VITI Security

Resources · FAQs

Frequently asked questions.

We've compiled the most common questions from clients to help you understand how VITI delivers secure, scalable, and compliant IT and cybersecurity work tailored for growing organizations across India and North America.

About VITI Security

What are VITI Security's primary services?
Two core service models: Fully Managed IT Services (we take full ownership of your IT operations - monitoring, infrastructure, end-user support, patching, security enforcement - for a predictable monthly fee) and Co-Managed IT Services (we extend your internal IT team by handling routine tasks, escalations, and specialized work). On the cybersecurity side: VAPT, compliance prep (SOC 2 / ISO 27001 / DPDP / HIPAA / PCI-DSS), incident response, ongoing posture management.
What size companies do you work with?
Sweet spot is 15 to 250 employees. Below 15, a per-seat MSP usually serves you fine. Above 250, you typically need an in-house IT lead with us as a security or specialty partner. We will tell you honestly if your problem is smaller or larger than our fit.
Do you work outside India?
Yes. About a third of our clients are in the United States. We also work with teams in the UK, EU, UAE, Singapore, and Australia. We invoice in your local currency (INR / USD / GBP / EUR) and accept Stripe, PayPal, and Razorpay.
How fast do you reply to new inquiries?
New inquiries get a human reply within one India business day, usually within four hours. Active incidents get a callback within one hour, day or night. No auto-replies, no SDR funnel.

Engagement and pricing

How are engagements priced?
Consultations are quote-based (priced per scope, not per hour). Software and hosting (Vexta, VICIdial) are off-the-shelf with published per-tier pricing. We send a fixed-price proposal within two business days of the scoping call - no hourly billing surprises.
Are there long-term contracts?
No mandatory long-term contracts. Vexta and VICIdial are pay-as-you-go (monthly tiers cancel any time). Consultation retainers are month-to-month by default; we offer 10% off for quarterly prepay and 15% off for annual.
Do you offer free assessments?
Within reason. A 30-minute scoping call is always free. A quick vulnerability sniff test against one URL is free. We do not do free audits that would normally cost the equivalent of USD 5k - that disrespects both our time and yours.
What payment methods do you accept?
Stripe (cards, ACH, SEPA), PayPal, and Razorpay (preferred for Indian clients - cards, UPI, netbanking, wallets). Wire transfers for engagements over the equivalent of USD 10k. Invoices in INR / USD / GBP / EUR. We do not take crypto.
Do you offer non-profit discounts?
Yes. Registered non-profits and NGOs get 30% off Vexta plans and managed IT retainers. Cybersecurity consulting for non-profits is priced at cost - typically 40-50% off the standard rate. Email us with your registration certificate.

Security and compliance

Which compliance frameworks do you cover?
SOC 2 Type I and II, ISO 27001:2022, DPDP Act 2023 (India), HIPAA (US healthcare), PCI-DSS, RBI Cyber Security Framework, SEBI guidelines, GDPR, FedRAMP-aligned controls. We do not issue certificates; you retain the accredited auditor of your choice.
Do you do the audit, or just the prep?
Just the prep - the heavy lift that makes the audit smooth. The certificate itself has to be signed by an accredited certification body or CPA firm. We do not issue certificates and have no commercial partnership, referral fee, or kickback arrangement with any certifying body. You pick the certifier; we sit alongside you during their fieldwork.
How do you handle our sensitive data?
Three layers: (1) NDAs and BAAs where applicable. (2) Engagement structure - we work in your environment via least-privilege access, not by data leaving your network. (3) We are happy to start with a tiny paid engagement so you can evaluate the work before any sensitive systems are touched.
What about data residency?
We can work entirely in your cloud (AWS / GCP / Azure) so data never leaves your region. For SOC operations where we ingest logs, we set up the SIEM in your region of choice. We do not require data to come to India.

VICIdial and dialer-specific questions

What is the ≤ 2 min VICIdial promise?
Our VICIdial Cloud images are pre-built and tested. Once you pick a tier, provisioning runs in under two minutes. Migrating an existing dialer takes longer (configuration import) but the new cluster itself is up fast.
What is the largest dialer you have run?
10,000 concurrent calls in production for an Indian collections BPO. Custom cluster of 8 nodes. The standard images comfortably handle 500-1,000 concurrent on a single server.
Can I migrate from another VICIdial host?
Yes. Standard migration: 4-8 hours of cutover work depending on data volume (agents, campaigns, lists, recordings). Fixed-price project alongside provisioning.

Question not answered here?

One paragraph by email or 30-minute scoping call. We reply personally.