Is Your MSP Actually Doing Their Job?
How to evaluate your current IT provider’s performance, identify gaps in service, and ensure you’re getting what you’re paying for.
The Problem: Most Business Owners Can’t Tell If Their MSP Is Doing a Good Job
You’re paying your MSP thousands of dollars per month. They send technicians when something breaks. They answer tickets. But are they actually protecting your business?
Here’s the uncomfortable truth: many MSPs do the bare minimum—answering support tickets and putting out fires—while neglecting the critical preventive work that keeps businesses safe. And most business owners have no way to verify the difference.
Real Stories of MSP Failures
We’ve documented businesses that discovered too late their MSP wasn’t doing what they promised:
- A 45-person firm paid for backups for 3 years. When their server crashed, no backups existed. Cost: $185,000 in lost data and reconstruction.
- A fired employee retained active login access for 4 months. He deleted critical files. Cost: $92,000 in recovery and legal fees.
- File permissions were misconfigured, exposing all salary data to hourly employees. Cost: $14,000+ in HR cleanup and employee relations.
In every case, the business owner thought their MSP was handling it.
Warning Signs Your MSP Isn’t Performing
Here are the red flags that indicate your MSP may not be delivering what they promised:
🚩 Communication & Accountability Red Flags:
- You haven’t had a strategic planning meeting in 6+ months (or ever)
- You don’t receive monthly reports showing what they did or didn’t do
- They only contact you when something breaks or when they want to sell you something
- You have no idea what security tools are installed on your computers
- They can’t produce documentation when you ask for network diagrams or passwords
- Tickets take days to get responses, with no explanation for delays
🚩 Backup & Disaster Recovery Red Flags:
- They’ve never shown you proof that backups are working
- You can’t remember the last time they tested a restore
- You don’t know what’s being backed up (all data? just some?)
- You have no idea how long it would take to restore if disaster struck
- Backup alerts show failures, but nobody follows up
🚩 Security Red Flags:
- Former employees can still access company systems weeks after termination
- You don’t know if security patches are being applied
- No multi-factor authentication (MFA) on critical systems
- Your MSP has never conducted a security assessment
- Employees use the same passwords for years with no enforcement policy
- You’ve had multiple “minor” security incidents that were never fully investigated
🚩 Strategic Planning Red Flags:
- Hardware upgrades come as surprises with “it needs to be replaced now” urgency
- No technology roadmap showing planned upgrades over 1-3 years
- They recommend expensive solutions without explaining alternatives
- Budget overruns are common because nothing was planned in advance
If you recognize 3 or more of these red flags, your MSP is underperforming.
Get Your My IT Support Report Card
Take our 70-point assessment to grade your MSP across 7 critical areas. Know exactly where they’re falling short.
What Your MSP Should Be Doing Every Month
Professional MSPs follow documented processes and provide proof of their work. Here’s what good MSP service looks like:
✓ Monthly MSP Responsibilities
- Monitor all systems 24/7 and respond to alerts proactively
- Apply security patches within documented timeframes
- Verify backup success rates and investigate any failures
- Review security logs and address any suspicious activity
- Generate monthly performance reports (tickets, uptime, security)
- Track aging hardware and provide advance notice of needed replacements
- Maintain current documentation (network diagrams, passwords, licenses)
- Conduct user access reviews to remove terminated employees
✓ Quarterly MSP Responsibilities
- Conduct Quarterly Business Review (QBR) meeting with leadership
- Test backup restore procedures to verify data can be recovered
- Review technology roadmap and upcoming projects
- Assess budget vs. actual spending and plan for next quarter
- Review security posture and recommend improvements
- Update disaster recovery plan based on business changes
If your MSP isn’t doing these things, you’re not getting full-service IT management—you’re getting break-fix support dressed up as managed services.
Questions Your MSP Should Be Able to Answer (Right Now)
Call or email your MSP and ask these questions. Their answers will tell you everything you need to know about their competence and accountability.
Backup Verification Questions
Good answer: “We tested a full restore on [specific date within last 90 days] and a file-level restore on [recent date]. Here’s the documentation.”
Bad answer: “The backups are running fine” or “We monitor the backup software” (without proof of actual restores).
Good answer: They produce clear reports showing success/failure rates, what’s backed up, and any issues that were resolved.
Bad answer: “I’ll have to generate that for you” or “We don’t create those reports.”
Good answer: Specific timeframe (e.g., “48-72 hours for full operations, 4-6 hours for critical systems”) with documented recovery procedures.
Bad answer: Vague response like “pretty quickly” or “it depends.”
Security Questions
Good answer: Specific product names (e.g., “We use [EDR product] for endpoint protection, [DNS filtering product] for web security, and [email security product]”).
Bad answer: Generic answer like “antivirus” or “we have security covered.”
Good answer: Report showing which systems were patched, which are pending, and any systems that failed patching with explanations.
Bad answer: “We patch everything automatically” (without proof).
Good answer: Documented offboarding checklist including email, VPN, applications, file access—all disabled within 24 hours (ideally same day).
Bad answer: “Just let us know and we’ll take care of it” (no defined process).
Documentation Questions
Good answer: They produce an up-to-date diagram showing servers, switches, firewalls, internet connections, and how everything connects.
Bad answer: “We’d need to create that” or “It’s not current.”
Good answer: Professional password management system (like IT Glue, Hudu, or similar) with secure access controls.
Bad answer: Excel spreadsheet, sticky notes, or “in our heads.”
Good answer: Current documentation showing what you own, expiration dates, and upcoming renewals.
Bad answer: “We’d have to pull that together” or “You should have that information.”
Performance & Accountability Questions
Good answer: Specific numbers: “You submitted 23 tickets. Average response time was 2.3 hours. 21 resolved, 2 still in progress.”
Bad answer: “We’ve been pretty busy” or “I’d have to check.”
Good answer: Specific percentage (e.g., “99.7% uptime”) with details on any outages and root causes.
Bad answer: “Pretty good” or “We don’t track that.”
Good answer: Specific date on the calendar, preferably scheduled quarterly in advance.
Bad answer: “Whenever you want to meet” or “We haven’t scheduled one yet.”
The “Prove It” Test
The best way to evaluate your MSP: ask them to prove their claims.
Don’t accept “we’re monitoring your systems” or “backups are running fine.” Demand documentation. Professional MSPs keep detailed records and can produce proof instantly.
If they get defensive when you ask for documentation, that’s a red flag.
What Should Be in Your Monthly MSP Report?
You should receive a monthly report (without having to ask for it) that includes:
✓ Essential Components of MSP Monthly Reports
- Ticket Summary: Number of tickets, average response time, open vs. closed
- Backup Status: Success rates, any failures and resolutions, storage capacity
- Security Updates: Patches applied, security alerts, threat activity
- System Health: Server status, disk space, upcoming capacity issues
- Network Performance: Uptime percentage, bandwidth usage, outages
- Hardware Status: Aging equipment, warranty expirations, recommended replacements
- Software Licenses: Upcoming renewals, new software requests
- Projects & Planning: Status of ongoing projects, planned initiatives
If your MSP isn’t providing these reports, you have no visibility into what they’re actually doing. That’s unacceptable for a service you’re paying thousands for each month.
How to Have “The Conversation” with Your MSP
If you’ve identified gaps in your MSP’s performance, here’s how to address it professionally:
Step 1: Document Your Concerns
Make a list of specific issues: missing reports, unanswered questions, lack of documentation, security concerns. Be factual, not emotional.
Step 2: Schedule a Meeting
Don’t address this via email or casual conversation. Request a formal meeting with your MSP’s leadership (not just the technicians).
Step 3: Present Your Expectations
Use our assessment or create your own list of requirements. Say: “Based on industry best practices, here’s what we expect from our MSP relationship going forward.”
Step 4: Request an Action Plan
Give them 30 days to provide: updated documentation, monthly reports, a QBR schedule, and answers to your questions. If they can’t commit to this, it’s time to evaluate alternatives.
Step 5: Follow Up in 30 Days
If they’ve made improvements, great. If nothing has changed, start interviewing replacement MSPs.
When It’s Time to Switch MSPs
Some situations can’t be fixed with better communication:
- Repeated backup failures with no root cause analysis
- Security breaches that could have been prevented
- Inability or unwillingness to provide documentation
- Consistent failure to meet response time commitments
- Defensive or hostile reactions when you ask questions
- Evidence of billing for work not performed
Trust is essential in an MSP relationship. If it’s broken, it’s better to switch than continue with a provider you can’t rely on.
Get an Independent Assessment of Your MSP
Use our 70-point evaluation tool to objectively grade your MSP’s performance. Identify exactly where they’re falling short and what needs to improve.
How My IT Support Report Card Helps You Take Control
We provide business owners with tools to independently verify their MSP’s work—without needing technical expertise.
Our Platform Helps You:
- Assess MSP performance across 7 critical areas with objective scoring
- Track accountability month-over-month with performance metrics
- Plan better QBRs with structured agendas that keep MSPs focused
- Request monthly documentation to verify backups, security tools, and patches
- Validate pricing on recommendations to avoid unnecessary expenses
- Get expert guidance on what questions to ask and what documentation to request
Think of us as your independent IT advisor. We don’t sell MSP services, so we have no incentive to recommend expensive solutions or defend poor performance.
Trust, But Verify
The best MSPs welcome accountability. They’re proud to show their work, provide documentation, and demonstrate the value they deliver.
If your MSP gets defensive when you ask for proof of their work, that tells you everything you need to know.