Managed technology service providers have become the model of choice for most small and medium-sized businesses driven by digital transformation, cloud adoption, and the talent shortage for expert IT and cybersecurity resources. If you are considering adopting this model for the first time or making a change in managed service providers, be sure you are making an informed and strategic choice; it's a business where capabilities, expertise, and services vary widely. Whether you have a dedicated IT team on staff who could benefit from supplemental support and expertise, or your business needs a technology and cybersecurity service provider focused on advancing your business and security maturity, it is critically important to ask the right questions when selecting an IT partner. Carefully selecting a Managed Service Provider (MSP) is as important as choosing a reputable accountant or lawyer who will best serve your needs and add strategic value to your organization. Here are 7 questions to ask potential managed service providers to ensure you get the best return on your investment (ROI).
With that in mind, here are seven (7) great questions we have been asked and that you should pose to any IT services company at the top of your consideration list.
1. ASK THE MANAGED SERVICE PROVIDER'S CURRENT CUSTOMERS HOW THINGS ARE GOING.
A current client is the best place to begin to determine what it is like to work with a particular MSP, as they can provide independent first-hand feedback and insights based on their experience – and they are likely facing the same challenges you are in their business. Ask them to rate the service and responsiveness of the business representatives and day-to-day engineers they've been working with. Specifically, ask the MSP's clients:
- How satisfied are they overall?
- Are the solutions that the MSP recommended the right ones for their organization?
- If something isn’t working, how is the MSP responding?
- How is the MSP helping to increase long-term cyber maturity?
- How are they helping to implement and manage internal cybersecurity policies and practices?
Ask for clients matching your size, industry, or IT needs. Look at the MSP’s website to review client testimonials and case studies.
2. HOW DOES THE MSP SUPPORT NEW PRODUCTS AND MAINTAIN VENDOR RELATIONSHIPS?
A key component for any MSP is their commitment to the products and solutions they sell and the vendors they partner with.
If you are going to make investments based on your IT service partner's recommendations, make sure they are utilizing a portfolio of high-integrity partners and providers that will meet your business needs. In addition, ask if their employees are continually trained and certified on each product (one of the most important questions to ask a potential managed service provider). Your MSP’s ability to properly configure and support each product impacts the solution's effectiveness, equating to productivity and efficiency for you.
3. WHAT IS THE LEVEL OF KNOWLEDGE AND RESPONSIVENESS OF THE MANAGED SERVICE PROVIDER'S HELP DESK SUPPORT?
If your company is interested in Help Desk services, understand how the potential MSP manages incoming calls:
- Are tickets priority-based or managed on a 'first-come, first-served’ basis?
- How quickly does the Help Desk respond to calls?
- What is their escalation process?
- What are their customer satisfaction rates?
- What type of training do service representatives receive, and how often?
Understand that when your employees have IT issues, the level of responsiveness from competent and knowledgeable representatives impacts business productivity. You should look for a Help Desk that cares equally about each and every interaction, offering deep technical skills delivered by a friendly, patient team with solid communications skills.
4. HOW RELIABLY DOES THE MSP RESPOND TO BUSINESS DISRUPTION OR SECURITY EVENTS?
When your business experiences a disruption or, worse, a data breach, how would the potential MSP respond? Do they have solutions in place to:
- Equip you with defenses that protect your business against modern cybercriminals?
- Monitor and immediately respond to threats on your network?
- Prepare your company to continue business operations despite an unexpected incident?
- Work with you to create policies and plans that guide and protect your business?
- Provide guaranteed response times, as well as weekend and holiday coverage?
It’s common for criminals to launch attacks on weekends and holidays when it’s more likely that IT staff is limited or unavailable. When your business' reputation is at stake, and your clients are affected, you must trust that your MSP partner will engage immediately and handle any critical cyber situations that arise.
5. DOES THE MSP CONDUCT REGULAR EXECUTIVE BUSINESS REVIEWS?
Executive Business Reviews (EBRs)—sometimes referred to as Quarterly Business Reviews (QBRs)—are macro-level strategic conversations about the direction of your business and its supporting technology. As more clients, partners, insurers, and regulators increase security requirements, your MSP must help you move towards satisfying these standards and continuously increase your cybersecurity maturity.
These reviews will help you understand your IT risks and how they align with your company's goals and budget. To be effective, they should include your executive team and, depending on your needs, technology subject matter experts, security and compliance specialists, and other knowledgeable stakeholders. As your trusted IT advisor, your MSP should not only support your current business initiatives but also be looking ahead to help move your organization to a deeper level of operational maturity.
After an EBR, you will have insight into how well your IT technology and processes align with your business goals and industry best practices and recommendations on how to increase your cybersecurity maturity. You can also expect visibility into your IT costs, the state of your network, and its supporting resources.
6. IS THE MANAGED SERVICE PROVIDER SELLING FROM A SCRIPT OR OFFERING SOLUTIONS BASED ON YOUR BUSINESS NEEDS?
You need an MSP who understands your business and goals to ensure the technologies they recommend result in the business outcomes you desire. Your IT partner should move your business forward, not hold it back with outdated products and processes. Here’s what to look for:
- Does the MSP conduct thorough assessments to identify potential technology and security gaps within your business? Do they have the ability to remediate vulnerabilities?
- If you're a compliance-based company, do they understand HIPAA, GLBA, PCI, CMMC, or other regulatory requirements?
- Do they understand how to develop information technology plans that align with and support your business strategy?
Experienced Managed Service Providers know every business is different and can address the unique needs of each client. Look for a partner that has experience not only in your industry but other similar industries. An MSP with cross-industry intelligence has broader expertise, able to introduce your organization to new concepts and innovations based on their work with other industries.
7. HOW STRONG IS THE MSP’s OWN SECURITY? DO THEY PERFORM AN ANNUAL SOC 2 EXAMINATION? DO THEY ALIGN WITH INDUSTRY STANDARDS?
This is one of the most crucial questions to ask managed service providers. In 2022, there were 40% more supply chain security attacks than malware attacks. Your MSP will have deep access to your network, so it’s crucial that they, themselves, have strong security and a plan to continuously improve their security to stay ahead of cybercriminals.
Your MSP should have an annual SOC 2 audit to validate its security. SOC 2 is a standard from the American Institute of CPAs (AICPA) that examines a company’s information security controls to help ensure the security, availability, processing integrity, confidentiality, and privacy of their clients’ data. If the MSP you're evaluating is committed to an annual SOC 2 examination, you can be confident the organization can be trusted to securely manage your critical data and assets.
In addition, your MSP should also align with a standard industry framework such as the NIST CSF to measure their current security maturity and track long-range, continuous improvements to their cybersecurity posture. This will reduce your risk of a supply chain breach and ensure that your MSP is poised to combat today’s evolving cyberthreats.
We hope you found this information helpful! These 7 questions to ask managed service providers should help you identify which MSP is the right partner for your business. Please contact us if you have any questions, or we can help you think through this process.
For over 35 years, Systems Engineering has successfully navigated the evolving technology landscape providing small and medium-sized organizations with right-sized IT services that enable them to move their businesses forward securely. Learn how Systems Engineering can do the same for you at systemsengineering.com.