Choosing an MSP Is One of the Most Important Decisions You'll Make
Your IT provider touches every part of your business. They have the keys to your email, your files, your customer data, your financial systems. They determine whether your team can work productively — or whether they're fighting technology all day.
Choose well, and you get a partner who keeps your business running, secure, and efficient. Choose poorly, and you get slow response times, recurring problems, unexpected bills, and a frustrating relationship that's harder to leave than it should be.
The Raleigh-Durham Triangle has dozens of MSPs competing for your business. Some are excellent. Some are... not. The difference between them is often invisible from the outside — until you're locked into a contract and discovering the gaps the hard way.
These 10 questions will help you separate the exceptional from the average before you commit.
The 10 Questions Every Business Should Ask
1. "What's Included in Your Monthly Fee — and What Costs Extra?"
**Why this matters:** The most common complaint about MSPs is surprise bills. You signed up for "all-inclusive IT support" and then got invoiced for a new workstation setup, a printer configuration, a software installation, or "project work" that you thought was covered.
**What to listen for:**
•**Good answer:** A clear, written scope of services. "Here's exactly what's included: monitoring, patching, help desk, backup management, security, vendor management, on-site visits up to X per month. Here's what's considered project work and billed separately: new office build-outs, full network overhauls, major migrations." No ambiguity.
•**Bad answer:** Vague language like "everything is pretty much covered" or "we handle it on a case-by-case basis." If they can't define it clearly before you sign, you'll be arguing about it after.
**What to check:**
•Is there a written service agreement that itemizes what's included?
•Are there per-incident or per-project fees on top of the monthly rate?
•What's the process for adding new users, devices, or locations?
•Are [cybersecurity tools](/services/cybersecurity) (endpoint protection, email filtering, MFA management) included or add-ons?
2. "What Are Your Response Time Guarantees?"
**Why this matters:** When your server goes down at 2 PM on a Tuesday and your team can't work, the difference between a 15-minute response and a 4-hour response is thousands of dollars in lost productivity.
**What to listen for:**
•**Good answer:** Documented SLAs with tiered response times. "Critical issues (server down, outage affecting multiple users) — 15-minute response. High priority (single user unable to work) — 30 minutes. Standard requests — 2 hours. All guaranteed in writing."
•**Bad answer:** "We get to things as fast as we can" or "usually within a few hours." Without written guarantees, "fast" means whatever is convenient for them.
**What to check:**
•Are response times documented in the contract (SLA)?
•What constitutes "response" — acknowledgment, or actually working on the issue?
•What happens if they miss the SLA? Are there credits or penalties?
•Do response times differ for after-hours and weekends?
3. "How Do You Handle After-Hours and Emergency Support?"
**Why this matters:** IT emergencies don't respect business hours. Ransomware attacks, server failures, and network outages can happen at midnight on a Saturday. Your MSP's response at 2 AM reveals their true commitment to your business.
**What to listen for:**
•**Good answer:** "We have 24/7 monitoring with automated alerting. For emergencies, you call a dedicated number that reaches a live technician — not a voicemail box or an answering service. After-hours emergencies are covered under your plan at no additional charge."
•**Bad answer:** "We have an on-call person. Leave a message and they'll call back." Or worse: "After-hours support is billed at time-and-a-half." If you're paying a monthly fee and emergencies still cost extra, the monthly fee isn't buying you much.
**What to check:**
•Is after-hours emergency support included in the monthly fee?
•Is it a real technician or an answering service?
•What's the guaranteed response time for after-hours emergencies?
•Do they have monitoring that catches issues even when you don't call?
4. "Do You Have Experience With Businesses Like Mine?"
**Why this matters:** A 10-person law firm has very different IT needs than a 50-person medical practice or a 25-person marketing agency. Industry experience means your MSP already understands your compliance requirements, the software you use, and the problems you'll encounter.
**What to listen for:**
•**Good answer:** "We support X companies in your industry. We're familiar with [your EHR/CRM/practice management software]. We understand [HIPAA/FINRA/legal compliance] requirements. Here are references from similar businesses you can contact."
•**Bad answer:** "We work with all kinds of businesses." This isn't automatically bad, but if they can't name a single client in your industry or explain your specific compliance landscape, they'll be learning on your dime.
**What to check:**
•Can they provide 2–3 references from businesses in your industry and size range?
•Do they hold relevant certifications (HIPAA compliance, SOC 2, CompTIA Security+)?
•Are they familiar with your industry-specific software?
•Do they understand your regulatory requirements?
5. "What Does Your Onboarding Process Look Like?"
**Why this matters:** How an MSP onboards you reveals how organized and thorough they are. A sloppy onboarding means months of catching up on issues that should have been identified and fixed on day one.
**What to listen for:**
•**Good answer:** "We have a 30–60 day onboarding process. First, we do a full network assessment — documenting every device, user, application, and configuration. We install our monitoring and management tools. We upgrade anything that's critically outdated. We set up your backup and security stack. We document everything in a shared knowledge base. Then we transition to steady-state monitoring and support."
•**Bad answer:** "We'll install our tools and you're good to go." Tooling installation without assessment is like a doctor prescribing medication without an exam.
**What to check:**
•Is there a documented onboarding checklist or process?
•Do they conduct a full network assessment before making changes?
•How long does onboarding typically take?
•What gets documented, and do you have access to the documentation?
•Is there a dedicated onboarding contact, or do you get shuffled between technicians?
6. "What Happens If We Want to Leave?"
**Why this matters:** This question makes some MSPs uncomfortable — which tells you a lot. The best MSPs are confident in their service and make it easy to leave. The worst ones lock you in with long contracts, proprietary tools, and data hostage tactics.
**What to listen for:**
•**Good answer:** "We require 30/60 days' notice. During the transition, we'll provide complete documentation of your environment, admin credentials for all accounts, and cooperate fully with your new provider. Your data is your data."
•**Bad answer:** Reluctance to discuss it. Contracts with auto-renewal clauses and steep early termination fees. MSP-owned licenses or tools that don't transfer. Vague language about data handoff.
**What to check:**
•What's the contract term and cancellation notice period?
•Are there early termination penalties?
•Who owns the licenses? (Microsoft 365 licenses, antivirus licenses, domain registrations)
•Do you get full admin credentials for all accounts?
•Will they provide documentation and cooperate with a new provider during transition?
•Do they use proprietary tools that lock you in, or industry-standard platforms?
7. "How Do You Handle Cybersecurity?"
**Why this matters:** Cybersecurity is no longer optional for businesses of any size. Cyber threats targeting small businesses are increasing every year - and your MSP should be your first line of defense, not an afterthought.
**What to listen for:**
•**Good answer:** "Cybersecurity is built into our standard offering. Every client gets endpoint protection, email filtering, MFA enforcement, backup with ransomware detection, security awareness training, and regular vulnerability assessments. For compliance-heavy industries, we offer additional layers including DLP, advanced threat protection, and compliance reporting."
•**Bad answer:** "We install antivirus and keep Windows updated." That was adequate cybersecurity in 2010. In 2026, it's negligent.
**What to check:**
•What specific [security tools](/services/cybersecurity) are included in the standard plan?
•Do they provide employee security awareness training?
•Do they conduct phishing simulations?
•How do they handle security incidents? Is there a documented incident response plan?
•Do they offer regular security assessments or penetration testing?
•For HIPAA/regulated industries: Do they sign a [Business Associate Agreement](/blog/hipaa-compliance-checklist-raleigh-healthcare)?
8. "Who Will Actually Be Working on My Account?"
**Why this matters:** You don't want a different technician every time you call — someone who doesn't know your systems, your people, or your quirks. Continuity matters for both efficiency and security.
**What to listen for:**
•**Good answer:** "You'll have a dedicated account manager who knows your environment. Our help desk technicians are W-2 employees (not contractors) based in [location]. The same team handles your account consistently. If you call, the person answering can pull up your network documentation and know your setup."
•**Bad answer:** "Whoever is available picks up the ticket." Large MSPs with high turnover mean you're explaining your environment from scratch on every call.
**What to check:**
•Will you have a dedicated point of contact?
•Where is the help desk located? (On-shore vs. offshore)
•How many technicians are on staff? What's their turnover rate?
•Are technicians employees or subcontractors?
•Can you meet the team before signing?
9. "How Do You Report to Us — and How Often?"
**Why this matters:** If you're paying $3,000–$5,000/month for IT management, you should know what you're getting for that money. Regular reporting keeps you informed, proves value, and surfaces risks before they become emergencies.
**What to listen for:**
•**Good answer:** "We provide monthly reports covering: tickets resolved, response time performance vs. SLA, security events blocked, patch compliance, backup success rates, and any recommendations. We also schedule quarterly business reviews to discuss your IT roadmap, upcoming needs, and budget planning."
•**Bad answer:** "You can call us anytime with questions." That's access, not reporting. If they don't proactively report, they're either not tracking metrics or the metrics aren't flattering.
**What to check:**
•Do they provide regular written reports?
•What metrics are tracked and reported?
•Do they offer quarterly or semi-annual business reviews?
•Is there a client portal where you can see open tickets, asset inventory, and reports?
•Do they make proactive recommendations, or just react to your requests?
10. "Can You Walk Me Through a Recent Problem You Solved?"
**Why this matters:** This question cuts through marketing language and reveals real competence. Any MSP can talk about their certifications and tools. Hearing them walk through how they actually diagnosed and resolved a complex issue tells you how they think, communicate, and operate under pressure.
**What to listen for:**
•**Good answer:** A clear, specific narrative. "A 30-person accounting firm called because their server was running slow during tax season. We identified the root cause was [specific technical detail], implemented [specific fix], and reduced processing time by 60%. We also identified two other risks during the investigation and addressed them proactively." This shows diagnostic skill, communication ability, and proactive thinking.
•**Bad answer:** Vague statements like "We fix all kinds of problems." Or: they can't think of a specific example. If they can't articulate their work, they're either too inexperienced to have good stories or too disorganized to learn from their experiences.
Red Flags to Watch For
Beyond the 10 questions, watch for these warning signs during your evaluation:
Pricing red flags:
•Quotes that are dramatically lower than competitors — they're either cutting corners or planning to upsell aggressively
•Pricing "per device" instead of "per user" — this often leads to much higher costs as device counts grow
•Long-term contracts (3+ years) without clear exit provisions
•Vague "starting at" pricing with no written scope of services
Technical red flags:
•They can't explain their security stack specifically
•They don't use any remote monitoring and management (RMM) tools
•They don't offer or require MFA for their clients
•They rely entirely on remote support with no local on-site capability
•They don't perform regular backup test restores
Communication red flags:
•Slow response during the sales process (it only gets worse after you sign)
•They don't ask you questions about your business, goals, or pain points
•They pitch a one-size-fits-all solution without understanding your needs
•They can't provide references or case studies
•They get defensive when you ask about exit terms
We handle this for Triangle businesses every day.
Get a free IT assessment — no obligation, just straight answers about your setup.
How to Compare MSP Proposals
Once you've narrowed your options, use a simple scoring matrix:
| Criteria | Weight | MSP A | MSP B | MSP C |
|----------|--------|-------|-------|-------|
| Clear pricing / scope | 15% | | | |
| Response time SLAs | 15% | | | |
| Cybersecurity included | 15% | | | |
| Industry experience | 10% | | | |
| After-hours support | 10% | | | |
| Onboarding process | 10% | | | |
| References / reputation | 10% | | | |
| Exit terms | 5% | | | |
| Reporting / reviews | 5% | | | |
| Cultural fit / team | 5% | | | |
| **Total** | **100%** | | | |
Score each on a 1–5 scale, multiply by weight, and compare totals. This forces objective evaluation rather than going with whoever had the best sales pitch.
Why Triangle Businesses Choose Triangle Tech
We built Triangle Tech around the principles in this article because we've seen what happens when businesses choose the wrong MSP. Here's what we believe:
•**Transparent pricing** — Flat monthly fee. No surprise invoices. Our [pricing page](/pricing) shows exactly what's included.
•**Written SLAs** — Response time guarantees in writing, with consequences if we miss them.
•**Security-first** — [Cybersecurity](/services/cybersecurity) isn't an add-on. It's built into every plan: endpoint protection, email filtering, MFA, security awareness training, and regular assessments.
•**Local presence** — We're based in the Triangle. Our technicians can be on-site in Raleigh, Durham, Cary, Chapel Hill, and the surrounding area when remote support isn't enough.
•**No lock-in** — You stay because we deliver results, not because a contract traps you. Easy exit terms with full documentation handoff.
•**Proactive communication** — Monthly reports and quarterly reviews. You always know what we're doing and why.
Ready to Find Your IT Partner?
Choosing an MSP is a big decision. Take your time, ask hard questions, and trust your instincts about communication and culture. The right MSP doesn't just fix computers — they enable your business to grow without technology holding you back.
If you'd like to see how Triangle Tech answers these 10 questions for your specific business, schedule a free consultation. We'll assess your current IT environment, discuss your goals, and show you exactly what a partnership with us looks like.
Schedule your free IT consultation →
Or call [(919) 446-5484](tel:9194465484). No sales pitch — just an honest conversation about your IT needs.