It’s time to explore eight critical considerations for choosing a managed service provider.
A few alarming findings from the Ponemon Institute help illustrate the importance of finding the right MSP:
- The 2020 average data breach cost in the United States is $8.64M.
- The average cost of a complete data center outage has increased by 30% since 2010.
- Two hundred eighty-two days is the average time to identify and contain a data breach.
- 52% of all attacks are malicious.
The risk and cost of doing business these days are insane. Managed IT used to be all about productivity and efficiency. Both are valid, but today’s MSP is a security company.
The following guide will lighten your burden and shed light on considerations that will help you find the right fit, lower your risk, and keep your team focused on what’s most important.
We emphasize several contract details because this legal minutia is frequently overlooked.
Feel free to devour every one of the eight critical considerations for choosing a managed service provider or jump to specific sections that most interest you.
- Responsive Service
- Technology Standards
- Professionalism and Service Class
- Ownership Structure and Financial Stability
- Open and Honest Pricing
- Agreements and Auto-Renewals
- Contracts and Annual Price Increases
- Early Termination Penalties
Managed Service Provider Consideration #1 – Responsive Service
Small and midsized businesses (“SMBs”) are obsessed with response times. ‘How responsive are you?’ has become one of the most popular questions you can ask a prospective MSP.
I’ve been in this industry since 2003 and have met countless organizations left high and dry in times of crisis. Managed IT services for SMBs is a relatively new industry.
Responsive service is not an accident or a function of muscle memory—timely engagement results from several variables combined to create resilient IT environments.
First and foremost, your MSP should be your technology advisor or virtual Chief Information Officer (“vCIO”). This person is your digital estate’s architect, asset manager, and quarterback. When they’re successful, all moving parts – bits, bytes, speeds, and feeds – perform at a higher level. And the end result is enhanced responsiveness.
This pivotal consulting role comes in two basic packages: basic and advanced. Basic vCIO is typically included in your fixed fee plan and bundled with account management if you are fortunate enough to have a dedicated contact who does both.
Advanced vCIO carries additional charges that coincide with their expanded responsibilities, including project management of office moves, work from home migrations, due diligence for M&A, compliance audits, etc.
vCIO engagement is the primary ingredient that lowers the likelihood that your IT systems and users will require fire-drill intervention. So they help reframe the need for clients to worry about responsiveness.
The big problems get eliminated before they happen. By implementing Backup and Disaster Recovery Solutions and delivering Cybersecurity Awareness Training, the vCIO promotes business continuity and helps you avoid workflow-busting manual intervention.
The provider and the client can better unite around Service Level Targets (and expectations) prioritized by severity – P1, P2, P3, P4 – to deliver maximum business value and organic responsiveness.
Managed Service Provider Consideration #2 – Technology Standards
I’ll tell you a little secret: leveraging business systems built on standards is ground zero for powerful, responsive IT environments.
Every laptop, docking station, wireless mouse, keyboard, monitor, and peripheral is integral to your digital architecture. Each component matters because all moving parts must play well together.
I learned the importance of standards in the early ’70s when I had zero luck constructing a building using Lincoln Logs, Legos, and random pieces from my Erector Set.
Monitors from different manufacturers require different video inputs. Are you excited to plug in your new Dell Monitor? Not so fast, the cables from your old Viewsonic will not work. Now you’ll have to wait a few days.
We’re just scratching the surface here. Apply this same logic to cloud applications, servers, switches, firewalls, software licensing, low voltage cabling, and backup appliances, and the potential for problems is pronounced.
Standards help dramatically increase the probability that everything communicates. Standards put the math on your side, especially when coordinated with the useful life of your digital assets.
Learn More: Technology Lifecycle
Managed Service Provider Consideration #3 – Professionalism and Service Class
Are you talking to MSPs who are in the same service class? You will more than likely require a peer-level partner. In addition to visiting their office and meeting their team, be sure their professional credentials meet your exact criteria.
Regulation and Compliance expertise is a two-way street. Every business has regulation and compliance requirements. Your provider needs to have the expertise to advise you – GDPR, HIPAA, NIST CSF, PCI, SANS Top 20, SEC, SOC 2 Type II, SOX – they must also comply with their industry’s prerequisites.
Learn more: MSP Alliance Certifications
Their network operating center will be communicating with yours, and your assets are at risk if they happen to be compromised.
Does their team have the industry certifications to support your environment now and in the future? With Microsoft taking over the business world, the cloud is here to stay. Here’s a quick list of must-haves:
- Microsoft Azure Administrator (AZ103)
- Certified Meraki Networking Associate (CMNA)
- Cisco Certified Design Associate (CCDA)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Network Associate Security (CCNA Security)
- Microsoft Certified Solutions Associate (MCSA)
- Microsoft Certified System Engineer (MCSE)
- Microsoft Certified Trainer (MCT)
- MSPAlliance Cyber Verify (MSPCV)
- MSPAlliance MSP Verify (MSPV)
- VMware Sales Professional (VSP)
Confirm they support all major manufacturers and applications in your environment: Apple, AWS, Azure, Cisco, Datto, Dell, HP, Lenovo, Meraki, M365, Microsoft, Nextiva, Polycom, Proofpoint, Ring Central, Samsung, VMware, Veeam, and Vonage.
If anyone offers you space on one of their home-brewed file server applications, run! You can’t expect to stay with any MSP for the rest of your life, so your assets need to be stable, secure, and portable.
Who else can vouch for the professionalism of the MSP you are considering?
Membership in established industry associations like IT Nation Evolve Peer Groups and performance-based awards provide additional clues.
MSPs require specialized insurance coverage beyond standard errors and omissions (“E&O”) policies. Does your prospective IT firm have Technology E&O for their cloud computing and managed services practice?
Do they have the right amount of cyber liability, contractual liability, general liability, and property coverage? Don’t be timid about inquiring further.
Managed Service Provider Consideration #4 – Ownership Structure and Financial Stability
Ownership structure and financial stability are closely related. Are you required to work with a public company?
In the early 2000s, I worked for a private VoIP provider, and we lost a deal to AT&T. The proposal didn’t head south because we weren’t a great fit; their board of directors wanted maximum financial transparency.
Public companies have financial statements, stock performance updates on Yahoo Finance, and 24/7 news stories.
You know how AT&T is doing, and its chances for long-term success are higher than a 20-person firm with $2,000,000 in annual sales.
Private companies have the luxury of keeping sensitive information closer to the vest. That’s why it’s essential to bring your concerns to their attention:
Will they provide official documentation like third-party audits?
Are they in good standing with the Better Business Bureau?
Have you checked their Dun & Bradstreet report?
Check Google for lawsuits, liens, and client reviews. You should also explore their profile on the Secretary of State’s website.
Be careful with partnerships. There’s a good reason they never put Guy Fieri in the same kitchen with Gordon Ramsey.
Partnerships without buy-sell agreements can lead to nasty breakups that leave clients exposed.
It’s the same story with married business partners. Will the circle remain unbroken? More importantly, will your network remain unbroken?
Are you talking to an MSP owned by a private equity firm? Private equity groups are acquiring a lot of smaller (and struggling) IT providers. These Wall Street players have aggressive goals and tight timelines to restructure, cut costs, realign, increase profitability, then flip entities to other buyers.
Can your organization withstand the chaos of a merger or a new owner?
You may start with a company you love and end up with something different. Remember what happened to Mindspring after the Earthlink acquisition? Mindspring used to be your best friend. Their new owner considers you a number.
Managed Service Provider Consideration #5 – Open and Honest Pricing
How are you going to be charged? The billing model is critical to understand before you sign anything.
Some MSPs charge a fixed fee for monitoring, managing, supporting, and securing all of your IT systems and users.
Depending on the MSP’s tolerance for risk, they may charge you a lower fixed fee if your systems are standardized and up to date; or a higher rate if your systems originated during the Obama Administration.
After the MSP sets the rate, the pricing will typically go up or down as your IT system footprint, machine quantity, or user headcount expands or contracts.
The same model applies to a fixed fee agreement that only covers back-end IT systems, user help desk, and support.
The former is popular in one scenario, known as Co-Managed IT – when the client has full-time employees who handle lower-level support requests.
The latter is favored when the client has back-end IT systems covered by full-time staff and needs an MSP to handle the lower-level support requests – M365 support, password resets, and remote printing mishaps.
Gold, Silver, and Platinum plans
Gold, Silver, and Platinum plans, AKA good, better, best programs, make it easier for less technical buyers to decide. By employing a menu approach, the MSP can shorten their sales cycle with pre-packaged options today’s Internet buyers can understand.
Potential problems emerge when the client signs up for a Gold plan and later decides they need services only available in the Platinum plan.
You may also encounter plans based on a very attractive minimum monthly budget, such as $800 per month, with metered billing amounts that apply to your monthly allocation. And part of this may also cover essential automated monitoring tools. The MSP may track hourly fees may in 15-minute increments. If the remote prices are $99 per hour and the onsite support is $149 per hour, your $800 budget gets eaten up quickly.
This pay-by-the-drink plan is a recipe for the client to cherry-pick when to engage their IT provider. Because every time you open a service ticket, the meter is running.
Some companies love being in control of everything, but you must determine whether your IT experience puts you in the best position to call all the shots.
You also risk overlooking the strategy piece; because you become programmed only to engage when there’s a problem. This disadvantage allows chronic flaws – undetectable to the non-technical mind – to snowball into much bigger dilemmas: data breaches, backups that are not working, malware infections, etc.
Finally, out-of-scope charges arise in every pricing plan. Make sure you’re crystal clear on project fees in advance.
Ad hoc, after-hours, and weekend fees are the most expensive. Hourly block agreements are less costly because the MSP negotiates the rates in advance.
Managed Service Provider Consideration #6 – Agreements and Auto-Renewals
Law firms that specialize in technology create most MSP agreements. They have a knack for creating templated documents, fine print, and giant paragraphs with compound sentences that will put you to sleep in seconds. Law firms are notorious for writing contracts so complex, that they won’t sign the same agreements they create for MSP legal clients, who are also their vendors.
Be sure to pour an extra cup of strong black coffee (or three) for this phase of your selection journey.
Are you clear on when the agreement begins and ends, as well as the existence of an auto-renewal?
Many automatically renew for additional periods of one year at the end of their initial term unless either party gives the other written notice of non-renewal at least sixty days before the agreement ends.
Suppose your term is 12, 24, or 36 months; set Outlook reminders 90 and 60 days shy of the renewal. (I added a redundant reminder 30 days earlier just in case we have any procrastinators in the audience.)
Managed Service Provider Consideration #7 – Contracts and Annual Price Increases
Inflation has never met a stranger it didn’t like. Since annual price increases are inevitable for everyone, both parties should agree on any uptick in advance.
Make sure you are comfortable with the MSP’s formula. Fee hikes tied to percentage changes to the Consumer Price Index (“CPI”) for your particular metropolitan area are an excellent place to start.
This situation might mean a price escalation that is less than or equal to the prior 12 months’ CPI. And it could depend on whether your pricing hasn’t increased within the preceding 12 months.
It’s relatively common for clients to negotiate lower pricing upfront, but the MSP must protect itself and recoup costs later in the agreement. Be sure you understand these numbers. If you’re not paying now, you will probably be paying later.
Managed Service Provider Consideration #8 – Early Termination Penalties
Providing quality MSP services and paying to receive quality MSP services is a significant mutual investment.
It’s expensive for the provider and the client when the relationship is unsuccessful. Adverse outcomes have considerable hard and soft costs for all.
Does your prospective provider have protections that take your risk into account?
Any language allowing you to terminate without penalty works in your favor if the service provider is guilty of a contract breach.
On the flip side, many service providers have termination fees if you breach the agreement. For an extreme example, if you sign a 24-month deal and don’t comply with the provider’s guidelines for requesting support, decide they have lousy support, and cancel after six months; you may be on the hook for 50% of the contracted monthly fees for the next 18 months.
Some companies are more casual about letting you out of an agreement. Who wants to be in a bad marriage?
Larger MSPs, including public and private equity-backed ventures, tend to have sizable in-house legal teams whose primary job is revenue retention via contract enforcement.
Smaller private entities don’t typically have the infrastructure to hold an unhappy client’s feet to the fire. It’s way too expensive for a 20-person firm. Plus, those situations are seldom pleasant.
Now that we’ve looked at eight critical considerations, what’s next?
I recommend you and your IT Steering Committee select three MSPs in the same service class – so you are making an apples-to-apples comparison – and be very candid about your budget and the problems you wish to solve.
This exercise will reveal if they have the expertise, integrity, and discernment to be trusted business advisors.
Are they saying anything to make the sale? Do they want to immediately rip and replace significant parts of your IT systems? Or are they listening and trying to learn before making serious recommendations?
Finally, you’ll want to get a few client references before you sign with your winner.