Guide

How to Choose an MSP

The complete UK business guide to finding the right IT partner

Choosing a Managed Service Provider is one of the most important decisions you'll make for your business. Get it right, and you'll have a technology partner that helps you grow. Get it wrong, and you could face security breaches, downtime, and wasted money.

This guide uses our vetting methodology methodology to show you exactly what to look for when evaluating an MSP.

📋 What You'll Learn

  1. Checking Credentials & Certifications
  2. Evaluating Technical Capabilities
  3. Researching Reputation & Reviews
  4. Understanding Service & Support
  5. Assessing Transparency & Pricing
  6. Red Flags to Watch For
  7. Questions to Ask Before Signing

1. Checking Credentials & Certifications

Before anything else, verify that the MSP is legitimate and properly qualified. This is the foundation of trust – and it's where many businesses skip ahead too quickly.

10
points in our methodology

✓ Credentials Checklist

  • Cyber Essentials certification – The UK government's baseline security standard. Essential for any MSP.
  • Cyber Essentials Plus – Hands-on verified version. Shows they practice what they preach.
  • ISO 27001 – Information security management. Important for regulated industries.
  • Microsoft Partner status – If they manage Microsoft 365/Azure, verify their partnership level.
  • ICO registration – Required if they handle personal data on your behalf.
  • Professional indemnity insurance – Ask for certificate of insurance.
  • Companies House registration – Check they're a legitimate UK company.

💡 Pro Tip

Don't just take their word for it. Ask for copies of certificates, or check directly with the certification body. Cyber Essentials certificates can be verified on the NCSC website.

2. Evaluating Technical Capabilities

An MSP's technical stack tells you a lot about their approach. Are they using enterprise-grade tools, or cutting corners with consumer products?

8
points in our methodology

✓ Technical Checklist

  • Remote Monitoring & Management (RMM) – Tools like Datto, ConnectWise, or NinjaRMM. Ask what they use.
  • Endpoint security – Look for EDR solutions like SentinelOne, CrowdStrike, or Sophos.
  • Backup & disaster recovery – How do they protect your data? What's their RTO/RPO?
  • Cloud expertise – Microsoft 365, Azure, AWS? Check their certifications.
  • Network infrastructure – Can they support your current and future needs?
  • Security stack – Firewall management, email security, DNS filtering?

🚩 Red Flag

If an MSP can't or won't tell you what tools they use, that's a warning sign. Transparency about their technology stack is basic. If they're evasive here, what else are they hiding?

3. Researching Reputation & Reviews

What do their current and former clients say? Online reputation is harder to fake and gives you real insight into what working with them is actually like.

8
points in our methodology

✓ Reputation Checklist

  • Google Reviews – Check their Google Business profile. Look for patterns in feedback.
  • Trustpilot / Clutch – Independent review platforms with verified reviews.
  • Case studies – Do they have documented success stories with businesses like yours?
  • Client references – Ask to speak with 2-3 current clients directly.
  • Industry experience – Have they worked with businesses in your sector?
  • Longevity – How long have they been operating? Check Companies House.

💡 Pro Tip

When speaking to references, ask: "What's been your biggest frustration with them?" Every MSP has weaknesses – a reference who can't name one probably isn't being honest.

4. Understanding Service & Support

How will they actually support you day-to-day? This is where the rubber meets the road.

5
points in our methodology

✓ Service Checklist

  • Response SLA – What's their guaranteed response time for critical issues?
  • Support hours – Are they 9-5, or do they offer extended/24-7 coverage?
  • UK-based helpdesk – Where are their support staff located?
  • On-site support – Do they offer visits to your office when needed?
  • Dedicated account manager – Will you have a named contact?
  • Onboarding process – How do they transition you from your current setup?

5. Assessing Transparency & Pricing

Pricing in the MSP world can be opaque. Look for clear, honest communication about costs.

4
points in our methodology

✓ Transparency Checklist

  • Clear pricing model – Per-user, per-device, or fixed fee? No hidden charges.
  • Contract terms – What's the minimum term? What's the notice period?
  • What's included/excluded – Get a clear scope of services.
  • Meet the team – Can you see who'll be working on your account?
  • Office presence – Do they have a real office you could visit?

🚩 Red Flag

Watch out for MSPs who won't give you a clear price without extensive "discovery". While some scoping is reasonable, a reputable MSP should be able to give you a ballpark quickly.

6. Red Flags to Watch For

These warning signs should make you pause – or walk away:

🚩 Major Red Flags

  • No Cyber Essentials certification – The bare minimum for a security-focused MSP.
  • Won't provide references – What are they hiding?
  • Pressure to sign quickly – Good MSPs don't need high-pressure tactics.
  • Vague about their tools – Transparency is non-negotiable.
  • No written SLAs – If it's not in writing, it doesn't exist.
  • Very cheap pricing – If it seems too good to be true, it probably is.
  • Poor online reviews – Patterns of complaints are telling.
  • Can't explain their security approach – This is their core job.

7. Questions to Ask Before Signing

Use these questions in your final evaluation:

📝 Essential Questions

  • "What happens if you're breached – what's your incident response plan?"
  • "Can I see your Cyber Essentials certificate?"
  • "What's included in the monthly fee, and what costs extra?"
  • "How do you handle staff leaving – what's your offboarding security process?"
  • "What's your average response time for critical issues?"
  • "Can I speak to three current clients in a similar industry?"
  • "What tools do you use for monitoring, security, and backup?"
  • "What's your approach to keeping systems patched and updated?"
  • "How do you handle disaster recovery?"
  • "What's the minimum contract term and notice period?"

Want Us To Do The Hard Work?

We independently assess MSPs against all 50 points so you don't have to.

Find Your MSP Match See Our Methodology

Summary: The 50-Point Framework

Our methodology breaks down into five key areas:

10
Credentials
8
Technical
8
Reputation
5
Service
4
Transparency

A great MSP should score well across all five. Our verified MSPs have been independently assessed against this framework, giving you confidence they meet high standards.

Ready to Find Your MSP?

Take our quick matching quiz to get personalised recommendations based on your location, size, and requirements.