Seven questions to ask when evaluating SPs


Updated technology infrastructure is critical for organizations to succeed in today’s business environment. Old technology can negatively impact your business. Managed service providers (SPs) can help in this situation. Otherwise, you are, 

  • Giving cybercriminals a free pass
  • Putting your company in hot water with regulators
  • Reducing overall productivity
  • Causing employee dissatisfaction
  • Upsetting your customers.

The risk of keeping your IT infrastructure out of date becomes clear once you realize the consequences of ignoring the latest standards. However, you will need to devote additional time and effort to making the necessary changes. Although SPs can augment technology expertise and knowledge gaps, finding the right SP partner can be challenging, especially if you’ve never worked with one. That’s why I’ve compiled a list of seven of the most important questions you should ask a provider.

Questions to ask

  1. Do you offer 24/7/365 support? Unlike your employees, your systems and data do not need to sleep. To prevent downtime, data loss, and cyberattacks, your MSP should provide 24/7/365 monitoring and support. 
  2. Do you perform regular risk assessments? As risk factors constantly change, SPs must perform security risk assessments regularly to stay on top of emerging and evolving threats. Your SP partner’s risk assessment reports should provide an overview of potential internal and external threats.
  3. Do you meet my compliance needs? HIPAA compliance requires SPs to understand and comply with the standard so that they may benefit from it. Therefore, ask them if they are HIPAA compliant.
  4. Can you provide documentation to prove you are compliant and following best practices? A SP with a record of non-compliance and no best practices can be detrimental. Make sure they follow relevant standards and best practices.
  5. Do you have a disaster recovery (DR) plan? If your SP partner does not have a DR plan in place, they may be unable to withstand an incident. It must be updated and thoroughly tested, even if they already have one.
  6. Is third-party auditing performed to meet cybersecurity and compliance requirements? An SP that invests in a third-party audit can objectively demonstrate that its information systems and processes adhere to stringent requirements in critical areas such as security and compliance. Make sure you don’t overlook this aspect.
  7. Do you have high confidence in your security posture? If so, can you explain why? This is important because if your SP partner has a poor security posture, cybercriminals will easily break into your network. 

Why are the above questions crucial?

Having an SP on your side extends beyond saving you time and effort. To avoid penalties and reputational damage, it is imperative that you clearly understand how they plan to protect your company from evolving cyber threats.

Today’s businesses must have a solid incident response plan against ever-evolving cybersecurity threats. However, to build an effective response plan, you need expertise, resources and advanced tools. Consider leveraging the support of a service provider like us. Not only can we secure and optimize your network, but also help your business achieve sustained growth. Ready to transform your network challenges into opportunities? Contact us today to schedule a no-obligation consultation at

By the way, please download our mobile app, FRAUDSTER, which is available on Apple and Android. Learn more at

Posted in

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.