Tech Work Is Largely Invisible. So How Do You Know Anything's Actually Getting Done? Especially in Outsourced IT Services Agreements.
Sure you know if your machines are getting updated. And you could walk around to find out if all your new phones got installed. But what about your data backups? What about all the policies and configurations that keep your network secure?
The security and integrity of your business rely on timely backups, the right configurations, and accurate permissions. All of which you can't see.
So how do you know you're getting what you paid for?
Outsourced IT Services v. Internal IT Department
Business owners need to know that their money is spent wisely. And the CFO is on the hook if it isn't. Nine times out of ten, though, neither of those people have the technical knowledge to understand the behind-the-scenes work, let alone know if it's worth the investment.
And this is where the majority of the CIO v. CFO struggle starts. The person in charge of the purse strings can't figure out what the company is spending money on and why it's valuable. So they either ask lots of questions to try to understand or write off the department as a cost center.
What your business really needs is a go-between: someone who understands the ins and outs of the technology world and knows how to convey that value to a roomful of non-technical people.
For MSPs, that person is your vCIO. A vCIO is a kind of technology consultant you get when you outsource IT services. They work with both the technical and executive leadership teams to drive business objectives. They take the leadership goals and translate that into actionable plans that the technical team can execute. Then they take the results of those actions and relay them back to the leadership team as risk quotients and ROI.
For internal teams, that person should be your CIO or highest-level IT manager. They should be able to create a technology strategy that meets executive goals and ensure their team implements it accurately. The difficulty, especially for small businesses, is that these types of individuals cost a lot and typically still need teams to do the daily activities. It's rare (though not impossible) to find an individual who can think big-picture while they're handling the daily grind.
How to Hold MSPs Accountable
For many leaders, it can seem easier to hold someone accountable for their work if they sit in the office. While there may be some truth to that, MSPs are specifically designed to provide their clients with increased accountability. Not to mention, outsourced IT services are becoming a commodity. And it's easier to switch vendors than it is to fire the one guy who holds the keys to your castle.
- Outsourced IT Services Backed by SLAsEvery managed service provider should give you a Service Level Agreement (SLA). It defines the level of service you can expect from your provider, the metrics you can all use to measure success or failure, and the consequences and solutions for not meeting those metrics. An SLA is the gold standard of accountability in MSP partnerships. Not only does it clearly set expectations, but it also gives you the tools to measure their work and take action when you are not satisfied with the results.
- Regular CommunicationIn addition to the SLA, most MSPs will conduct periodic business reviews (PBRs) with your key stakeholders. These may be monthly, quarterly, or annually depending on the type of service and the level of involvement you want with your provider. In these PBRs, your provider should give you a report of everything that was completed in the last period. That would include all tickets, projects, or implementations that were created with their current status. It would also include a technology plan for the next period that you would agree to before the end of the review. The last piece to the PBR is your feedback. This is your time to tell us what we've done well, where we missed your expectations, and how we can be a better partner to you.
If you have helpdesk service with your MSP, you should also receive (or be provided a way to access) an executive summary that contains ticket updates for the previous 30 days. This lets you hold your MSP accountable to their SLA while also ensuring their team is taking on an adequate amount of work to justify the monthly cost.
3. Understanding Regulatory ComplianceWhen you hire an internal resource, you have no guarantee they'll understand the ins and outs of any regulations or compliance requirements your business must adhere to. MSPs, however, have to understand the regulations, make sure your business adheres to them, and ensure they do as well. And they have to do that for every business on their books.
Because MSPs work with businesses in all industries, regulated and not, they're old hat at implementing the policies or tools you need to ensure compliance. They also know the pitfalls and the best user adoption techniques because they've implemented them at other businesses and with their own employees.4. Held to Tech Industry StandardsOutside of the industry standards, MSPs hold their teams to even higher technical standards. They're required to achieve professional development milestones or certifications to move forward in their careers. As well as maintain strict confidentiality and security on consumer data.
Not to mention, some of the most targeted businesses outside SMBs are MSPs. So MSPs lock down their systems and your data to protect your business and theirs. That means they're adopting some of the most strict and hardest to implement policies, even if your business doesn't require it.
How to Vet an MSP
That's everything your MSP should be doing. But how do you know for sure?
If you're already using outsourced IT services, you can make certain adjustments to your partnership at any time. Ask your MSP to come on-site for PBRs more often. Or ask for more frequent and in-depth reporting. Specify what you want to see and when you want to see it.
But if you're looking at hiring a new MSP or replacing your old one with a new one, here are some red flags to watch for:
- How They Prove Value for Outsourced IT ServicesOne of the first questions you should ask your MSP is what reports or metrics they provide you that prove the value of their work or service. What kinds of data are included in those reports? How often will you receive them? Do they have a portal for you to check metrics whenever you'd like?
For helpdesk services, you should expect a monthly executive summary that includes the number of tickets opened
For projects or implementations, expect a project plan or some form of communication outlining what the project includes, the timeline for completion, and the purpose of the project. After the project is done, expect a project summary with a completion confirmation and a description of what was done. If a project did not complete on time, you should also request the reasoning in that summary. Not all projects have a direct return on investment (looking at you, cybersecurity), but those that do should include some form of note about when you should expect to see that return.2. How They Maintain ComplianceRegulations are always changing. When vetting a new managed service provider (MSP), you should ask what they're currently doing to ensure compliance and how they monitor for any regulatory changes that require action. If they can't answer either of those questions, run away as fast as you possibly can.3. How They Protect Your Customer DataIt's not just your data that your MSP has access to. They have all your customer data too. Before you choose a vendor, make sure you know:
- What policies they have in place to protect your data
- What measures they enforce to protect your customer data
- Who inside the MSP has access to your company or customer data
- What Professional Development Standards They Have for Their Technicians and EngineersThese people will be working on your laptops and in your servers. They'll be on your network. So you want to be sure if they're working on your tech that they're qualified to do so.
Every MSP has a tiered form of technical support that starts with helpdesk technicians and goes up to engineers. Each tier requires specific experience or certifications and gives the tech access to more of your environment. While helpdesk technicians don't need a ton of technical certifications to reset passwords and troubleshoot your basic issues, a specialist or engineer should have up-to-date certifications they can provide you.
- How They Hold Their Own Team AccountableOutsourced IT service partnerships aren't one-way streets. They require feedback from you and your team to be successful. But that means you need to be sure any feedback you give will be heard and discussed.
What does their internal accountability structure look like? How do you provide your MSP feedback? What's done with it once you've given it? These are all questions you should know the answers to so you walk into your partnership with the best chance for long-term success.