5 Things Your Managed IT Services Provider Needs to Do Before You Hire Them

Here’s a dirty little secret about most IT managed services providers (MSPs): The more complicated they can make technology seem, the more solutions they can sell you.

But the fact of the matter is, many small to mid-sized businesses have very similar needs. They want their technology to work. They want strong security measures in place. And should a hack or cyber security incident occur, they want someone to fix it as quickly as possible.

If you’re looking to partner with an MSP, it can be hard to judge just how effective a provider will be. In IT, talking a big game is par for the course. But there are, at base level, a list of things that any MSP worth its salt should be able to do for you — five of them, in fact. 

1. They need to put your business first

Too often, MSPs want to focus on your technology — what application you use, what security you have in place, the age of your equipment, and so on. 

These are all important areas of focus, but that’s not what’s most important to you as a CEO. You want to worry less about technology and more about how the tech you’ve invested in helps you achieve your business goals.

A great MSP to partner with will start by learning all about your business, your people, and your story. They will hopefully have experience with similar companies in your industry and are able to use that experience to provide you with a custom IT solution that best meets your needs.

So as you shop around for an MSP, make sure to ask prospective partners these questions:


What do you need to know about my business to know that we’re a good fit for your services?

What size companies do you usually like to work with?

Do you have client concentrations in any core industries?

What are the typical security and compliance requirements you regularly see in our industry?

2. They need to offer a comprehensive assessment

Many MSPs will offer two to three levels of services packaged together into some variation of silver, gold, or platinum. These packages are out-of-the-box solutions that don’t often meet your company’s needs.

It’s also common for MSPs to give you detailed pricing information before they know anything about your business and your systems. When that happens, consider it a major red flag. No MSP can accurately price their services for your business without first assessing risk the way an insurance company would.

And because most businesses don’t have internal IT management and cyber security, it’s unlikely that you’ll truly understand what you’re buying from an MSP until you’re too far down the road to easily make a change. 

That’s when a “bait and switch” often happens, where the MSP has signed you up for a plan at a low price point, then steadily increases your costs while telling you the work is much more complicated than anticipated.

Given all this, it’s super important that any MSP you hire begins with a comprehensive assessment of your entire operation. They need to learn about your business, talk to your people, carefully inspect your systems, and audit your IT assets before they provide you with an IT roadmap and budget.

Questions you should ask:


How can you provide accurate pricing information without knowing anything about my business or IT systems?

What is the process you follow to learn about our IT systems in-depth?

How often does your service offering and pricing need to change after you’ve onboarded a new client?

What is your client retention rate on an annualized basis over the past three years?

Can you provide me with references for clients you’ve recently onboarded?

3. They need to have a security-focused approach to IT management

Security requirements are one of the main reasons small to mid-sized companies partner with an MSP.

No business is too small to be safe from hackers, and with data now a critical resource in nearly every industry, there’s no such thing as below-average security needs.

Any MSP you consider partnering with should have a thorough list of questions to answer during their assessment (which, again, they should also do) to ensure all their security systems can comply with your unique needs. 

À la carte security offerings are far too common in our industry, and they usually miss the mark since they’re too slow to respond to the fast-changing threat landscape. That’s why top-tier MSPs offer specific security levels in combination with a comprehensive suite of software and services that can be customized as needed.

Questions you should ask:


What level of IT security do most of your clients have?

How do you monitor for and report on security situations for your clients?

How do you assess a prospective client’s current IT security and needs during the evaluation process?

What different security levels and packages do you offer with your services?

4. They need to ask all the right compliance questions

Compliance is a complex knot of regulations that often change at the whim of governments and other entities. 

Sometimes, maintaining compliance is as easy as having cyber insurance and keeping up with your industry’s best practices. Other times, it’s driven by a specific business requirement, such as being a Microsoft, Amazon, Apple, or Google vendor, or being the recipient of a grant from a large foundation.

Some companies also have specific legal compliance requirements they need to follow like HIPAA for healthcare, CMMC for defense contracting, or PCI for payment processing. 

All of this makes it critically important for a prospective MSP to dig deep into your company’s compliance needs so they can engineer IT solutions that meet those needs right from the jump.

Questions you should ask:

• • How many of your clients have cyber insurance?
  • How frequently are you receiving and reviewing the latest cyber insurance applications?
  • Do any of your clients have cyber security requirements driven by a key client such as Amazon, Apple, Google, or Microsoft?
  • Do any of your clients have specific legal compliance requirements like HIPAA, CMMC, or PCI?
  • Do you have a third-party certification for compliance that you offer as a benefit to your clients?
  • How do you keep track of your clients’ compliance requirements and ensure your team consistently meets them?
  • Do you have any high profile businesses that you serve? How do you ensure your employees keep client information confidential?

5. They need to create a true partnership with your people

The best MSPs work closely with multiple levels of a company to understand needs and workflows.

At Dynamic Computing, each of our clients gets a primary technician for handling day-to-day IT needs so their people have a name and a face they can reach out to —  a single point of contact that is always available and who understands how various employees and departments operate.

We also conduct recurring monthly calls with each of our clients, as well as bi-annual or quarterly strategic IT review meetings. This lets us review things like processes, reporting, and upcoming budget needs so there are no surprises.

Questions you should ask:

• • Who at your company would my team primarily work with?
  • When we call into the help desk for support, will we get a different person every time?
  • How often do your key managers meet with me and my team?
  • How often do you provide strategic IT reviews, and what’s included in them?
  • Can you show me a sample of a recent strategic IT review?

This post was originally published on April 29, 2019. It was updated on February 27, 2024 to add additional details and make edits for relevance and accuracy.