Six Ways to Save Time Creating an RFP for IT Services

by

September 10, 2021

Prequalification will transform your RFP process.
I’ve been in the MSP business since 2003 and I’ve seen more than my fair share of RFPs.
Eighty percent of them have two things in common: they go out to ten prospective MSPs (or more) and the various IT providers on the list are seldom in the same service class.
For example, a national MSP, a regional MSP, and a local MSP are different animals. Generally (and hypothetically speaking), the MSP with a national footprint may have impressive economies of scale, a vast menu of offerings, and carefully defined contract terms.
The regional MSP may be more of a value-added reseller or VAR that focuses on project and equipment sales versus pure managed IT services.
And the small, local outfit may be more adept at empathy and personal attention. Even if their service consistency waxes and wanes.
If you can eliminate the mismatches before sending out RFPs, you can go much deeper with the most qualified contenders and save a lot of time.
You’ll also build goodwill by eliminating the wrong MSPs upfront. Now these IT companies can invest ten to twenty hours cultivating a prospect that better fits their capabilities (instead of jumping into a cattle call to nowhere).
Are you ready to narrow your search universe? The following time-saving considerations will help to refine your criteria.

#1 – SOC 2 Type II Certified MSPs

This certification is an industry-leading audit standard. Fewer than 1% of IT providers qualify for this designation.
According to OneLogin, “A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third-party technology services.”
Since everyone uses cloud providers, you can never be too careful when it comes to protecting your assets.
Certified Information Systems Security Professional (CISSP) and Certified HIPAA System Administrator (CSSA) are two other qualifications more advanced MSPs can bring to the table.

#2 – National, Regional, or Local MSP Near Me?

Would you prefer a provider with a strong local presence, including technical boots on the ground when something goes haywire in your IT closet?
Or do you want remote-only IT support from an out-of-state provider and their call center?
If you have multiple offices (or plan to expand soon), a single market MSP will likely not be a fit, now or in the near future.

#3 – vCIO Services

vCIO is a popular marketing acronym on MSP websites. However, there’s a big difference between a commissioned account manager selling IT projects (with a vCIO title) and a seasoned technology strategist who can speak on a high level with your C-Suite.
The latter (a true vCIO) is almost always a better fit for companies with the following profile:

  • Your team is transparent about your strategy and budget and forthright about the specific business problems you’re trying to solve.
  • Your IT planning committee can admit “we don’t know what we don’t know” and need help figuring this out.
  • You don’t have a full-time CIO so a basic account manager with your MSP may be all you require.

Certified Information Systems Security Professional (CISSP) services are gaining popularity as well.  While a vCIO can manage a majority of the security responsibilities for a small and midsize business, a “vCISO” offers deeper levels of expertise, to fill in any gaps not covered by a cybersecurity generalist.
Be on the lookout for MSPs who offer vCIO and vCISO on a fractional basis.

#4 – Insurance

How would you like to invest two hours of time with ten different prospective IT providers only to discover 80% of them don’t have adequate E&O coverage or cyber liability policies in place?
As Charles Weaver, co-founder and CEO MSPAlliance explains. “Many MSPs do not have sufficient coverage, as they usually have general liability or professional liability coverage, which does not tend to address cyberattacks, data loss, and other similar events.”
Learn More: MSP Insurance Guide

#5 – 24/7 IT Coverage & Support

I define “coverage” as around-the-clock monitoring, management, and security of your IT systems: server, cloud, backup, firewalls, and network. Coverage never sleeps.
In the most ideal scenarios, every piece of your backend digital estate is also supported by on-call engineers who can intervene when they receive emergency alerts. Their engagement may include direct access via email and phone as well as onsite dispatch to your location.
The term “support” gets used a lot in reference to help desk services like assistance with printing problems, password resets, and recovering deleted documents. Do you have employees who need this flavor of technical support outside of standard business hours?
If so, you will require a provider with a footprint in different time zones to maximize availability and keep a lid on costs.

#6 – MSP Partnerships & Certifications

It’s critical to find a provider with the competencies and the coverage to support your environment.
More established providers with larger teams and entrenched processes tend to have a wider range of specialties and more rigid requirements for employment and advancement.
For businesses committed to Microsoft solutions, an MSP with Microsoft Certified Gold Partner status has a deeper level of expertise than a Microsoft Certified Partner or a Microsoft Silver Certified Partner.
Be on the lookout for the following credentials:

  • Microsoft Certified System Administrator (MCSA)
  • Microsoft Certified Solutions Expert (MCSE)
  • Microsoft Certified Solutions Expert (MCSE) – Server Infrastructure
  • Microsoft Certified Expert
  • Microsoft Certified Azure Administrator Associate

The same logic applies to matching the other vendors in your environment with an MSP’s partnership level: SonicWall Gold Partner, Cisco Partner Select Certified, VMWare Partner, Apple Certified Associate, Duo Partner, and more.
Microsoft receives top billing in this section because their cloud-centric solutions are foundational in most small and midsize business IT systems. They’re also at the forefront of the software as a service (SaaS) revolution.
Learn More: The Four Stages of IT Evolution

What’s Next?

If you’ve sent out RFPs before and haven’t been very happy with the results, this six-point checklist should help you ask more pointed questions and hopefully find an MSP you can grow with.
I recommend using some permutation of this guide with a larger audience then limiting your official RFP competition to three pre-vetted contenders.
Be sure to save this article. It will soon be updated with a link for a free downloadable RFP template.

Jed is a Solution Advisor at Integris who has specialized in MSP solution development, sales, and marketing communications since 2003.

Keep reading

How to Run Governance on Your Security Awareness Training Program

How to Run Governance on Your Security Awareness Training Program

Has your company decided to take the plunge, and start a regular schedule of monthly online security awareness trainings for your employees? Great! You’ve just taken a big step toward hardening your cybersecurity defenses. Now what? Chances are, you’ve purchased a...

What Can Cybersecurity Awareness Training Do for My Company?

What Can Cybersecurity Awareness Training Do for My Company?

Global spending on employee cybersecurity awareness training is predicted to exceed $10 billion USD by 2027, up from around $5.6 billion USD in 2023, according to the latest estimates from Cybersecurity Ventures. Why? Because more companies than ever are realizing...

Third Party Vendor Risk Management: A Guide for Law Firms

Third Party Vendor Risk Management: A Guide for Law Firms

You've bought the cybersecurity tools your MSP recommended to manage your cybersecurity. You use a permission-based platform to transfer client files back and forth. Your firm should be covered for data breaches, especially third-party vendor risk, right? Tell that to...