — the customer pays one per-user rate, not three vendor invoices.
Why ICS — Different from Hospitality-Only and Generalist MSPs
The MSP industry is consolidating. Most of the largest providers you will evaluate are private-equity-backed platforms that have acquired dozens of regional MSPs in the last three years. When you sign with one of those firms, you often inherit a brand change, a playbook change, and a billing system change inside 24 months. We do not work that way.
Founder-owned
We are not part of a private equity rollup. The vCIO who writes your roadmap is the same vCIO running your QBR three years from now.
Single brand, single playbook
Every client is delivered on the same platform with the same team structure. No acquired sub-brands, no inherited toolchains, no rebrand churn.
Published rate card
Our pricing, SLAs, and inclusions are on this page. You will not be quoted differently than the next buyer.
Measured monthly
Response times, ticket volumes, and resolution metrics are reported every month. The agreement and the dashboard match.
Hospitality IT — Frequently Asked Questions
Why is the hospitality per-user rate lower than corporate?+
Because hospitality is staffed differently. Front-of-house teams handle a meaningful share of basic technical incidents at the property — printer jams, kiosk wake-ups, simple POS resets — that an office manager would ticket to the MSP in a corporate environment. We model that into the rate. The trade-off is that in exchange for the lower per-user rate, the property owns local first-touch on routine issues; ICS owns escalation, security, vendor coordination, and the platform layer.
Do you include endpoint security (EDR) licenses in the per-user rate?+
No. EDR is a required component of the service, but the license is billed as a pass-through at vendor MSRP — typically CrowdStrike Falcon Pro or an equivalent business-grade EDR. We deploy, tune, and operate it as part of every tier. If you already have entitlement, BYOL is fine.
Are Microsoft 365 and Google Workspace administration charged separately?+
No. Day-to-day M365 and Google Workspace administration — user lifecycle, license assignment, mailbox/Teams/SharePoint admin, Drive admin, MFA, conditional access operation within current architecture — is included in the per-user rate. PMS, POS, and hospitality SaaS apps are vendor-coordinated, not vendor-developed; their licensing is pass-through or your direct relationship.
Do you support Google Workspace for hospitality?+
Yes — and a meaningful share of our hospitality book runs Google Workspace as the primary platform. ICS is a Google Cloud Partner. Workspace IAM, mobile management for property devices, and security operations are first-class on every Hospitality tier at the same per-user rate.
Do I have to switch my Microsoft CSP to ICS?+
On Hospitality IT, we follow the same posture as Managed IT: Microsoft CSP consolidation through ICS for Standard, Advanced, and Premier customers. This gives us licensing-level support escalation with Microsoft, single-pane invoicing, and same-day adjustments. If your group has a contractually committed CSP relationship, we will discuss the Co-Managed alternative.
What does the on-site analyst SKU actually cover?+
A dedicated on-site analyst, pre-vetted to hospitality operations, present at the property on a defined schedule. $9,995 per month, 12-month minimum, 60-day reduction notice after the minimum. The analyst handles physical-presence work — installs, walk-arounds, hardware swaps, AV troubleshooting, vendor escorts, and direct training for property staff.
Do you handle PCI compliance?+
Premier tier includes a baseline PCI compliance program — annual SAQ support, quarterly review, and remediation guidance. The PCI Compliance Program add-on expands that with monthly evidence collection, full audit support, and remediation project scoping. We do not perform QSA-level external audits; we partner with QSAs you choose.
How does multi-property rollout work?+
We use the Multi-Property Rollout add-on. Each property gets its own 90-day onboarding using the standard plan, but rollout is sequenced and shared documentation is built once. By the third property, onboarding compresses meaningfully because runbooks, vendor escalation paths, and reporting templates are reused. Ownership sees a single monthly report covering the entire portfolio.
When will I see fees on top of my monthly per-user rate?+
Six categories of work sit outside steady-state hospitality operations and are quoted separately: (1) new deployments and migrations — property openings, PMS/POS go-lives, brand conversions, (2) major redesigns of an existing property — network re-segmentation, Wi-Fi redesign, PMS version upgrades requiring infra changes, (3) incident response beyond a defined runbook — ransomware, BEC, PCI forensics, (4) hardware and license pass-throughs at vendor MSRP — with PMS, POS, and hospitality SaaS staying on your direct vendor agreements, (5) on-site dispatch outside the scheduled On-Site Analyst window, and (6) PCI ROC support and other compliance audits. We disclose all six in writing before you sign. Hospitality is the vertical most allergic to surprise IT invoices — ownership groups want flat numbers — so this list is published, not buried in fine print.
Hospitality IT, Without the Custom SOW
Tell us about the property — number of users, PMS, PCI scope. We will return a one-page proposal with the tier, the on-site decision, and the all-in monthly.