System Care — Managed by Revitt
We run and host the systems your business depends on — and keep them patched, monitored, and defended. The stack you shipped last quarter is already drifting: dependencies flag CVEs every week, AI-assisted attackers scan every exposed endpoint within minutes of deploy, frameworks ship breaking changes, certificates expire. System Care is the ongoing engineering layer that keeps production — production. So your team doesn’t spend Friday night on a pager.
Hosting included · UK on-call · SLAs that mean something
Why System Care exists
Frontier models turn public CVEs into working exploits in hours, not months. Automated reconnaissance hits every new endpoint within minutes of deploy. Supply-chain attacks via npm, pip, and GitHub Actions are now routine. Systems that were “fine” in 2022 are structurally exposed in 2026.
Node LTS cycles, framework major versions, OAuth scope changes, deprecated APIs, TLS renewals. Something in your stack needs attention every single week. Miss one and something that worked yesterday breaks today.
Security groups, IAM roles, DNS records, storage buckets, build caches — every change is a chance for a silent misconfiguration. Drift compounds. The blast radius of an old firewall rule can be everything.
AI tools connected to internal systems can exfiltrate data, post to the wrong workspace, or execute unintended writes. This isn’t theoretical — it’s exactly the class of failure our MCPlexer product exists to contain.
Your engineers want to ship features. On-call, patching, and security response are a second full-time job that gets deprioritised until something catches fire. By then, the options are all bad.
What’s in the care package
System Care is a single monthly subscription. We run and host the servers your systems live on, and bundle in the engineering work that keeps them healthy, patched, and defended — not a menu of line items you have to opt into one by one.
Named engineer on rotation, not an inbox. Urgent production issues are acknowledged inside the SLA window, day or night, with a real human taking ownership through to resolution.
Written response and resolution targets by severity. Tracked on every ticket. Reported monthly. If we miss one, you see it before you ask.
We run the servers your systems depend on — DigitalOcean, AWS, Vercel, Supabase. Provisioning, scaling, cost monitoring, backup verification, disaster-recovery drills.
Weekly CVE scans. Runtime upgrades (Node, Python, Postgres). Framework migrations. Dependency bumps with tests. Emergency zero-day response when a critical advisory drops.
Firewall rules, IP allow-listing, WAF configuration, rate limiting, bot protection. Regular security group and IAM audits. Secrets rotation on a schedule — not when someone remembers.
SSO enforcement, access reviews when staff change roles or leave, credential rotation, signed audit logs for who did what when. Evidence for your customers’ security questionnaires is already in the drawer.
Uptime probes, error-rate dashboards, log retention, anomaly alerts routed to the right humans. You find out before your customers do — often before the symptom reaches the user.
Scheduled, encrypted backups with restore drills. RPO and RTO targets agreed in writing. Tested quarterly against a fresh environment, not “probably works”.
Certificate renewal, DNSSEC, email authentication (SPF, DKIM, DMARC), registrar security. The quiet stuff that only makes news when it breaks.
If AI coding tools or agent frameworks touch your production data, we scope them with MCPlexer — directory-scoped routing, deny-first access control, full audit trail. Agent blast radius contained by design.
Audit-ready records for your customers’ security questionnaires: access logs, change logs, backup records, patch history, incident timelines. Pre-assembled, not reconstructed under pressure.
Small changes, copy edits, config tweaks, and tuning as the system evolves — the work that’s too small for a project engagement but still needs doing. In scope without a change-order dance.
A single pane for invoices, tickets, maintenance reports, audit history, and open RFQs. Rolling out now — direct link goes here when live.
Exact scope — coverage hours, SLA tiers, included environments — is agreed in writing during onboarding.
How we take it on
One week. We map your systems, access, exposure, dependencies, backup posture, and current patch debt. You get a written risk register whether or not you sign on.
Two weeks. Provision monitoring, access, on-call rotas, and secrets vaulting. Rebuild any missing foundations — backups, logging, firewall baseline — so day-one care is real, not aspirational.
Ongoing. Monthly report. Quarterly review. Named engineers. Emergency line. No surprise invoices — just the thing you pay for, happening.
What the numbers look like
Zero
Downtime across managed customers this year
<4h
Urgent incident response target
24/7
Eyes on production for annual plans
100%
Customer satisfaction to date
We built System Care because our customers asked for it, not as a revenue line. The on-call rota is a real rota — named engineers, tested escalation paths, no answering service. When something breaks at 2am, someone human picks up.
Common questions
Ad-hoc support is reactive — you call, we quote, we fix. System Care is proactive: named responders, patching, monitoring, hardening, and incident response bundled into a monthly subscription. The goal is to prevent most of the emergencies ad-hoc support ends up cleaning up.
Book a System Care review. One week, fixed scope — you leave with a written risk register for your systems whether or not you sign on.