...

Questions to Ask Before Hiring an MSP

Table of Contents

Executive Summary
  • What an MSP is and how it works
  • Why do so many small to medium-sized businesses have unhappy experiences with his/her managed service provider?
  • Where do the biggest risks lie in selecting an MSP? (e.g. lock-in, scope gaps, bad level of support)
  • The use of pricing alone to evaluate an MSP is misleading.
  • In practice, what does “good” MSP service look like?
  • How to use the guide as your benchmark in evaluating an MSP.
  • Who should be involved in choosing an MSP?
  • When should you consider changing your MSP?
  • How does this guide help mitigate the risks of technical decision-makers?
Who this guide is for

This guide is for businesses in the UK that are hiring a new managed service provider (MSP) or switching to another MSP. The guide is aimed at non-technical business owners, directors and operations managers who make the decisions but need clear and unbiased questions for comparing the various options available to them. If you have IT problems like having to deal with the stress of downtime or security concerns, this guide will help you compare the different providers so that you can evaluate them properly.

What an MSP Does (and Doesn’t Do)

An outside IT company called an MSP, or Managed Service Provider, works in the background to keep your technology running smoothly and to make sure it doesn’t break down in the first place by providing you with proactive support. In the UK, an MSP will provide you with services such as software updates, security patches, backups, and support from the help-desk (usually between £25 and £95 per user per month (ex VAT), depending on level). An MSP does not take your responsibility for making business decisions and it does not guarantee that you’ll never have an issue cyber threats are constantly changing and, therefore, they will help manage your risks but they cannot remove them.

What does an MSP do? They can perform remote monitoring of your devices, provide you with quick-fix solutions to any problem, provide you with assistance when using Microsoft 365 or other types of programs, assist you with completing business basics such as achieving the Cyber Essentials standard, etc. What does an MSP not do? An MSP does not provide you with an unlimited supply of hardware, it does not perform any non-IT related tasks, and it does not give you legal advice regarding GDPR compliance. As of 2026, good MSPs will be ready to help with the increased threat of cyber crime committed by artificial intelligence, the management of data according to the Digital Economy Act 2025, and, overall, will focus on providing value by helping to avoid downtime to your business that costs small to medium sized businesses (SMEs) approximately £18,000 per hour on average.

How to Use This Question List

  • The Importance of Structured Comparisons
  • The Purpose of Using the Same set of Questions when Interviewing Different Managed Service Providers (MSPs)
  • How to set Up a Simple Non-Technical Scoring System for Assessment of Responses
  • How to determine the Weighting of each Respective Business Success Factor
  • Recognising when you have received a Well Thought out but No commitment Response from your MSP(s)

Core Question Sections (10 Required)

Each section will have:

  • Reason why That Either Area is Important to Your Business
  • Contribution of Questions (numbered)
  • What to Expect as a Good Response
  • Signs of Poor Response or Vague Response
  •  
1) Understanding Your Business

Why this Matters: the right Managed Service Provider will customise for your size, your risk (i.e. sensitivity of your data), your growth, and your compliance the generic approach will miss important areas or result in overspending due to the same reason.

Discussion Points:
  • How do you evaluate our IT systems to date and your risk position?
  • What experience/knowledge have you gained with other Clients of our size / type?
  • What do you do to ensure that your services can grow with us or change as our needs do?
  • What support do you offer me for compliance (e.g. Cyber Essentials, Basics of GDPR)?
What Answers Would Look Like:
  • Detailed Audit Process, for example “We conduct a two-week review, including an analysis of your existing inventories and a complete risk assessment”
  • Concrete examples,, for example “We’ve worked with over 20 other Companies similar to your to assist them in going from 10 Employees to 50 Employees”.
  • Ability to scale to meet your growth needs/test/change requests on a monthly basis – For example, “We will re-evaluate our services with you monthly so that you can adjust them as necessary”.
  • Provide practical assistance/education with regard to CE Certification – for example “We can help you with your self-assessment for Cyber Essentials”.
2) Scope of Services or Exclusions

Importance of this area: Clear definitions of inclusions prevent unexpected charges; such as knowing if hosting includes monitoring (and therefore eliminating dispute) and providing clarity on expectations to assist in determining value.

Sample Questions to Ask
  • What does your standard package include (monitoring, updates, support, etc.)?
  • When would you charge for something extra (due to hardware, after-hours support, etc.)?
  • How do you handle non-standard requests?
  • Can you provide a list of services provided as well as those excluded from the standard package?
Example of an acceptable answer
  • Comprehensive definition of service included in base package (example: unlimited remote support; including proactive updating)
  • Clearly defined parameters for additional charges (example: all hardware will be billed at cost + £50/hour)
  • Ability to suggest alternatives for additional pricing (example: quote will be provided prior to completing additional work)
  • Documentation describing all services (example: PDF of entire service contract)
3) Security and Risk Management

Importance of this area: To prevent ransomware attacks from impacting your business, MSP’s should take proactive steps to prevent these types of attacks and protect your data from loss or Drug-related issues.

Questions to ask:
  • What does your process look like for patching, backups و monitoring?
  • What types of cybersecurity tools do you use?
  • How will you support me if an incident occurs?
  • Do you help me with Cyber Essentials or GDPR?
Good example of responses:
  • Proactive (E.g. “Our patching is automated and complete within 14 days. All backups are completed in accordance with the 3-2-1 rule and tested quarterly”).
  • Modern (E.g. “Microsoft Defender with 24/7 monitoring”).
  • Structured (E.g. “Each MSP we partner with uses a defined response plan with RTO’s of less than 4 hours”).
  • Supportive (E.g. “We are fully supportive of CE certification assistance”).
4) Support Delivery & Responsiveness

Importance of this area: Quick fixes minimise downtime – SLAs provide an assurance of reliability, particularly for new and expanding businesses outside of normal business hours.

Questions to ask:
  • What are your response times to issues (critical / normal)?
  • What are your support hours (24/7)?
  • How do you handle escalating issues if I continue to have problems?
  • How are you able to track and manage tickets effectively?
Good example of responses:
  • Defined SLAs (E.g. “Critical response time = < 1 hour and normal response time = < 4 hours”).
  • Flexible (E.g. “Business hours standard – 24/7 available”).
  • Clear process (E.g. “Escalation process is tiered with Level 1 to engineer < 2 hours”).
  • Transparent (E.g. “Customer portal to track status of submitted tickets”).
5) Tools & Technology Stack

Why It’s Important: Reliable Measuring Tools Enable Remote Repairing; Old Methodologies Produce Inefficiencies.

Questions to Consider:
  • What type of measuring tools do you currently have for remote repair?
  • How do you currently document our IT configuration?
  • Are you able to integrate with our tools? (e.g. M365)
  • How do you keep current with technology changes?
What an Ideal Response Sounds Like:
  • Up-to-Date (e.g. “RMM to provide monitoring, ticketing portal”).
  • Shared (e.g. “Knowledge base that you can access”).
  • Compatible (e.g. “Full integration with M365”).
  • Proactive (e.g. “Annual training related to the latest trends”).
6) Experience & References

Why It Matters: Prior Results Mitigate Trial/Error; Similar Clients Confirm Validity of Proposed Solutions.

Questions to Consider:
  • What kind of experience do you have with a company like ours?
  • May I Have Your Reference Contact Information From 3 Clients with Similar Businesses?
  • What Industries Do You Focus on?
  • How Do You Measure Customer Satisfaction?
[Example of Ideal Response]:
  • Specific (e.g., “have worked with 20 SME’s in your industry”).
  • Available (e.g., “here’s 3 for you to contact”).
  • Industry Focused (e.g., “have worked in the Professional Services/Compliance industry”).
  • Data-Driven (e.g., “95% NPS, annual client survey results”).
7) Pricing & Contract Terms

Why it matters: When costs are laid out clearly there are no surprises when it comes time to pay and flexible term lengths give time to adjust as needed.

List of important questions to ask:
  • Can you provide a pricing breakdown (for example by per-user/device)?
  • What is the expected contract and notice period?
  • Are there any setup (associated) or exit fees?
  • How does (your) pricing scale (up) as we grow?
What a good response looks like:
  • Transparent (for example, “£45/user/month including ongoing support”).
  • Flexible (for example, “12- month contract and 30 days notice”).
  • Minimal (for example, “One-time setup fee of £500, no exit fees”).
  • Scaleable (For example, “We have multiple tiers of pricing based on (our) growth”).
8) Onboarding & Documentation

Why it matters: A good onboarding process is the first experience of working together so it is important to establish a good relationship in order to facilitate knowledge transfer.

List of important questions to ask:
  • What is your process for onboarding new clients, and how long does the entire process take?
  • How will you document our IT systems?
  • Who will have access to any of our IT systems?
  • How do you ensure a smooth transition of our services from our previous provider?
What a good response looks like:
  • Structured (for example, “4 week audit/setup”).
  • Accessible (for example, “Document repository on a shared portal”).
  • Controlled (for example, “Only named engineers have access to systems”).
  • Supportive (for example, “We will work with the previous provider to ensure an efficient transition”). 
9) Reporting & Communication

Why this matters: Consistent updates create credibility through visibility and establish value.

Questions to consider:
  • How do you report to clients on service usage (metrics)?
  • What type of service review meetings do you have?
  • How do you communicate service changes and issues to clients?
  • How can I access my real-time service status?
How the response should sound:
  • Detailed (i.e. Monthly uptime / threat reports)
  • Regular (e.g. Quarterly calls)
  • Proactive (e.g. Alerts + updates)
  • Transparent (e.g. Client Dashboard)
10) Exit Strategy & Off boarding

Why this matters: A smooth exit minimises the chance of lock-in and helps ensure the transition will go smoothly if the exit would take place.

Questions to consider:
  • What are your off boarding processes?
  • Who will have ownership of the documentation and data?
  • Are there any exit fees or assistance fees?
  • Do you have procedures in place to ensure there will be be no disruptions during the transition to the next vendor?
  •  
How the response should sound:
  • Structured (e.g. 30-day Handover with documentation)
  • Clear (i.e. You own everything)
  • Reasonable (i.e. No fees; optional assistance at £X hourly rates)
  • Supportive (e.g. We will facilitate the transition to the new vendor).
Red Flags & Warning Signs
  • Ambiguous service-level agreements/answers (e.g., “best effort.”)
  • Aggressive salesmanship and up selling from the beginning.
  • A lack of industry-relevant references or experience.
  • Long (greater than 12 months) exit fees or a lock-in period with no flexibility to leave.
  • No clear pricing, tool, or scope information.
  • Inadequate response time during the evaluation process.
  • Claims of “unlimited” without details.
  • No proactive approach (only reactive).
  • Numerous negative reviews that reference downtime or poor support.
  • Making promises above what can be delivered (e.g., “No downtime.”)
  • No inquiry about your company or business operations.
  • Unclear about who owns your data.
90-Day Onboarding Expectations
Days 1–30: Getting Acquainted and Preparing Days 31–60: Training and Go Live Days 61–90: Review and Optimisation
  • Systems/Risks audit performed by MSP
  • Setup documentation, access, and SLAs
  • Basic fixes (e.g. MFA) completed
  • Go live with tools and monitoring
  • Introduction and training of staff
  • Testing of support processes
  • First report and review meeting
  • Closing identified gaps
  • Confirmation of satisfaction

Onboarding process will begin with weekly updates and update rate will be based upon if the process is slow moving or not.

FAQs

Common terms for MSP contracts run from a minimum of 12 months to a maximum of 24 months – you should be looking at flexible agreements with a notice period of between 30 and 90 days, as opposed to a long-term lock in.

Yes – good MSPs will allow for this as one of their requirements; we suggest inquiring if they will use shared controls so that you maintain an element of oversight.

AI threats and Digital United Nations/Assistance – make sure you ask your provider how they will address any such issues.

Annual contract review; remember to negotiate flexibility within the agreement.

A good MSP contractor will allow you to add additional services as your business requires them.

Many MSPs include this in their contracts, however it is worth confirming this with them.

Find out about the company's level of experience with compliance.

Ownership of data, providing support when off-boarding.

If you would like help in evaluating an MSP, please prepare your needs and budget. You will receive a questionnaire and document that provides you with a list of questions, comparison tips, and next steps all at no charge.

About This Guide

This guide is developed by Computer Support Centre’s real-world experience working with many different sized organisations.

The intent of the guide is to assist companies in making informed and confident decisions as they select an MSP. The content of this guide is written for non-technical decision-makers only, thus, it uses plain and practical language.

The information contained in this guide is educational and should not be interpreted as sales or legal advice.

Conclusion

Selecting an MSP should not be a process of simply picking the best priced one.

Strong decisions regarding this selection will include assessing what is included within the service versus what isn’t, and how actual support will be provided.

This guide outlines questions that companies typically forget to ask until after issues come up.

Clear answers to these questions indicate the level of transparency of the relationship you have with the MSP; the more clear the answers, the more well-managed the relationship is likely to be.

By making an informative choice, you will help mitigate risk and strengthen your company’s business stability.