7 Questions to Ask When Assessing MSPs
Reading Time: 4 Minutes
Having an up-to-date technology infrastructure is critical for organisations to perform well in this ever-changing business world. An outdated technology infrastructure can harm your business by:
- Giving cybercriminals a free pass
- Putting your company in hot water with regulators
- Reducing overall productivity
- Causing employee dissatisfaction
- Upsetting your customers
Related Read: What Should You Look For in an IT Partner for Financial Services?
Once you understand the risks of not keeping your technologies up to date with the latest standards, you must do everything possible to refresh your IT infrastructure. However, this is easier said than done, and you will need to devote additional time and effort to make necessary changes. This is where a managed service provider (MSP) can be of assistance.
While an MSP can augment technology expertise and knowledge gaps, finding the right MSP partner can be difficult. There are many firms out there with similar services and offerings. And if you don’t have technical expertise, it might be hard to assess their work.
That’s why we’ve compiled a list of seven of the most important questions you should ask an MSP when determining whether they are a good fit to meet your technology infrastructure and service needs. This list doesn’t cover all aspects of the IT spectrum, but we have a Complete Checklist available for download.
Questions to ask
1. Do you offer 24/7/365 support?
This is a trivial question, and most providers should have this covered in this day and age. Your MSP should provide 24/7/365 monitoring and support to address technology infrastructure issues to avoid downtime, data loss and cyberattacks. Cybercrime never sleeps, and neither do we.
2. Do you perform regular risk assessments?
Because risk factors are constantly changing, MSPs must conduct security risk assessments regularly to stay on top of emerging and evolving threats. Your MSP partner’s risk assessment reports should give you an overview of the internal and external threats that could come back to bite you later.
Recommended: First Step to Compliance: A Thorough and Accurate Risk Assessment
3. Do you meet all of my compliance needs?
If you must be HIPAA compliant, then you could benefit from an MSP that understands the standard and complies with it. Hence, ask if they can demonstrate compliance to relevant standards for your industry. An MSP should be responsible for handling your technology risk. Therefore, it’s wise to learn about their approach to Governance, Risk and Compliance.
Read: Is your business ready for HIPAA and PCI-DSS
4. Can you provide documentation to prove you are compliant and following best practices?
Working with an MSP that does not follow best practices and has a track record of non-compliance can be detrimental. Therefore, ensure that they adhere to relevant standards and best practices. Data protection compliance is essential for a business that’ll be handling your information, so standards and certifications such as ISO27001, Cyber Essentials and NIST are also must-haves.
Learn more: ISO27001 vs NIST Cyber Security Framework – Which one to choose?
5. Do you have a business continuity and disaster recovery plan? If so, what is in place, and are they tested regularly?
Your business needs contingency measures, and so does any company, including MSPs. If your MSP partner does not have a business continuity and DR plan in place, they may not be able to withstand an incident, and you may be affected as well. Even if they already have one, it must be up to date and thoroughly tested.
Read: How Backups and Disaster Recovery Protects SMEs
6. Is third-party auditing performed to meet cybersecurity and compliance requirements?
An MSP that invests in a third-party audit can objectively demonstrate that their information systems and processes adhere to stringent requirements in critical areas such as security and compliance. Make sure you don’t overlook this aspect.
7. Do you have a high level of confidence in your security posture? If so, can you explain why?
Most MSPs will say they are very confident in their security posture, so the crucial part of this question lies in the “why”. Seek to learn about their response times, incident reports, and outcomes following security incidents. There is no perfect security, so don’t expect to find a company that is “incident-free”. The way they react to an incident and mitigate threats is what’s most important, so ask them how efficient they are in this aspect.
Why are the above questions crucial?
Having an MSP on your side is about more than just saving time and effort. You must have a clear understanding of how they intend to protect your company from evolving cyberthreats, how they plan on ensuring that you comply with regulations to avoid fines and reputational damage and whether they can provide you with data backups when you need them.
Learning about an organisation’s process and culture is another vital part of doing business together, so keep that in mind when considering providers. For a complete list of questions that you should ask when choosing a new provider, view our Checklist and go through each question with your potential partners. We hope this will make your decision easier.
Read: How to Smoothly Transition to a New IT Services Provider
If you have any questions about this process, get in touch. Finding a new provider might seem like a daunting task, but it can be made much easier if you know what you’re looking for. Our specialists will be happy to advise and recommend a solution based on your needs.