How to Evaluate an MSP: 10 Questions to Ask Before You Sign

How to evaluate an MSP reliably is harder than it should be. Every MSP's marketing sounds similar, every reference is curated, every pricing structure obscures something. The questions that actually distinguish high-quality providers from average ones aren't on the sales deck. Here are 10 questions to ask any MSP you're seriously considering — questions where the candid answer tells you more than the polished pitch.

The 10 Questions

1. Who specifically will be on my account, and what's their tenure at this company?

MSP quality is human quality. The answer should be specific people with specific roles and meaningful tenure — not "we have a pool of engineers" or "you'll work with whoever is available." Provider with high turnover loses institutional knowledge of your environment with every departure. Long-tenured teams build that knowledge over years.

2. What's your average ticket response time over the past 90 days for accounts my size?

If they can't pull this number for accounts comparable to yours, that's an answer in itself. Response time should be tracked, reportable, and similar across customers. Wide variation suggests inconsistent service delivery.

3. What does your customer churn look like, and why have customers left?

Honest answers to this question are diagnostic. Some churn is healthy and reflects strategic fit issues. Patterns of customers leaving for specific reasons (service quality, billing complaints, technology direction) tell you something. A claim of zero churn is either dishonest or reflects a customer base too small to be meaningful.

4. What's included in the base contract vs. what's billable above it?

The "included" list and the "billable" list together describe the actual relationship. Watch for "included" lists that are deliberately vague ("up to reasonable usage") and "billable" categories that capture work most customers will need (after-hours support, projects, anything outside specific defined services). A good MSP will be specific about both.

5. What's your written incident response process if my business is breached?

An MSP that handles security needs to have a documented breach response process they can walk through. The process should include initial triage steps, isolation procedures, communication protocols, forensics handling, customer notification support, and post-incident review. A vague answer here is concerning given the current threat landscape.

6. Can I talk to three current customers in my industry, without preselection?

The "without preselection" part is the key. Curated references talk to MSPs' best customers about their best moments. Talking to randomly-selected customers in your industry gives you a more honest read on the typical experience. MSPs confident in their service quality will accommodate this; others will push back or limit it carefully.

7. How do you handle escalations when standard support can't resolve an issue?

Every MSP has standard tier-one support. The differentiator is what happens when something can't be resolved at that level. The answer should describe a clear escalation path with specific roles and time commitments, not generic statements about "engaging senior engineers."

8. What's your security posture for your own environment?

An MSP that doesn't run modern security controls on themselves can't credibly recommend them for your business. The answer should include their own MFA, EDR, backups, identity controls, and vendor security practices. SOC 2 certification or similar formal attestation is a strong positive signal.

9. What's your renewal process? Are price increases capped?

Multi-year contract relationships need clear terms for what happens at renewal. Auto-renewal with uncapped price increases is the worst structure. Auto-renewal with capped increases is better. Active renewal negotiation each cycle is the most flexible but requires effort. Understanding the renewal structure before signing prevents surprises later.

10. What's the offramp if this relationship doesn't work out?

How does a customer leave if they need to? Data ownership and portability, transition assistance, contract exit terms, lead time required. An MSP that resists this conversation or has lock-in mechanics is one to be more skeptical of. Good MSPs make leaving easy because they're confident their customers don't want to.

What to Do With the Answers

You're not looking for perfect answers — you're looking for honest answers. The candor of the responses tells you almost as much as the content. An MSP who acknowledges trade-offs, talks about specific past mistakes, and answers uncomfortable questions directly is usually more reliable than one whose responses are uniformly polished. If you want to put us through these questions, a conversation with our team is the right way to start.