Skip to content

Buying decisions

Choosing a new IT supplier (MSP)

This decision affects your security posture more than any tool.

Use the time when nothing is wrong to interview properly.

Decide what you actually want

  • Is this helpdesk support only, or security, backup, patching?
  • How many users / devices? Hours of cover?
  • What is “in scope” vs “projects extra”?

Ten questions to ask

  • Are you Cyber Essentials Plus certified?
  • What do you do for our security beyond support tickets?
  • How do you test backups? Show me a recent report.
  • How do you handle MFA, password management, and admin access?
  • Who owns our domain, DNS, and global admin?
  • Show me a recent monthly report.
  • How do you handle out-of-hours incidents?
  • Who's our named contact?
  • What's your exit clause?
  • Can I speak to a client who left you?

Red flags

  • Vague answers about security.
  • Refusal to do test restores.
  • Default policy of owning the domain or master admin.
  • Long lock-in with high exit fees.
  • Account managers who can't answer technical questions.

Before you sign

  • Get the contract reviewed.
  • Pilot with one team if you can.
  • Document the transition plan.