How to Choose a Managed IT Provider: 15 Questions to Ask
Choosing a managed IT provider (MSP) is one of the most important technology decisions your business will make. The right MSP becomes a strategic partner; the wrong one becomes a source of frustration. Here are 15 questions to ask before signing a contract.
Operations & Support:
1. What are your SLA response times?
Get specific numbers. "We respond quickly" is not an SLA. Look for: Critical (business-down) under 1 hour, High priority under 4 hours, Standard under 8 hours. Ask about resolution time targets, not just response times.
2. How do you handle after-hours emergencies?
Is 24/7 support included or an add-on? Do they have on-call engineers, or does a voicemail get checked the next morning? Ask for their after-hours escalation procedure in writing.
3. What RMM platform do you use?
The RMM (Remote Monitoring and Management) tool is the backbone of managed IT. Look for established platforms like ConnectWise, Datto, or NinjaOne. Ask how many agents they deploy and how they handle alerts.
4. How do you handle on-site support?
Remote resolution is efficient, but some issues need hands-on attention. Ask about on-site response times, whether on-site visits are included or billed separately, and their geographic coverage area.
5. What is your client-to-technician ratio?
A ratio above 150:1 means your issues wait in a long queue. Good MSPs maintain 75-100 users per technician. Ask specifically — vague answers mean high ratios.
Security & Compliance:
6. What endpoint security solution do you deploy?
Look for EDR (Endpoint Detection and Response), not just basic antivirus. Ask about the specific product (SentinelOne, CrowdStrike, Microsoft Defender for Endpoint) and whether 24/7 monitoring is included.
7. Do you support compliance frameworks?
If you need HIPAA, PCI DSS, SOC 2, or NIST compliance, ask for evidence — not just claims. Do they provide compliance reports? Have they been through audits? Can they name healthcare or financial clients they support?
8. How do you handle security incidents?
Ask for their incident response procedure. How quickly do they contain threats? Do they provide incident reports? Have they handled ransomware recovery?
Business Relationship:
9. What does your onboarding process look like?
Good MSPs have a structured 2-4 week onboarding that includes network documentation, agent deployment, baseline establishment, and knowledge transfer. If they say "we just install our tools and you're good to go," run.
10. What reporting do you provide?
Ask for sample reports. Look for: uptime statistics, ticket volume and resolution times, security events, patch compliance, and executive summaries. Monthly reports should be standard; real-time dashboards are better.
11. What is your minimum contract term?
Standard is 12-24 months. Month-to-month is rare and usually more expensive. Ask about early termination penalties and what happens to your data and documentation if you leave.
12. Can I see references from similar businesses?
Ask for 3 references from businesses similar in size, industry, and IT complexity. Actually call them. Ask about responsiveness, technical competence, and proactive vs. reactive behavior.
Technical Capabilities:
13. Do you handle network infrastructure?
Some MSPs only manage endpoints (workstations/servers) and outsource network infrastructure. If you need switches, firewalls, wireless, and cabling managed, confirm this is in-house capability.
14. What is your backup and disaster recovery approach?
Ask about backup frequency, retention periods, RPO/RTO targets, and whether they test restores regularly. "We back everything up" is not a strategy.
15. How do you handle vendor management?
A good MSP manages your ISP, phone provider, and other IT vendor relationships. They should open tickets, track issues, and escalate on your behalf.
Red Flags:
- No written SLA - No onboarding process - Can not name their RMM or EDR platform - No references available - "We handle everything" without specifics - Per-device pricing without clear seat definition - No security certifications or compliance experience
Summit DNC provides managed IT services for businesses across Southern California with transparent SLAs, named-tool stacks, and structured onboarding. Contact us for a consultation.
Related Services
Related Comparisons
Industries We Serve
Related Articles
Managed IT vs. Break-Fix: Which Model Is Right for Your Business?
Compare managed IT services to break-fix support — cost analysis, response times, and which model fits different business sizes.
Managed ITWhat Is Remote Monitoring & Management (RMM)? A Business Owner's Guide
RMM software lets IT teams monitor, patch, and manage your entire network remotely. Learn how it works and why it matters for your business.
Managed ITNetwork Assessment Checklist for Small & Medium Businesses
Use this 50-point checklist to evaluate your business network. Identify vulnerabilities, performance issues, and upgrade opportunities.
Need Help With Your Infrastructure Project?
Summit DNC designs and deploys the systems covered in this article. Contact us for a free consultation.