Checklist · 5 min · For Owners

"What's the response time, and is it in the contract?"

If the SLA isn't written into the agreement, it isn't binding. Ask for specific numbers: first response, onsite response, after-hours definition. Then ask what happens if it's missed — credits, escalations, exits.

"Can you name every tool you're going to deploy?"

An MSP that can't list its own stack is selling you a black box. Real partners name their EDR, backup, RMM, email security, DNS filter, and SOC vendor in the first conversation. You can search every name. You should.

"What does my offboarding look like — in writing?"

Read the offboarding clause before you sign. Are configurations and recovery keys returned? At no charge? Within a fixed window? "At our discretion" is a future invoice waiting to happen.

"How do you bill for projects, hardware, and emergencies?"

Recurring is the easy part. Find out how non-recurring work is priced before you need it. Hardware markup, project rates, emergency premiums — all should be on the menu in writing.

"Who's my actual technician, and have I met them?"

If the answer is "a team" or "whoever's available," expect a different person every ticket. The right MSP assigns a primary engineer to your account who knows your network on day one of every call.

Frequently asked questions

Which of the five questions matters most?
The security-stack question. A vague answer there ("we use best-in-class tools") almost always means there isn't a defined stack, which means the security posture is whatever each technician improvises. The other four matter; this one is the most predictive of what year three will look like.
Should I ask these in writing or in a call?
Both. The call surfaces how comfortably the MSP answers; the written response is what you'll be able to hold them to later. A reasonable MSP will give the same answers both ways. A weak MSP will hedge differently in writing than they did in person.
What if the answers are good but the pricing is high?
High pricing with good answers is a more solvable problem than low pricing with vague answers. Negotiate scope (drop a tier, drop an add-on, defer a project) rather than negotiating the security stack down. The stack is the part you can't get back later.
Are there other questions worth asking?
If you have time for ten: add "what's your ticket SLA in the current quarter (actual numbers)," "what does your onboarding look like week by week," "who do you say no to as a client," "what does a quarterly business review actually cover," and "show me a sample anonymized QBR." See how to compare managed IT providers.

Related reading