Finding the Best IT Managed Service Provider & 8 Questions to Ask Them
Here at CyberNINES, we work with a lot of IT Managed Service Providers and their clients helping them attain and maintain cybersecurity compliance. We've compiled a list of helpful questions to ask about your current or future IT Provider.
Does your MSP take the time to understand your business?
Your MSP should understand the needs of both your wider industry and your unique organization to determine the best strategy to develop the right managed solution for your company’s needs. Here are some other considerations:
- Is their help desk available at the times you need it? Make sure you can really get through. Test it!
- What is the escalation process and are you able to test this before signing any long-term contract?
Another way to look at this is, do you consider your MSP partnership as vital as the one you have with your attorney or insurance agent? There are no one-size-fits-all solutions in IT. Even companies with the same number of employees in the same industry can have completely different IT needs.
Does the MSP offer anything beyond managed IT services?
If they say yes, the scope of their business may lack the necessary focus and concentrated attention and dedication your company deserves. Ask them about it.
Does the MSP have a proactive approach that goes beyond break-fix services?
Forward-thinking MSPs utilize proactive remote monitoring to identify and prevent problems before a crisis situation causes downtime, data loss, or other disruptions.
Other questions to consider:
- Does the MSP take a proactive vs. reactive approach to manage your infrastructure?
- From a security perspective, how does your MSP manage your assets, patches, firewalls, anti-virus, and backup management?
- Additionally, does your MSP offer fully realized and tested disaster recovery plans that include regular on-site and off-site backups?
Does the MSP understand your regulatory compliance issues? Whether your company is regulated by ISO 27001, the National Institute of Standards and Technology (NIST), the Health Insurance Portability and Accountability Act (HIPAA), Cybersecurity Maturity Model Certification (CMMC), or others, make sure your MSP understands the controls and can provide documentation and show that they are helping your company meet the necessary controls. Ask to see their internal procedures such as Change Control, Incident Response, Backup and Recovery, and User Account Provisioning.
Does the MSP outsource any part of their support? While remote monitoring and services are great for identifying potential issues or problems, there will be times that your IT provider must be on-site for a fix or to audit an issue. Make sure these situations will be accounted for in your plan.
Is provider accountability written into the service level agreement (SLA)? You have the right to expect that your MSP will be held accountable if they don't meet the level of performance they promise. Ask how they will make good on any failures. Other questions to consider:
- Does this MSP offer a clear and comprehensive SLA?
- Does the SLA cover response times, service responsibilities, and recovery times?
- Does your MSP have a comprehensive set of policies and procedures that they use and measure themselves against?
Some specifics for an SLA:
- Scope of services
- Service goals
- Immediate response for emergencies in one to two hours
- Normal responses from four hours to one day
- Network availability or uptime
- Other agreed upon key performance indicators (KPIs)
- Enforcement — ability to cancel and/or monetary penalties for missing SLAs
- Customer responsibilities
- Legal language
Did you check the references? Current clients can help you determine if an MSP has experience in your industry or (at minimum) with businesses similar in size to your own. A company should be able to provide you with references, testimonials, and endorsements. Look for a provider who has been around for a while and has a solid reputation.
Does the MSP have experience managing multi-site locations remote-work, work from home, and hybrid work environments as well as traditional office workplaces? There’s a lot more to set an employee up to work remotely and reliably than just giving them a computer and having them plug into their home network. Given the paradigm shift brought on by the COVID-19 pandemic. It’s vital that the managed service provider you partner with has deep knowledge about the special challenges that remote work presents—especially when it comes to additional cybersecurity risks—and has a history of providing solid remote work and hybrid solutions. Ask for references on this metric if it is important to you.