When your business needs to move beyond what you can DIY on your own, it might be time to start thinking about outsourcing your IT. Every company has a different set of needs and various levels of expertise that is needed. You should evaluate which outsourcing service is best for your organization to minimize risk and overhead.

This article will talk about the things to consider when evaluating a potential managed IT services provider (MSP) for your business. Going with an MSP is an important step in deciding to outsource or augment your IT needs and there are many things to consider with relationship to how it aligns with your business.

Before we go any further lets define what role does MSP perform?

MSP ROLE DEFINED

MSPs typically serve as the complete outsourced IT department. Many times, an MSP will work with top executives and the IT department to fill all IT Support roles from CIO to technicians on the ground.

For larger organizations that already have an IT team MSP might be used as an additional supplemental resource to provide higher tier tech support, to consult on project or act as an additional resource in handling day to day support. In situations with in house and outsourced IT providers its important to define those roles so everyone is clear of their direct responsibilities.

This brings me to my first point, ensure that the MSP has a detailed defined SLA or Service Level Agreement that outlines contractually what they are responsible for. This will ensure a ball is not dropped by either party when it comes to providing support.

FACTORS IN EVALUATING SERVICE PROVIDER

Its hard to judge an MSP based on claims alone. The first thing to do is to checkout the local reviews from Google, Facebook and Yelp. Its always a good idea to start there. However once you made it past this step the only thing you have to go off is the customer testimonials and the promise of great customer service from the MSP.

Once you have done the initial pre-screening, the first thing to look at is the MSP Service Level Agreement (SLA)

SERVICE LEVEL AGREEMENT (SLA)

Most MSP’s will have a Service Level Agreement. SLAs typically include:

An MSP’s SLA should outline the following:

  • What is included in the SLA? We’ll cover that shortly.
  • How to contact the MSP with a service request and steps to escalated that request.
  • Most MSPs will list their business hours, however its important to ensure that they are also available during holidays and weekends for emergencies or projects.
  • Your infrastructure level should generally be defined, for example outdated and unsupported hardware have to be brought to current standards in order for an MSP to provide effective support.
  • Defined the levels of support and what is covered under the contract.
  • Response and resolution times should be outlined in the SLA such as how quickly you’ll receive a response to your request for service and how quickly the MSP will resolve the issue.

SERVICE METRICS

Its hard to meet or exceed expectations when they are not measured. A good MSP will provide you with a minimum a quarterly report that will include the following:

  • Number of service requests
  • Outline of projects and or service that was performed
  • Number of tickets and how quickly they were resolved
  • Percent of service requests inside the SLA window

Ask your MSP what they do for reporting and updating you on where things stands with your systems.

PRODUCT AND SERVICE OFFERINGS

Generally an MSP will include network and system monitoring, help desk support, on site and remote support, anti virus along with other services that will vary from MSP to MSP and from packages offered.

At a minimum, your MSP should deliver the following services:

  • Network monitoring and management
  • Help desk with remote and on-site support
  • Management of Vendors (ISP, VOIP, O365, Software Etc.)
  • Backups and disaster recovery and planning
  • Anti-virus and threat detection and protection
  • Reporting of the system states and general system health for review.

Network monitoring and management

MSP will install remote agents on every workstation and server to monitor the health of the entire network and all devices connected to it. This monitoring software reports back to MSP at first signs of problems such as low disk space, unusual network traffic, system errors or unusually high temp or CPU usage. Proactive monitoring means that the MSP would get notified of the problem and would have technicians quickly resolve them before these issues would affect the end user.

Help desk with remote and on-site support

Read the SLA and ensure that the MSP does not include complicated pricing because its easy to get lost in it and pay more than you originally expected. Always go with the MSP that includes most of the services and won’t nickel and dime you every month. Also make sure the response times are similar between the level of support and that they fall in your acceptable time frame. Typically response to a ticket within an hour is considered good by industry standards. Most of the support can be performed remotely, however its important to make sure your MSP has on-site engineers available to work in the field and with short notice. During an emergency, you will be glad you did!

Management of Vendors (ISP, VOIP, O365, Software Etc.)

Ensure that your MSP is able and willing to work with various vendors on your behalf. Coordinating with ISP or telecom VOIP providers or managing your Office 365 should all be a part of the MSP umbrella they are responsible for. Ensuring that the MSP will work with your vendors will alleviate a lot of finger pointing and relieve a lot of middle man back and forth that typically occurs when there is a disconnect between the 2 providers.

Backups and disaster recovery and planning

Many providers include backup and disaster recovery with minimal service; however this is not the same as having a strategy to meet your business continuity requirements.  Ask for an outline of how they will recover your network if one or more sites are lost due to fire, flood or other natural disasters or if ransomware infects your entire network.

What are your RTO/RPO goals?

How quickly do you need to recover?  What’s the absolute latest you can afford to be down for a critical application or systems? Run some numbers based on your industry, business model and risk appetite.

How soon do you want your business back up in the event of a disaster or attack? Your MSP should ask these questions prior to developing a DR plan for your business.

Anti-virus and threat detection and protection

Threats can come from many places – employees, customers, business partners and third-party vendors.  Make sure your MSP understands your business enough to pin point where likely threats could occur and what steps should be taken to protect your systems. Most MSPs will install an Antivirus solution that integrates with their systems and allows them to easily manage your workstations.

Reporting of the system states and general system health for review.

Without receiving regular reports its hard to know exactly what goes on your network; if all systems are running as they should, if all updates are being done, if tickets are being answered etc. This is why regular reporting to the CFO/CEO or CIO is extremely important. This information not only helps you grade your MSP performance but also keeps everyone in the loop on what is currently going on and what changes need to happen.

PARTNER NOT AN IT GUY

Its important to find a partner that is not just there to fix problems as they occur, but to help support your company for growth.  Every MSP promises this, however be sure to go with those that actually want to understand your business, suggest improvements, suggest ways to streamline processes and offer services that would benefit your organization.

Ensure your MSP has a knowledge base and cross trains their employees so that its not just a single “IT guy” that holds all the keys to your organization’s IT.

CULTURE

This is often an overlooked fact, but culture of the MSP plays a huge role into how they support your organization. Do you want a large MSP with an 800 number you call and have different techs field your calls or do you better prefer a more personal approach from smaller MSP where they take the time to ensure high level of customer satisfaction vs hitting their quota for the day of answered trouble tickets.

LARGE VS SMALL

Finding a balance between an MSP large enough to handle your volume of tickets, but still small enough to provide quality customer service is a fine line. Are things like calling an engineer on their phone and having a quick chat with them while you are at Best Buy buying some equipment for the office important for you? Or is having your MSP talk to your vendors to get you better deals on your behalf something that is important to you?

Generally speaking that is the difference between large and smaller MSP. Smaller MSP generally take a more hands on approach and value customer service, while the larger MSP standardize everything and focus on primarily answering tickets and performing tasks that your organization requests. Most large MSPs have corporate policies that prevent personalized level of customer service as this is generally not a part of a metric they can quantify.

CYBER SECURITY

As we recently learned just because MSP is full of tech savvy people, doesn’t mean they are not vulnerable to cyber attacks. With recent attack on Kaseya remote management software used by MSP shows just how vulnerable MSP are and how important it is for them to safeguard their own systems as well as protect their customers. Ask your MSP the following questions:

  • What process does MSP use to hire new techs, do they perform background check on everyone they hire?
  • How is your company sensitive information such as passwords stored? Are they encrypted?
  • Who has access to your company’s sensitive information?
  • Is Multi Factor Authentication (MFA) used in order to sign into any systems of MSP that has sensitive information pertaining to your company?
  • Does your MSP encrypt every sensitive email they send to your organization?
  • Does the MSP perform regular security audits of their own systems to find gaps in their security

STRATEGIC PARTNER AND CONSULTANT

Your Managed Service Provider MSP should also act as your technology consultant in a role of CIO, virtual CIO, fractional CIO or just as an account manager.

What this means is the MSP should schedule regular meetings with the leaders to plan for future projects and discuss the company vision. Ask probing questions to ensure your MSP will function in this capacity for your organization.

FINAL THOUGHT

Although it could be challenging to determine the proper fit for an MSP that aligns best with your organizational structure and needs using the above information should make that decision a little easier. Going with your gut feeling is always the best approach at the end of the day. Do your homework and ask proper questions!