To choose a managed IT provider, score each on seven weighted criteria out of 100: response-time SLAs (20%), security stack included (20%), after-hours coverage (15%), pricing transparency (15%), compliance support (10%), references (10%), and exit terms (10%). Below 70 signals a critical gap.
| Criterion | What to look for | Weight |
|---|---|---|
| Response-time SLA | Guaranteed response & resolution times in writing | 20% |
| Security stack | MFA, managed EDR, backups, patching included (not extra) | 20% |
| After-hours / 24-7 | Real coverage outside business hours | 15% |
| Pricing transparency | Clear per-user rate; what's billed extra is spelled out | 15% |
| Compliance support | PIPEDA / Law 25 / SOC 2 / PHIPA experience | 10% |
| References & fit | Clients your size and industry, contactable | 10% |
| Exit terms | You keep accounts, data & docs if you leave | 10% |
How to use the scorecard
Score each managed-services provider 1–5 on every criterion, multiply by the weight, and total the result out of 100. Anything below 70 means a critical gap — usually security included as an add-on, vague SLAs, or unclear exit terms. Compare at least two providers side by side.
Questions to ask every MSP
- ✅ What are your guaranteed response and resolution times?
- ✅ Is security (MFA, EDR, backups, patching) included or billed extra?
- ✅ Who answers after hours and on weekends?
- ✅ Is your pricing fully transparent — what's extra?
- ✅ Can you support PIPEDA / Law 25 / SOC 2 / PHIPA?
- ✅ Can you share references my size and industry?
- ✅ If I leave, do I keep my accounts, data and documentation?
See also how to choose an IT provider and the 2026 cost index.
FAQ
How do I choose an MSP?
Score providers on response-time SLAs, whether security is included, after-hours coverage, pricing transparency, compliance support, references, and exit terms. Weight each criterion and compare at least two side by side.
What should an MSP include in its base price?
Security should be included, not extra: MFA, managed endpoint protection, backups, and patching, plus a staffed helpdesk and clear SLAs. If security is an add-on, treat it as a red flag.
What questions should I ask before signing with an MSP?
Ask about guaranteed response times, whether security is included, after-hours coverage, pricing transparency, compliance experience, references your size, and what happens to your data if you leave.
How do I avoid getting locked into an MSP?
Confirm in writing that you keep your accounts, data, and documentation if you leave, ask about exit terms up front, and prefer providers with transparent pricing and clear SLAs.
Get a free assessment
Independent guidance from TechCare Canada; hands-on delivery by IT Cares. Leads only, no payment.