As a company that assists clients with many IT-based solutions, including IT best practices (e.g. ITIL) and cybersecurity, Solutions3 is often contracted to assess the current state of an organization’s IT capabilities.
One common request is to assist the client in the selection of, and migration to, an MSP (managed service provider). This has generated a number of consistent concerns that, if resolved, would make the selection process much more effective. First and foremost, the correct questions are typically not being asked, both of the client itself and of the potential MSP. It is also apparent that SMBs (small & midsized businesses) that currently utilize MSPs are often significantly underserved.
Lastly, the concepts of accountability, agreed-upon service levels and regular reporting are rarely discussed, and even avoided. While these concerns do not apply in all cases, it is important to keep them in mind when considering an MSP for your own business.
Questions to ask yourself & your leadership team
1. Is my business large enough to support an MSP? MSPs typically charge a minimum fee per month. Your company must be large enough to commit to this minimum.
2. Is my business small enough to need an MSP? Most SMB IT staffs do not have the breadth and depth of skills necessary to manage all of the aspects of IT, from typical break-fix, to cybersecurity and proactive management.
3. Does my current IT staff/provider have the skills required to cover my specific IT needs? SMBs typically require IT skills in the following areas: networking, cybersecurity, MS Windows Server, MS Exchange, MS Office or Office365, Active Directory, Project Management, knowledge of business-specific applications, mobility, and others.
4. Has budget been allocated? There must be a means to pay for MSP services. Be sure a budget has been allocated for your IT needs.
Before engaging with a potential MSP
Once the decision has been made to move to an MSP, be sure to prepare the following prior to any detailed conversation:
• Identify all IT assets along with the level of management required for each
• Group IT assets into types, such as:
o Servers, desktops, laptops
o Printers, scanners, monitors
o Smartphones, tablets
o Network devices, such as routers, switches, firewalls
• Categorize IT assets with respect to business impact, such as business critical, major, minor, minimal, none
• Determine the level of O&M (operations & maintenance) required per asset
• Be prepared to discuss management vs. monitoring vs. O&M
• Be prepared to discuss cybersecurity needs and concerns
• Be prepared to discuss typical move/add/change requests
Questions to ask a managed service provider candidate
When meeting with an MSP candidate, ask many questions. Among them, be sure to include the following:
1. What is the size of their technical staff? What are their areas of expertise, levels of certification and staffing levels for 24x7x365 (or 8x5x52)?
2. What level of proactive monitoring & management will be provided (down to the metrics per device) and which vendor tools will they be using?
3. What are the hourly rates for onsite work, remote support, 4-hour or 24-hour turnaround requests and normal scheduled maintenance?
4. What type of Help Desk support will be provided and are they using an industry accepted best practice, such as ITIL (IT Infrastructure Library)?
5. What tools will be used for Backup & Recovery and do they periodically validate the recovery process?
6. What constitutes an “Acceptable Level of Service” and what is our recourse if this acceptable level of service is not being met?
7. How often will the Security Endpoint Protection software be updated and tested?
8. How do they stay current on the latest security threats, risks and/or vulnerabilities and how will they respond to a security breach?
9. What level of Service Reporting will they be providing on a monthly, quarterly and yearly basis?
10. What is the expectation for Continual Service Improvement and service improvement recommendations?
This is by no means an extensive list of questions that should be asked but it is a common list of questions and concerns that often do not get addressed. Obtaining answers to these questions will help clearly set expectations, both for the client and for the service provider. By setting those expectations and understanding the agreed-upon services, conflicts and mishaps can be minimized.
Mike Battistella is the President of Solutions3 LLC, an IT Management Company focusing on cyber security management, network & systems management, IT service management, critical notification management and technical & soft skill training.