Here at CyberNINES, we work with a lot of IT Managed Service Providers and their clients helping them attain and maintain cybersecurity compliance. We've compiled a list of helpful questions to ask about your current or future IT Provider.
Does your MSP take the time to understand your business?
Your MSP should understand the needs of both your wider industry and your unique organization to determine the best strategy to develop the right managed solution for your company’s needs. Here are some other considerations:
Another way to look at this is, do you consider your MSP partnership as vital as the one you have with your attorney or insurance agent? There are no one-size-fits-all solutions in IT. Even companies with the same number of employees in the same industry can have completely different IT needs.
Does the MSP offer anything beyond managed IT services?
If they say yes, the scope of their business may lack the necessary focus and concentrated attention and dedication your company deserves. Ask them about it.
Does the MSP have a proactive approach that goes beyond break-fix services?
Forward-thinking MSPs utilize proactive remote monitoring to identify and prevent problems before a crisis situation causes downtime, data loss, or other disruptions.
Other questions to consider:
Does the MSP understand your regulatory compliance issues? Whether your company is regulated by ISO 27001, the National Institute of Standards and Technology (NIST), the Health Insurance Portability and Accountability Act (HIPAA), Cybersecurity Maturity Model Certification (CMMC), or others, make sure your MSP understands the controls and can provide documentation and show that they are helping your company meet the necessary controls. Ask to see their internal procedures such as Change Control, Incident Response, Backup and Recovery, and User Account Provisioning.
Does the MSP outsource any part of their support? While remote monitoring and services are great for identifying potential issues or problems, there will be times that your IT provider must be on-site for a fix or to audit an issue. Make sure these situations will be accounted for in your plan.
Is provider accountability written into the service level agreement (SLA)? You have the right to expect that your MSP will be held accountable if they don't meet the level of performance they promise. Ask how they will make good on any failures. Other questions to consider:
Did you check the references? Current clients can help you determine if an MSP has experience in your industry or (at minimum) with businesses similar in size to your own. A company should be able to provide you with references, testimonials, and endorsements. Look for a provider who has been around for a while and has a solid reputation.
Does the MSP have experience managing multi-site locations remote-work, work from home, and hybrid work environments as well as traditional office workplaces? There’s a lot more to set an employee up to work remotely and reliably than just giving them a computer and having them plug into their home network. Given the paradigm shift brought on by the COVID-19 pandemic. It’s vital that the managed service provider you partner with has deep knowledge about the special challenges that remote work presents—especially when it comes to additional cybersecurity risks—and has a history of providing solid remote work and hybrid solutions. Ask for references on this metric if it is important to you.