Choosing a managed IT provider is a high-stakes decision most owners make with too little information. These 12 questions separate a real security-first partner from a break-fix shop with a monthly invoice.
HarryFounder, Tech Bodyguard··3 min read
TL;DR
The right managed IT provider is a security partner, not just a help desk. Ask about their security stack, response times, backup and recovery testing, incident-response process, transparency, and how they'd handle you leaving. The answers reveal whether they'll prevent problems or just bill you for fixing them.
Hiring a managed IT provider means handing a vendor the keys to your entire business — email, files, systems, and the security that protects them. Yet many owners choose based on price and a friendly sales rep. These twelve questions surface what actually matters.
What questions reveal a security-first MSP?
The best filter is whether security is baked into their standard offering or sold as an upsell after something goes wrong. Ask these first:
1. Is EDR or managed detection & response included by default, or an add-on?
2. Do you enforce MFA across all clients as standard practice?
3. How do you handle patch management, and how fast are critical patches deployed?
4. Do you provide 24/7 monitoring, and who watches it — your team or a SOC?
How do you judge their reliability and responsiveness?
Vague promises are worthless during an outage. Get commitments in writing:
5. What are your guaranteed response times, and are they in a written SLA?
6. What’s your first-call resolution rate and average ticket time?
7. Can you support us on-site, or is everything remote?
What do they do about backups and disasters?
Running backups is easy; proving they recover is the real work.
8. Do you test restores, and how often — and will you show me the results?
9. What’s your incident-response process if we’re hit with ransomware?
Pro tip
Ask for a redacted example of a recent restore test or incident report. A confident, mature MSP has this documentation ready. Hesitation here tells you the “backups” are a checkbox, not a tested capability.
What reveals how they’ll treat you as a client?
Transparency and fair terms predict the whole relationship.
10. What reporting do we get, and how often will we review security posture together?
11. Who owns our data, documentation, and admin credentials?
12. If we ever leave, how does offboarding work and what does it cost?
The last question matters more than it seems. A confident provider makes leaving straightforward because they intend to earn your renewal, not trap you. If exit terms are punitive or your own documentation is held hostage, that’s how the relationship will feel from the inside too.
What’s the real difference between break-fix and managed?
Incentives. A break-fix shop profits when things break; an MSP profits when things run. That single distinction shapes everything — whether they proactively patch, whether they push you toward resilience, and whether they see your uptime as their job or your problem. You’re not just buying support hours; you’re buying an alignment of interests.
Evaluating a provider's security claims?
Run the Ransomware Reality Check first, so you know exactly which gaps a new MSP needs to close.
Take these twelve questions to every provider you evaluate and compare the answers side by side. The right partner will welcome the scrutiny — because answering well is exactly how they win good clients.
// Key takeaways
The short version
A modern MSP must lead with security — EDR, MFA, patching, and monitoring by default.
Ask for guaranteed response times in writing (an SLA), not vague promises.
Insist they test restores and rehearse incident response, not just run backups.
Ownership and exit terms matter — your data and documentation should always be yours.
Frequently asked questions
What should I look for in a managed IT provider?
A security-first approach as standard (EDR, MFA, patching, 24/7 monitoring), guaranteed response times in a written SLA, tested backups and a rehearsed incident-response process, transparent reporting, and fair contract terms that keep your data and documentation yours.
What is the difference between a break-fix IT shop and an MSP?
Break-fix providers are paid to fix problems after they happen, which misaligns incentives — they profit from outages. A managed service provider (MSP) is paid a predictable fee to prevent problems, aligning their success with your uptime and security.
Should my MSP handle cybersecurity too?
At minimum they should deliver core security controls and coordinate incident response. Many businesses use a security-focused MSP (sometimes called an MSSP) so IT operations and security aren't fragmented across vendors who point fingers during an incident.
Occasional briefings for Southern California business owners — ransomware trends, recovery lessons, and what your cyber insurer will ask for next. Unsubscribe anytime.
// 24/7 Emergency IR
Currently under attack?
Systems being encrypted, ransom note, active breach — call now. We answer 24/7.