Choosing an MSP is one of the most consequential technology decisions a business makes. A bad MSP creates more problems than it solves. These 15 questions — organized by priority — help you evaluate any MSP systematically.
Critical Questions (Ask These First)
1. What are your response time SLAs?
Why it matters: This defines how quickly problems get addressed. Industry benchmarks: critical issues (15-30 min), high priority (1-2 hours), normal (4-8 hours). Get SLAs in writing with financial penalties for non-compliance. See our SLA guide.
2. What is your cybersecurity stack?
Why it matters: Security is the core MSP value proposition. Ask specifically about EDR, MFA management, email security, and backup/DR capabilities. See our cybersecurity guide.
3. Can you provide 3 client references in my industry?
Why it matters: Industry experience matters for compliance, workflow understanding, and system familiarity.
4. What exactly is included in the monthly fee vs. what costs extra?
Why it matters: Hidden fees are the number one MSP complaint. Get a complete fee schedule including onboarding, projects, after-hours, and per-incident charges.
5. What is your employee turnover rate?
Why it matters: High turnover means inconsistent service and repeated knowledge loss. Industry average is ~25%; under 15% is excellent.
Important Questions (Ask During Evaluation)
6. Do you have SOC 2 Type II certification?
Why it matters: SOC 2 verifies the MSP's own security controls are audited and validated.
7. What is your escalation process?
Why it matters: When your primary technician cannot solve a problem, how quickly does it escalate? Ask for the escalation matrix.
8. How do you handle onboarding?
Why it matters: Onboarding sets the foundation. Ask about documentation, tool deployment timeline, and parallel operation period. See our onboarding guide.
9. What compliance frameworks do you support?
Why it matters: If you need HIPAA, SOX, PCI, or CMMC compliance, your MSP must have specific expertise. Generic IT support is insufficient for regulated industries.
10. What is your backup and disaster recovery capability?
Why it matters: Ask about RPO (how much data you could lose) and RTO (how long until systems are restored). Test frequency matters — backups that are not tested may not work.
Contractual Questions (Ask Before Signing)
11. What are the contract terms and exit clauses?
Why it matters: Avoid being trapped in a multi-year contract with an underperforming MSP. Look for 30-90 day termination notice with data handoff requirements.
12. Who owns my data and documentation?
Why it matters: Ensure you retain ownership of all your data, passwords, documentation, and configurations. Some MSPs hold these hostage during transitions.
13. How are price increases handled?
Why it matters: Annual increases of 3-5% are standard. Uncapped increases or mid-contract changes are red flags.
14. What happens when I add or remove users?
Why it matters: Understand how scaling works financially. Per-user pricing should adjust monthly.
15. What is the process if I want to switch MSPs?
Why it matters: A professional MSP should have a documented offboarding process. Resistance to discussing exit is a red flag. See our MSP switching guide.
Red Flags
- Will not provide client references
- No SOC 2 or equivalent security certification
- Vague or missing SLAs
- Cannot clearly explain what is included vs. extra
- Contracts longer than 3 years with no exit clause
- Will not discuss their own cybersecurity practices
- Pushes proprietary tools that create vendor lock-in
Frequently Asked Questions
How many MSPs should I evaluate?
3-5 proposals provide sufficient comparison. Fewer than 3 limits your perspective; more than 5 creates diminishing returns.
Should I choose the cheapest MSP?
Almost never. The cheapest MSP is usually cheapest because they provide less: fewer security tools, slower response times, less experienced staff. Compare value (services per dollar), not just price.
How long should the evaluation process take?
4-8 weeks from initial outreach to contract signing is typical. Rushing this process leads to poor decisions.
Can I negotiate MSP contracts?
Yes. SLAs, pricing, contract length, and exit terms are all negotiable. Use competitive proposals as leverage.
What if my current MSP is underperforming?
Document specific failures (missed SLAs, security incidents, unresolved issues), review your contract exit terms, and begin evaluating alternatives. See our guide on switching MSPs.
The Bottom Line
These 15 questions create a systematic framework for MSP evaluation. Focus on security, SLAs, and transparency — the three factors that most determine whether an MSP relationship succeeds or fails.
For more, see our complete MSP guide.
-- The MSP Finder Team