Here are a few alarming findings from the Ponemon Institute that illustrate the importance of finding the right MSP:
The 2020 average total cost of a data breach in Southern Africa is R80.64M.
The average cost of a full data centre outage has increased by 30% since 2010.
Two hundred eighty-two days is the average time to identify and contain a data breach.
52% of all attacks are malicious.
The risk and cost of doing business these days is insane. Managed IT used to be all about productivity and efficiency. Both are still valid, but today’s MSP is also a security company.
The following guide will lighten your burden and shed light on considerations that will help you find the right fit, lower your risk, and keep your team focused on what’s most important.
There is a particular emphasis on legal contract details if you get distracted by proposals, which are only marketing documents.
Feel free to devour everything or jump to specific sections that most interest you.
8 Key Considerations:
- Responsive Service
- Technology Standards
- Professionalism and Service Class
- Ownership Structure and Financial Stability
- Open and Honest Pricing
- Agreements and Auto-Renewals
- Contracts and Annual Price Increases
- Early Termination Penalties
1 – Responsive Service
Small and midsized businesses (“SMBs”) are obsessed with response times. ‘How responsive are you?’ has become one of the most popular questions you can ask a prospective MSP.
I’ve been in this industry since 2003 and have met countless organisations that were left high and dry in times of crisis. Managed IT services for SMBs is a relatively new industry. And many mistakes have been made over the past 20 years as providers have learned their craft on the customer’s dime.
Responsive service is not an accident or a function of muscle memory. It’s an accumulated benefit of several variables combined to create resilient IT environments and white-glove personal attention.
First and foremost, your MSP should be your Technology Advisor or virtual Chief Information Officer (“vCIO”). This person is the architect, asset manager, and quarterback of your digital estate. When this job is done well, all of your moving parts – bits, bytes, speeds, and feeds – perform at a higher level.
This pivotal consulting role comes in two basic packages: basic and advanced. Basic vCIO is typically included in your fixed fee plan and bundled with Account Management if you are fortunate enough to have a dedicated contact for this.
Advanced vCIO carries additional charges that coincide with their expanded scope of responsibilities, including Project Management of office moves, work from home migrations, due diligence for M&A, compliance audits, etc.
vCIO engagement is the glue that lowers the risk your systems and users will require fire-drill intervention. So they help reframe the need for clients to worry about responsiveness.
The big problems get eliminated before they happen. By implementing Backup and Disaster Recovery Solutions and delivering Cyber Security Awareness Training, the vCIO promotes business continuity and helps you avoid work-flow busting manual intervention.
The provider and the client are then better able to unite around Service Level Targets (and expectations) prioritized by severity – P1, P2, P3, P4 – to deliver maximum business value and organic responsiveness.
2 – Technology Standards
I’m going to let you in on a little secret: leveraging business systems built on standards is ground zero for powerful, responsive IT environments.
Every laptop, docking station, wireless mouse, keyboard, monitor, and peripheral is an integral part of your digital architecture. Each component matters because all moving parts must play well together.
I learned the importance of standards in the early ’70s when I had zero luck constructing a building using Lincoln Logs, Legos, and random pieces from my Erector Set.
Monitors from different manufacturers require different video inputs. Are you excited to plug in your new Dell Monitor? Not so fast, the cables from your old Viewsonic will not work. Now you’ll have to wait a few days.
We’re just scratching the surface here. Apply this same logic to cloud applications, servers, switches, firewalls, software licensing, low voltage cabling, backup appliances, and the potential for problems is pronounced.
Standards help dramatically increase the probability that everything communicates. Standards put the math on your side, especially when coordinated with the useful life of your digital assets.
3 – Professionalism and Service Class
Are you talking to MSPs who happen to be in the same service class? You will more than likely require a peer level partner. In addition to visiting their office and meeting their team, be sure their professional credentials meet your exact criteria.
Regulation and Compliance expertise is a two-way street. Every business has regulation and compliance requirements. Your provider needs to not only have the expertise to advise you – GDPR, HIPAA, NIST CSF, PCI, SANS Top 20, SEC, SOC 2, SOX- they also need to be compliant with their industry’s prerequisites.
Their network operating center will be communicating with yours, and your assets are at risk if they happen to be compromised.
Does their team have the industry certifications to support your environment now and in the future? With Microsoft taking over the business world, the cloud is here to stay. Here’s a quick list of must-have bonfides:
- Microsoft Azure Administrator (AZ103)
- Certified Meraki Networking Associate (CMNA)
- Cisco Certified Design Associate (CCDA)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Network Associate Security (CCNA Security)
- Microsoft Certified Solutions Associate (MCSA)
- Microsoft Certified System Engineer (MCSE)
- Microsoft Certified Trainer (MCT)
- MSPAlliance Cyber Verify (MSPCV)
- MSPAlliance MSP Verify (MSPV)
- VMware Sales Professional (VSP)
Confirm they support all of the major manufacturers and applications in your environment: Apple, AWS, Azure, Cisco, Datto, Dell, HP, Lenovo, Meraki, M365, Microsoft, Nextiva, Polycom, Proofpoint, Ring Central, Samsung, VMware, Veeam, and Vonage.
If anyone offers you space on one of their home-brewed file server applications, run! You can’t expect to stay with any MSP for the rest of your life, so you need your assets to be stable, secure, and portable.
Who else can vouch for the professionalism of the MSP you are considering? Membership in established industry associations like HTG Peer Groups and performance-based awards provide additional clues.
MSPs require specialized insurance coverage, which goes beyond standard errors and omissions (“E&O”) policies. Does your prospective IT firm have Technology E&O for their cloud computing and managed services practice?
Do they have the right amount of cyber liability, contractual liability, general liability, and property coverage? Don’t be timid about inquiring further.
4 – Ownership Structure and Financial Stability
Ownership structure and financial stability are closely related.
Are you required to work with a public company?
In the early 2000s, I worked for a private VoIP provider, and we lost a deal to Vodacom. The proposal didn’t head south because we weren’t a great fit; their board of directors wanted maximum financial transparency.
Public companies have financial statements, stock performance updates on Yahoo Finance, and 24/7 news stories. You know how they’re doing. You also know their chances for long-term success are much greater than a 20-person firm with R20,000,000 in annual sales.
Private companies have the luxury of keeping sensitive information much closer to the vest. That’s why it’s essential to bring your concerns to their attention.
Will they provide official documentation like third-party audits? Are they in good standing with the Better Business Bureau? Have you checked their Dun & Bradstreet report?
Check Google for lawsuits, liens, and client reviews. It would be best if you also explored their profile online.
Be careful with partnerships.
There’s a good reason they never put Guy Fieri in the same kitchen with this hothead.
Partnerships without buy-sell agreements can lead to nasty breakups that leave clients exposed.
It’s the same story with business partners who happened to be married. Will the circle remain unbroken? More importantly, will your network remain unbroken?
Are you talking to an MSP who is owned by a private equity firm?
Private equity groups are acquiring a lot of smaller (and struggling) IT providers. These Wall Street players have aggressive goals and tight timelines to restructure, cut costs, realign, increase profitability, then flip entities to other buyers.
Can your organization withstand the chaos of a merger or a new owner?
You may start with a company you love and end up with something different.
5 – Open and Honest Pricing
How are you going to be charged?
The billing model is critical to understand before you sign anything.
Some MSPs charge a fixed-fee for monitoring, managing, supporting, and securing all of your IT systems and users.
Depending on the MSP’s tolerance for risk, they may charge you a lower fixed fee if your systems are standardized and up to date; or a higher rate if your systems haven’t been updated since the Obama Administration.
After the rate is established, the pricing would typically go up or down as your IT system footprint, machine quantity, or user headcount expands or contracts.
The same model can be applied to a fixed fee agreement that only covers back end IT systems or user help desk and support.
The former is popular in one scenario, known as Co-Managed IT, when the client has full-time employees who handle lower-level support requests.
The latter is favoured when the client has back-end IT systems covered by full-time staff, and they need an MSP to handle the lower-level support requests – M365 support, password resets, and remote printing mishaps.
Gold, Silver, and Platinum plans
This is a good, better, best approach that makes it easier for less technical buyers to decide. By employing a menu approach, the MSP can shorten their sales cycle with pre-packaged options today’s Internet buyer can understand.
Potential problems emerge when the client signs up for a Gold plan and later decides they need services only available in the Platinum plan.
You may also encounter plans based on a very attractive minimum monthly budget, such as R8000 per month, with metered billing amounts that apply to your monthly allocation. And part of this may also cover essential automated monitoring tools.
Hourly fees may be tracked in 15-minute increments. If the remote prices are R450 per hour and the onsite support is R595 per hour, your R8000 budget gets eaten up quickly.
Hey, this sounds like a pay by the drink arrangement? It is. It’s also a recipe for the client to cherry-pick when to engage their provider. Because every time you open a service ticket, the meter is running.
Some companies love being in control of everything, but you will have to determine whether your IT experience puts you in the best possible position to call all the shots.
You also run the risk of overlooking the strategy piece; because you become programmed only to engage when there’s a problem. This allows chronic flaws – undetectable to the non-technical mind – to snowball into much bigger dilemmas: data breaches, backups that are not working, malware infections, etc.
Finally, out of scope charges arise in every pricing plan. Make sure you are crystal clear on project fees in advance.
Ad hoc, after-hours, and weekend fees are the most expensive. Hourly block agreements are less costly because they’re negotiated in advance.
6 – Agreements and Auto-Renewals
Most MSP agreements are created by law firms that specialize in technology. They have a knack for creating templated documents, fine print, and giant paragraphs with compound sentences that will put you to sleep in seconds.
Be sure to pour an extra cup of strong black coffee (or three) for this phase of your selection journey.
Are you clear when the agreement begins and ends, as well as the existence of an auto-renewal?
Many automatically renew for additional periods of one year at the end of their initial term unless either party gives the other written notice of non-renewal, at least sixty days before the agreement’s end.
Suppose your term is 12, 24, or 36 months; set Outlook reminders 90 and 60 days shy of the renewal. (I added a redundant reminder 30 days earlier just in case we have any procrastinators in the audience.)
7 – Contracts and Annual Price Increases
Inflation has never met a stranger it didn’t like. Since annual price increases are inevitable for everyone, any upticks should be mutually agreed upon in advance by both parties.
Make sure you are comfortable with the MSP’s formula. Fee hikes tied to percentage changes to the Consumer Price Index (“CPI”) for your particular metropolitan area are an excellent place to start.
This might mean a price escalation that is less than or equal to the prior 12 months CPI. And it could depend on whether your pricing has not been increased within the preceding 12 months.
It’s relatively common for clients to negotiate lower pricing upfront, but the MSP must protect itself and recoup costs later in the agreement. Be sure you understand these numbers. If you’re not paying now, you are probably going to be paying later.
8 – Early Termination Penalties
Providing quality MSP services and paying to receive quality MSP services is a significant mutual investment.
It’s expensive for both the provider and the client if the relationship is not successful. Adverse outcomes have considerable hard and soft costs for all.
Does your prospective provider have protections that take your risk into account?
Any language allowing you to terminate without penalty works in your favor if the service provider is guilty of breach.
On the flip side, many service providers have termination fees that are relevant if you are in breach of the agreement. For an extreme example, if you sign a 24-month deal and don’t comply with the provider’s guidelines for requesting support (and you decide they have lousy support), then you cancel in month six; you may be on the hook for 50% of the contracted monthly fees for the next 18 months.
Some companies are more casual about letting you out of an agreement. Who wants to be in a bad marriage?
Larger MSPs, including public and private equity-backed ventures, tend to have sizable in-house legal teams whose primary job is revenue retention via contract enforcement.
Smaller private entities don’t typically have the infrastructure to hold your feet to the fire. It’s way too expensive for a 20-person firm. Plus, those situations are seldom pleasant.
Now that we’ve looked at eight critical considerations, what’s next?
I recommend you and your IT Steering Committee select three MSPs in the same service class – so you are making an apples to apples comparison – and be very candid about your budget and the problems you wish to solve.
This exercise will reveal if they have the expertise, integrity, and discernment to be trusted business advisors.
Are they saying anything to make the sale? Do they want to rip and replace significant parts of your IT systems right away? Or are they listening and trying to learn before making serious recommendations?
Finally, you’ll want to get a few client references before you sign with your winner.