How to Evaluate an MSP: Red Flags, Green Flags, and the Questions That Matter
Choosing the wrong MSP costs more than choosing none. Here's a practical evaluation framework with specific questions to ask and warning signs to watch for.
How to Evaluate an MSP: Red Flags, Green Flags, and the Questions That Matter
Choosing a managed service provider is one of the most consequential decisions a business owner makes. Get it right and IT becomes a stable, predictable part of your operation. Get it wrong and you inherit someone else's problems.
Here's how to evaluate MSPs like a professional — whether you're choosing your first one or replacing one that isn't working.
Red Flags: Walk Away
No Documentation of Your Environment
If your current MSP can't produce a network diagram, asset inventory, or password documentation, they're operating blind. When they leave, you'll be starting from zero.
No Standard Security Stack
An MSP that doesn't mandate a minimum security baseline — EDR, MFA, patching, backup monitoring — for every client is accepting risk on your behalf without telling you.
No Defined Response Times
If the contract doesn't specify response time SLAs for different priority levels, you have no accountability mechanism.
Pricing Feels Opaque
You should understand exactly what's included, what costs extra, and how overages are billed. If you can't get a clear answer, that's intentional.
They Resist Giving You Your Own Credentials
You should have admin access to your own systems — Microsoft 365 tenant, firewall, domain registrar, everything. An MSP that won't provide these is creating lock-in, not security.
No Business Reviews
If you never hear from your MSP unless something breaks, they're providing reactive support, not managed services.
Green Flags: Promising Signs
Documented Onboarding Process
A structured 30-60-90 day onboarding plan shows operational maturity. This is similar to the structured approach used in co-managed IT partnerships. They've done this before and they have a system.
Proactive Communication
Monthly reports, quarterly business reviews, and heads-up notifications about upcoming renewals or end-of-life equipment. You should feel informed, not surprised.
Standardized Security Requirements
Good MSPs require a minimum security posture: EDR on all endpoints, MFA everywhere, managed patching, backup monitoring. This protects you and protects their other clients.
Industry or Regional Experience
An MSP that understands your industry (healthcare, construction, legal, manufacturing) knows the compliance requirements and common pain points. Local presence — like being based in Southern California — means faster on-site response when needed.
Clear Escalation Paths
They can tell you exactly what happens when they can't resolve an issue: who escalates, to whom, and within what timeframe.
Client References You Can Actually Call
Not just logos on a website. Real business owners in similar industries who will take your call and give honest feedback.
The Questions to Ask
Security
1. What is your minimum security baseline for clients?
2. How do you handle a suspected breach at 2 AM on a Saturday?
3. Do you carry cyber liability insurance?
4. What EDR, email security, and backup solutions do you standardize on?
5. How do you manage patching and vulnerability remediation?
Operations
6. What does your onboarding process look like?
7. How are tickets prioritized and what are your SLAs?
8. Who is my primary point of contact?
9. How many clients does each technician support?
10. What does your monthly reporting include?
Strategic
11. Do you provide quarterly business reviews?
12. How do you help us plan IT budgets year over year?
13. What does your technology roadmap process look like?
14. How do you handle end-of-life hardware and software notifications?
Contract
15. What are the contract terms and termination notice requirements?
16. Who owns the documentation and credentials if we leave?
17. What's included in the base agreement vs. billed separately?
18. How do you handle after-hours and emergency support pricing?
19. Is there a project rate for work outside the managed scope?
Evaluating the Transition
Switching MSPs is disruptive. A good MSP minimizes that disruption with:
Expect a full MSP transition to take 30-60 days. Anyone promising a weekend cutover for a complex environment is setting you up for problems.
What to Expect on Pricing
MSP pricing varies, but here are reasonable benchmarks for the Southern California market:
Significantly below these ranges means corners are being cut. Significantly above means you should understand exactly what additional value you're getting.
Bottom Line
The best MSP relationship feels like having an IT department that's always prepared, always communicating, and always thinking a quarter ahead. The worst feels like an expensive help desk.
Use this framework, ask these questions, and trust your gut. If something feels off during the evaluation, it will be worse after you sign.
Looking for a managed IT provider in the High Desert or Inland Empire? Talk with Sonic Systems — we'll answer every one of these questions openly. Learn more about our managed IT services.