3 Common Approaches to Selecting a Managed Services Provider
Hiring a Managed Services Provider (MSP) is a significant decision. Most businesses take one of three approaches when choosing an MSP:
- Send out a “Request for Proposal” (RFP) to multiple MSPs in the area, assemble a team to evaluate the responses, and make a group decision on which IT provider is the best fit.
- Designate one person to perform the legwork of contacting multiple MSPs for quotes, then attempt to make apples-to-apples comparisons between them so an executive decision can be made on who to choose.
- Leadership has already identified an MSP they want to work with, often due to a personal or professional connection, then source additional quotes to confirm that the preferred MSP is reasonably within range of the competition before making the pre-ordained selection.
These are each perfectly valid approaches to selecting an MSP, as each follows a business process that the business is comfortable and familiar with. Each of these options can be further tailored to fit the organization’s specific business needs and internal procedures. By following an accepted process, you can guarantee a favorable reception by members of the company who weren’t involved in making the decision.
In our 25 years, Net Friends has received thousands of engagements that follow some variation of these three approaches. We’ve made many successful partnerships with customers who use any one of these approaches. This article is not a critique or criticism of any selection process, nor do we want to state any preference.
However, there are a few essential decision-making factors that are often omitted from the MSP selection process. In our experience, the following evaluation criteria are far better indicators for a successful business relationship. The suggestions below can help any customer seeking to outsource their IT support to not only find the optimal fit for their organization, but also to start out on the best possible footing.
Top 6 Considerations When Choosing an MSP
#1 — Ask to meet your future support team.
Choosing a Managed Services Provider whose support team meets your overall needs is one of the most important aspects to consider. As much as the sales process of any organization is a good indicator of their overall maturity and focus on you as a customer, once you sign on the dotted line you are going to be handed off to operational support staff when your sale concludes.
It is well within your right to ask to meet with your future Account Manager or Customer Success Manager, as well as a couple of technicians who are most likely to work directly with you.
How well do you connect with your future account manager? Can you see yourself working with your future operational team? Consider asking them to describe something technical, like cloud-based authentication, in layman's terms to see if they can avoid jargon and readily connect with you. Indirectly, you are also testing to see if these folks have enough spare capacity in their schedule to make time for you. We suggest that this be a late-stage part of your selection process when you’ve shortlisted two or three prospective MSPs.
#2 — Ask about HR details and best practices.
When you hire a Managed Services Provider, you are selecting a combination of technology, process, and people under a single umbrella. Make sure you fully assess the company culture and HR processes that those people at the MSP are operating within.
- What is the average turnover rate?
- What is the average tenure of your technicians?
- How do you select and train new tech talent?
- How does your company train and upskill your staff?
- How do you train and support your managers specifically?
- Does everyone in your organization go through background checks?
- Does everyone sign confidentiality agreements to ensure sensitive customer data is protected (don’t be shy asking for a copy!)?
#3 — Ask about cybersecurity insurance.
The insurance industry does a reasonably good job of ensuring that a core set of standards are met before they will underwrite a policy for any business. Obtaining cybersecurity insurance has become more stringent in the past few years, and many IT providers are finding that they are unable to maintain insurance because of the robust requirements. Ask for proof of insurance and gain a commitment from the Managed Services Provider that they will maintain this level of coverage or greater throughout the duration of your agreement.
#4 — Ask about their core tools.
Many customers are hesitant to delve too deeply into how another company runs their business, but for an outsourced IT infrastructure service provider, you absolutely should. You need to ask about their Professional Services Automation (PSA) platform and Remote Monitoring and Management (RMM) tools, including how long they have been using them.
The PSA tool is the ticketing system, and reflects the maturation of service quality for an MSP. Knowing what tool they use and how long they've been using it can indicate whether they are working within an optimal framework to track and respond to your requests.
Take 5 minutes to do some googling and read reviews of that tool to get a sense of whether it’s a best-of-breed system. Similarly, the RMM tools are going to be essential to the IT support delivery, and these will be installed within your organization. Make sure you perform similar due diligence and review those tools.
#5 — Ask about their security controls.
IT service providers need to be fully aware of ever-evolving cybersecurity threats. How are they prioritizing protecting their own business? A great way to determine this is to ask what security control framework they have in place, such as ISO 27001 (this is Net Friends’ security control framework), NIST 800-53, NIST CSF, COBIT 5, or others. It’s not important which framework is in place, just that there is one.
Ask how they chose which framework and how long they have used it, as this will also give you a sense of whether their security controls reflect just a surface-level or a deep commitment in their business.
Ask to see proof of their Information Security Policies and their Incident Response Plan for how they would respond to a cyber security incident. If they are audited by a third party, like a SOC 2 Type II audit, then you can ask for a copy of the report as all this information will be detailed there and validated by an independent auditor.
#6 — Ask about ownership.
One of the most disruptive shifts that can happen to your relationship with an MSP is an acquisition. If the existing MSP owners intend to sell their business, this will create uncertainty for staff and likely result in significant changes in tools, processes, and priorities that create inevitable degradations in service delivery. As a customer you should make inquiries about whether the current owners are likely to remain in place for the next 3 or more years.
Similarly, owners who are in an acquisition mindset are often distracted by assessing other businesses they intend to purchase and integrate with, which often means that the top priority for the leadership team is not on optimizing customer service delivery to benefit you.
If you dig deeper into these topics, you will get a much better sense of the technologies, business processes, and people that you will be working with for the next several years. You need to know that the MSP you choose will be there with you and adapt to changes and challenges with resiliency. The insights you will gain from these inquiries will help you more fully differentiate the IT service providers you are considering, as well as increase your confidence in your decision.
Originally Published: July 29, 2022
Updated: September 8, 2023