You do not need a consultant to check whether your MSP is doing their job. Here is a straightforward audit you can run yourself.
See the AuditTalk to Us
Most companies never audit their MSP. They pay the invoice, assume things are fine, and find out otherwise during the breach or the failed audit.
Most companies never check whether their managed services provider is actually delivering. The invoices come in, the tickets get handled, and everyone assumes things are fine. But an MSP is easy to audit yourself if you know what to look at. This article walks through an audit you can run in about a day without any outside help.
Pick five workstations and one server at random. Check the last date patches were applied. If anything is more than a month behind on security patches, that is a problem. Ask your MSP for a report showing patch status across every managed device. Good MSPs have this on demand.
Ask when the last test restore happened on your most important data. Not a backup job that completed, an actual restore to verify the backup works. If the answer is never, or more than three months ago, you do not actually have a tested backup.
Verify MFA on every user account. Verify endpoint protection is installed and reporting on every device. Verify firewall firmware is current. Verify legacy authentication is disabled in Microsoft 365. Any gaps here mean the security baseline is not being maintained.
Ask to see the monitoring dashboard. A good MSP will show it without hesitation. Look for coverage of every managed server, every piece of network equipment, and every critical service. Gaps in monitoring mean problems will not get caught until they become outages.
Ask for a network diagram, an inventory of managed devices, a list of vendor contracts and renewal dates, and admin credentials in a secure vault you can access if needed. Any MSP that cannot produce these documents is leaving you dependent on them in an unhealthy way.
Look at the last three monthly reports. Are they specific? Do they show what was done and what is trending? Or are they generic templates that could apply to any client? Generic reports usually mean nobody is actually looking at your environment closely.
If your MSP passes all six checks, you have a good provider. If there are gaps in one or two areas, bring them up directly and give the MSP a chance to fix them. If there are gaps in three or more, start evaluating alternatives. See our MSP buyers guide for the evaluation framework.
MSP Buyers Guide | IT Health Check Checklist | Managed vs Break-Fix
Questions? Call 952-223-4422 or compare managed IT vs break-fix.
Call a RE2 Tech engineer today and get a specific proposal inside of 72 hours. No pressure, no long pitch.
952-223-4422helpdesk@re2tech.com