Should I choose a local IT company or a big national provider?

For most small businesses, a local or regional provider wins: you matter to them, on-site response is realistic, and you talk to the same people consistently. National providers suit businesses with offices in several states. What matters more than size is whether their typical client looks like you.

How many quotes should I get?

Two or three is plenty. More than that and you'll drown in incomparable proposals. Spend the saved time going deeper on references and SLA detail with your shortlist.

What's a reasonable response time in an SLA?

For a small business: critical, work-stopping issues triaged within 15–60 minutes around the clock; high-priority issues within a few business hours; routine requests within a business day. Be suspicious of providers that promise everything instantly. Triage by severity is how serious providers actually operate.

Is it rude to ask an MSP about their own security?

No, it's essential. Your IT provider holds the keys to your entire business, and MSPs are actively targeted by attackers for exactly that reason. Any provider that bristles at being asked about their own MFA, access controls and incident history has answered your question.

How to Choose an IT Support Company: 12 Questions to Ask

Choosing an IT support company is a decision most business owners make once every five to ten years, with little to compare against and high stakes if it goes wrong: a bad provider doesn't just waste money, it leaves you exposed to outages and cyber incidents you won't discover until the worst moment. Yes, we're an IT support company telling you how to choose an IT support company. To keep ourselves honest, everything below is a question you can ask any provider, including us.

Start with your requirements, not their sales pitch

Before meeting anyone, write down one page covering:

How many staff and devices you have, and where they work
The systems your business cannot function without
What "down" costs you per hour, honestly estimated
Any compliance obligations (health records, legal files, finance)
What's frustrating you about IT today

This stops the conversation being driven by whatever the provider wants to sell, and makes proposals comparable later.

The 12 questions to ask

1. What are your guaranteed response times, in writing?

Ask for the actual SLA document, not a verbal assurance. Look for response times tiered by severity, and what happens when they're missed. No written SLA, no deal.

2. Who actually answers when we call?

A local team? An offshore call centre? A voicemail? Ask to call their support line during the evaluation and see what happens.

3. What exactly is included in the monthly fee?

Get the inclusions and exclusions in a table: on-site visits, after-hours work, projects, backup licensing, security tooling. Our managed IT pricing guide covers what's typically included and the market rates to expect.

4. What are your contract length and exit terms?

Month-to-month or 12 months is reasonable. Three-year lock-ins with auto-renewal and exit fees mean they retain clients with paperwork instead of performance. Ask specifically: "If we leave, how do we get our passwords, documentation and data, and what does offboarding cost?"

5. How do you secure your own business?

Your MSP will hold administrator access to everything you own, and attackers target MSPs precisely because of that. Ask about their own multi-factor authentication, how they store client credentials, and whether they've had incidents. Confident, specific answers are a good sign; vagueness is not.

6. How will you secure ours? Mention the Essential Eight.

Any Australian provider worth hiring can explain the ACSC's Essential Eight in plain language and describe how they'd apply it to a business your size. If they've never heard of it, keep looking.

7. When did you last test-restore a client's backup?

Not "do you do backups", because everyone says yes. The question is whether restores are tested, how often, and how long a full recovery would take for a business like yours. (Why this matters: cloud vs local backup and the 3-2-1 rule.)

8. Can we speak to two current clients our size?

Then actually call them. Ask what the provider is like on a bad day, during an outage or after a mistake, not a good one.

9. What does onboarding look like, and what does it cost?

A serious provider audits your environment, documents it, and gives you a transition plan with timelines. Be wary of anyone who can start tomorrow with no discovery work.

10. How do you report on what you actually do?

Monthly or quarterly reporting on tickets, patching status, backup health and upcoming risks keeps a provider accountable. If the answer is "you won't hear from us unless something's wrong", you'll never know whether you're getting what you pay for.

11. Who owns the licences, domains and accounts?

Everything, including your domain name, Microsoft 365 tenancy and software licences, should be owned by you, with the provider as a delegated administrator. Providers who put client assets in their own name make leaving painful by design.

12. What happens when something is beyond you?

Good providers have escalation paths through vendor relationships and specialist partners, and will say "we'd bring in X for that". Providers who claim to do everything in-house at small-business prices are overpromising.

Red flags to walk away from

Pressure to sign before an audit of your environment
No written SLA, or refusal to share a sample contract
Client assets (domains, tenancies) registered in their name
Jargon used to dodge direct questions
Trash-talking your current provider instead of explaining their own value
Quotes wildly below market: someone has to pay for the gap, and it'll be you

Comparing proposals side by side

Put your two or three proposals in one spreadsheet: all-in monthly cost for your headcount, response times by severity, inclusions/exclusions, contract term and exit cost, onboarding cost, and reference-check notes. Score them. The cheapest quote rarely wins on this view, and that's the point.

Deciding between hiring and outsourcing instead? Read our honest comparison of in-house IT vs managed IT services first. For some businesses, a hybrid of both is the right answer.

How to Choose an IT Support Company for Your Small Business

Start with your requirements, not their sales pitch

The 12 questions to ask

1. What are your guaranteed response times, in writing?

2. Who actually answers when we call?

3. What exactly is included in the monthly fee?

4. What are your contract length and exit terms?

5. How do you secure your own business?

6. How will you secure ours? Mention the Essential Eight.

7. When did you last test-restore a client's backup?

8. Can we speak to two current clients our size?

9. What does onboarding look like, and what does it cost?

10. How do you report on what you actually do?

11. Who owns the licences, domains and accounts?

12. What happens when something is beyond you?

Red flags to walk away from

Comparing proposals side by side

Frequently Asked Questions

Talk to a local IT expert

Start with your requirements, not their sales pitch

The 12 questions to ask

1. What are your guaranteed response times, in writing?

2. Who actually answers when we call?

3. What exactly is included in the monthly fee?

4. What are your contract length and exit terms?

5. How do you secure your own business?

6. How will you secure ours? Mention the Essential Eight.

7. When did you last test-restore a client's backup?

8. Can we speak to two current clients our size?

9. What does onboarding look like, and what does it cost?

10. How do you report on what you actually do?

11. Who owns the licences, domains and accounts?

12. What happens when something is beyond you?

Red flags to walk away from

Comparing proposals side by side

Frequently Asked Questions

Talk to a local IT expert

Related guides