By Matt Kahle, CEO, Real IT Solutions
Most small business owners approach choosing a managed IT provider the same way they approach buying office furniture — they get a few quotes, pick the one that fits the budget, and hope it works out. The problem is that furniture rarely causes your business to go offline for 18 hours on a Tuesday morning. Your IT infrastructure can.
I’ve been in managed IT services long enough to watch small businesses make the same evaluation mistakes repeatedly — not because they’re careless, but because nobody has told them what actually matters. The sales process for managed services is designed to make every provider look the same. Slick decks, identical bullet points, promises of “24/7 support” and “proactive monitoring” that mean very different things depending on who’s saying them.
This article is about breaking that down. What should you actually be asking, what does a credible answer look like, and where are the red flags that most businesses miss until it’s too late?
The Problem with How Most Businesses Evaluate MSPs
The typical evaluation process looks like this: a business gets frustrated with its current IT situation — slow response times, recurring problems, a breach scare, or a technician who just left — and starts shopping. They ask for proposals. Providers submit decks with nearly identical feature lists. Someone picks based on price or personality, signs a contract, and the real experience begins.
The disconnect is that what gets evaluated during the sales process (features, price, certifications) has almost no correlation to what actually matters day-to-day (response times, technician consistency, how problems get escalated, whether the provider gets proactive about your risk before it becomes your crisis).
Here’s a framework for doing it differently.
The Five Questions That Actually Separate Good MSPs from Bad Ones
1. Who will actually work on my account — and how often will that person change?
This is the question most businesses never think to ask, and it’s arguably the most important one.
Many MSPs operate a tiered dispatch model: you call in, get routed to a tier-1 technician who handles basic issues, escalates to tier-2 for anything harder, and escalates again if that doesn’t work. In practice, this means five different people might touch your issue before it gets resolved, none of them have deep context about your environment, and you spend half your time re-explaining the problem.
A better model assigns a primary technician to your account — someone who knows your infrastructure, your team’s working patterns, and your history. Ask the MSP: “Who will be our primary point of contact for support, and what percentage of our issues will that person handle directly?” If they can’t answer that concretely, the answer is probably “whoever’s available.”
At Real IT Solutions, roughly 90% of a client’s issues are handled by their primary technician. That’s not a coincidence — it’s a structural choice that directly affects resolution speed and client satisfaction.
2. What does your SLA actually guarantee, and what happens when you miss it?
Service Level Agreements are where MSP promises get specific — or expose themselves as marketing language.
The phrase “24/7 support” is nearly meaningless without context. Does that mean a human answers the phone at 2 AM, or that you can leave a voicemail that gets returned in the morning? Does “4-hour response time” mean someone picks up your ticket in 4 hours, or that the issue is resolved in 4 hours? Those are very different things.
Ask for the actual SLA document, not a summary. Look for:
- Response time vs. resolution time — these are different metrics and both matter
- Priority tiers — how does the MSP classify a server outage vs. a password reset, and what response commitments apply to each?
- Remedies — what happens when they miss the SLA? A credit on your invoice is very different from a meaningful accountability mechanism.
- Exclusions — what scenarios are carved out of the guarantee?
Industry benchmark data gives useful context here:
| Metric | Industry Average | What Good Looks Like |
| Average ticket response time | 4–8 hours | Under 1 hour |
| Average ticket resolution time | 2–3 days | Same business day |
| Annual CSAT score | 85–90% | 98%+ |
| First-call resolution rate | 70–75% | 85%+ |
If a provider can’t give you their actual performance numbers on these metrics — not their targets, their actuals — that tells you something.
3. How do you handle security, and what does “7 layers” or “enterprise-grade” actually mean in practice?
Security is the area where MSP marketing language is most aggressively vague. Every provider claims robust security. Very few can articulate what that means in concrete terms for your specific environment.
Push past the buzzwords. Ask:
- What specific security stack do you deploy for clients at our size and risk profile?
- How do you handle patch management — what’s the cycle, who approves exceptions, and how do you track compliance?
- What happens in the first 24 hours if one of our endpoints is compromised?
- Do you conduct regular vulnerability assessments on client environments, or only when something breaks?
- Who manages our security posture — is there a dedicated person or is it handled reactively by the same technicians doing helpdesk tickets?
A serious answer to these questions takes more than a minute. If you get a fast, smooth response that sounds like it was rehearsed, ask for specifics. “We use enterprise-grade endpoint protection” is not an answer. “We deploy [specific toolset], configured to [specific standard], monitored by [specific process], with escalation to [specific person] when [specific trigger occurs]” is an answer.
4. What’s your onboarding process, and how long until we’re actually stable?
The transition from your current IT situation to a new managed services provider is the highest-risk period in the relationship. This is when things break, when the new team is still learning your environment, and when the gap between what was promised and what’s being delivered becomes visible.
A good MSP has a documented onboarding process with defined phases, milestones, and a realistic timeline. Ask to see it. Specifically ask:
- What does your discovery and documentation process look like — how do you learn our environment?
- What’s your typical stabilization timeline for a business our size?
- What do you need from us during onboarding, and who on our side needs to be involved?
- How do you handle issues that arise during the transition that are inherited from our previous provider?
If the onboarding plan amounts to “we’ll get you set up in the first couple weeks,” that’s not a plan. Proper onboarding for a small business typically takes 30–90 days to reach genuine stability, depending on the complexity of the environment and the state of documentation inherited from the previous situation.
5. What’s your guarantee, and do you actually stand behind it?
This is the question that makes most MSPs uncomfortable — which is exactly why you should ask it.
Guarantees in managed IT services are rare because most providers don’t want to be held to one. That should tell you something about where their confidence actually sits. A provider who genuinely believes in the quality of their service should be willing to attach a consequence to underperformance.
Ask directly: “What is your service guarantee, and what specifically happens if you don’t meet it?” Listen for whether the answer is concrete or evasive. “We stand behind our work” is not a guarantee. “If you’re not satisfied, you don’t pay for that month” is a guarantee.
Red Flags to Watch for During the Sales Process
Beyond the questions above, certain behaviors during the evaluation process are reliable signals of what the relationship will look like once you’re under contract:
They can’t give you client references in your industry. Any established MSP should be able to connect you with current clients who are willing to speak about their experience. If references are slow to come or limited to testimonials on their website, ask why.
The contract is long-term with no exit provisions. Three-year contracts with significant early termination penalties shift all the risk to you. A confident provider should be willing to earn the renewal, not lock you in.
They focus on features, not outcomes. If every answer to your questions circles back to tools, certifications, and capabilities rather than what those things mean for your uptime, your risk, and your team’s productivity, that’s a provider who sells features and hopes the outcomes follow.
Response time during the sales process doesn’t match what they’re promising. If it takes three days to get a callback when they’re trying to win your business, what happens when you’re already a client and there’s less urgency?
They can’t explain their pricing clearly. Managed IT pricing should be understandable. Per-user or per-device monthly flat fees are the norm. If you’re getting a quote that’s hard to follow, full of line items you don’t understand, or that changes significantly between conversations, ask for a written breakdown before signing anything.
What a Good MSP Evaluation Process Actually Looks Like
Done properly, evaluating a managed IT provider should take two to four weeks and involve more than just a sales conversation. Here’s a practical checklist:
- Define your requirements first — what are your critical systems, your compliance obligations (HIPAA, PCI-DSS, SOC 2, etc.), your current pain points, and your growth trajectory over the next 24 months? Providers should respond to your requirements, not pitch their standard package.
- Ask for the actual SLA, not a summary — and read it carefully before the second conversation.
- Request a technical assessment — reputable MSPs will conduct an initial review of your environment before providing a quote. If someone’s quoting you without understanding what you have, they’re guessing.
- Talk to references — specifically ask to speak with clients who had a rough onboarding or a significant incident. How a provider handles problems is more revealing than how they handle smooth sailing.
- Compare total cost of ownership, not monthly fees — a lower monthly fee that comes with slower response times, more downtime, or security gaps will cost more over time than a higher fee from a provider who keeps you running.
- Negotiate the contract — almost everything is negotiable: contract length, termination provisions, SLA remedies, and scope. If a provider won’t negotiate at all, that’s a signal.
The right managed IT provider functions as an extension of your business — not a vendor you call when something breaks. Getting the evaluation right is worth the time it takes.
Matt Kahle is the CEO of Real IT Solutions, a managed IT and AI advisory firm serving small and mid-sized businesses across West Michigan. With over 40 years of combined team experience, Real IT Solutions delivers proactive, relationship-driven IT support backed by a “Thrilled Today or You Don’t Pay” guarantee.

