Choosing an IT provider is one of those decisions that feels low-stakes until it is not. The right partner makes technology an asset. The wrong one becomes an ongoing source of frustration, unexpected costs, and risk. Here are the seven questions that separate providers who are genuinely built to support your business from those who are not.
Question 1
What is your guaranteed response time, and does it change by issue severity?
This is the most direct measure of how seriously a provider takes service delivery. Anyone can say they respond quickly. A legitimate MSP commits to this in writing, with different SLAs (service level agreements) for critical, high, and low severity issues.
Good answer: "Critical issues — system down or security incident — we respond within 1 hour. High priority within 4 hours. Standard requests within 1 business day. This is in our contract."
Red flag: "We respond as fast as we can" or any answer that avoids a specific time commitment.
Question 2
Are on-site visits included in my monthly rate, or billed separately?
Many low-priced managed IT contracts look great until you realize that every on-site visit is an additional charge. For businesses with servers, network equipment, or specialty hardware that sometimes requires hands-on support, this exclusion can significantly change the real cost of the engagement.
Good answer: A clear explanation of what is included in the flat rate and what triggers a separate billing event — with an estimated frequency based on your environment.
Red flag: Vague answer, or a very low monthly rate with no mention of on-site billing at all.
Question 3
What security tools are included — and are they managed or just installed?
There is a significant difference between a provider who installs antivirus and one who actively manages endpoint detection and response (EDR), reviews alerts, and responds to threats. Ask specifically: what endpoint security tool do you use, are alerts reviewed by a person, and what happens when a threat is detected?
Good answer: "We deploy EDR on all endpoints. Alerts are reviewed by our team. If something is flagged, we isolate the affected device and contact you immediately. We also manage your firewall and email security."
Red flag: "We install antivirus" — basic antivirus is not sufficient protection for a modern business environment.
Question 4
How do you handle backups, and how often do you test restores?
Ask two separate questions: (1) what gets backed up and how often, and (2) when did you last perform a test restore? A provider that cannot answer the second question has backups that may not actually work when needed. Restore testing is the only way to confirm a backup is valid.
Good answer: "We monitor your backups daily and perform quarterly restore tests. If a backup fails, we are alerted and follow up with you. Here is what gets backed up and how long it is retained."
Red flag: "We set up backups when you onboard and check them if you report an issue."
Question 5
Do you have experience with businesses in my industry?
Healthcare, legal, finance, dental, manufacturing — each industry has specific software, compliance requirements, and operational patterns that a good IT provider should understand. An MSP that has supported dental practices knows Tracker, Dentrix, and Panoramic X-ray integrations. One that has supported financial services firms understands FINTRAC expectations and data retention policies. Industry experience reduces onboarding friction and avoids expensive learning curves at your expense.
Good answer: Specific examples of clients in your sector, what software they use, and what compliance requirements the provider has helped them meet.
Red flag: "We support all industries" with no specific examples.
Question 6
What happens if I want to leave?
This question reveals more about a provider's confidence than almost anything else. A trustworthy MSP will explain offboarding clearly: your documentation is yours, your licences transfer, access is handed over cleanly. A provider that makes offboarding difficult or vague is one that plans to use lock-in as a retention strategy.
Good answer: "All documentation is yours. We give you 30 days' notice offboarding support, transfer all admin credentials, and help your next provider get up to speed. Your Microsoft 365 and other licences stay in your name."
Red flag: Hesitation, vague language about "transition fees," or licences held in the provider's name.
Question 7
What does your onboarding process look like?
The first 30-60 days with a new IT provider tells you everything about how they operate. A well-run MSP has a structured onboarding process: discovery of your environment, deployment of monitoring and security tools, documentation of your assets, and a technical review call. An ad-hoc onboarding is a sign of an ad-hoc operation.
Good answer: A defined onboarding timeline — typically 2-4 weeks — that includes a network audit, tool deployment, documentation, and a kickoff meeting to align on priorities.
Red flag: "We just start taking tickets" or any answer that suggests there is no structured discovery phase.
What to Do With the Answers
Evaluate responses not just on what they say, but how confidently and specifically they say it. A provider who has genuinely done this work with many clients will answer these questions quickly and clearly. One who has not will hedge, generalize, or redirect.
After your calls, you should have enough information to compare providers on the dimensions that actually matter for your business: response time, security tools, backup practices, industry knowledge, and the quality of the relationship you will be entering.
See How Hexafusion Answers These Questions
We are a local Lower Mainland MSP with documented SLAs, included EDR and email security, quarterly backup restore testing, and clear offboarding terms. Request a quote and we will walk you through exactly what your engagement would look like.
Request a Quote Why businesses choose us