Skip to content
WhatMSP
Our methodology

How we rate MSPs.

Every provider on the register is scored out of 50 across five areas that genuinely matter to the businesses they serve. Credentials are verified at source — we don’t sell rankings; the metal is earned, never bought.

PLATINUM Independently verified by WhatMSP · 2026 HASH 097C094E 45 / 50 GOLD Independently verified by WhatMSP · 2026 HASH 9D1A198D 38 / 50 SILVER Independently verified by WhatMSP · 2026 HASH 927BB68D 29 / 50
The score

One number, fifty points, five categories.

The WhatMSP score is a single figure out of 50. It is the sum of five weighted categories, each assessed against verifiable evidence gathered during an independent audit. There is no opinion column and no “editor’s choice”. A provider either has the certification, the reviews, the cover and the track record — or it doesn’t.

Because the score is built from evidence, two assessors looking at the same provider reach the same number. That repeatability is the whole point: it is what lets buyers compare one MSP against another on a level footing.

Worked example · a Gold provider

38/50
Vetting score
0 S·25 G·32 P·40 50

A score of 38 clears the Gold threshold of 32 but sits below Platinum’s 40. The gauge shows exactly where a provider lands against every tier line — no rounding, no spin.

The five categories · 50 points

12
Security & Compliance

Cyber Essentials & CE Plus, IASME Cyber Assurance, ISO 27001 and ISO 9001, Crown Commercial Service / G-Cloud, IASME certification-body status and ICO registration. Can they protect themselves — and you?

12
Capability & Technical

Microsoft Solutions Partner status, verified individual certifications on staff (CISSP, Microsoft, CompTIA), cloud expertise, RMM tooling, 24/7 cover, documented processes and a managed security stack. Can they actually do the job?

10
Trust & Reputation

Independent reviews across Google and other platforms, an evidenced Net Promoter Score, verified client references, case studies and trading history. Do the claims hold up?

8
Service Quality

Written SLAs, UK-based support (not outsourced), dedicated account management, structured onboarding, on-site capability and a client portal. What is it like to work with them?

8
Reliability & Stability

Professional indemnity insurance graded by cover level, cyber insurance, business continuity / disaster recovery, financial health, transparent pricing and visible leadership. Will they still be here in three years?

Total available 50 points
The full checklist

Every criterion, on the table.

Nothing hidden. This is the exact checklist our engine scores — the points each criterion is worth, and where we verify it. Published straight from the live scoring model.

Security & Compliance

max 12
  • Cyber Essentials IASME / NCSC register
    +2
  • Cyber Essentials Plus IASME / NCSC register
    +2
  • ISO 27001 or IASME Cyber Assurance (ISMS) UKAS / IASME register
    +2
  • ICO Registered ICO register
    +1
  • ISO 9001 (Quality Management) UKAS / accreditation register
    +1
  • Crown Commercial Service / G-Cloud CCS supplier list
    +1
  • Cyber Essentials / CE Plus Certification Body IASME
    +1
  • CREST accredited CREST register
    +1
  • SOC 2 Certification
    +1

Capability & Technical

max 12
  • Microsoft / AWS / Google Cloud partner Vendor partner programmes
    +2
  • Cloud expertise Services / Declaration
    +2
  • RMM / monitoring tooling Products / Declaration
    +1
  • Verified individual certifications on staff Certification
    +3
  • 24/7 or extended-hours support Self-declaration
    +2
  • Documented processes / ITIL Self-declaration
    +1
  • Security stack (EDR / SIEM / SOC) Products / Declaration
    +1

Trust & Reputation

max 10
  • Google reviews (4+ stars) Google Places
    +3
  • Trustpilot / other platforms Platform cache
    +1
  • Case studies / testimonials Self-declaration
    +1
  • Evidenced Net Promoter Score Verified attribute
    +2
  • Verified client references Verified attribute
    +2
  • Trading history (5+ years) Companies House
    +1

Service Quality

max 8
  • Written SLAs Self-declaration
    +2
  • UK-based support (not outsourced) Verified attribute
    +2
  • On-site support capability Self-declaration
    +1
  • Client portal / ticketing Self-declaration
    +1
  • Dedicated account management Self-declaration
    +1
  • Structured onboarding Self-declaration
    +1

Reliability & Stability

max 8
  • Professional indemnity insurance Verified attribute
    +2
  • Transparent pricing Website / Declaration
    +1
  • Team / leadership visible Website / Declaration
    +1
  • Cyber insurance Verified attribute
    +1
  • Business continuity / disaster recovery Verified attribute
    +1
  • Financial health (turnover / accounts) Companies House
    +1
  • Proactive communication & contract terms Self-declaration
    +1

Total available: 50 points. Your tier is whichever band the score lands in — Silver 25, Gold 32, Platinum 40. Audit depth changes how thoroughly we look; it never caps the number.

The tiers

Silver, Gold and Platinum.

A provider’s tier is set purely by its score — nothing else moves the line. Audit depth changes how thoroughly we look (interviews, reference checks, on-site visits), but it never caps or inflates the score. Any provider that meets the criteria can reach Platinum.

SILVER Independently verified by WhatMSP · 2026 HASH 927BB68D 29 / 50
Silver
Threshold
≥ 25/50

A solid, credible provider. Meets the baseline on security, holds professional cover and has the reviews and trading history to back it up.

GOLD Independently verified by WhatMSP · 2026 HASH 9D1A198D 38 / 50
Gold
Threshold
≥ 32/50

A strong all-rounder. Demonstrates depth across capability and service, with verified references and transparent commercial terms.

PLATINUM Independently verified by WhatMSP · 2026 HASH 097C094E 45 / 50
Platinum
Threshold
≥ 40/50

The top of the register. Comprehensive certification, an exemplary track record and evidence of proactive, mature operations across the board.

Below 25/50, no badge is issued. Providers that don’t meet the baseline aren’t ranked — and they aren’t charged for a badge they didn’t earn.

What we verify

Checked at source, not taken on trust.

A claim on a website isn’t evidence. Where an independent register or issuing body exists, we check against it directly. These are the records that underpin a WhatMSP score.

Companies House

Legal entity, incorporation date, company status and named directors — confirmed against the official UK register.

IASME · Cyber Essentials

Cyber Essentials, CE Plus and IASME Cyber Assurance, verified against the IASME-issued certificate and the NCSC list of certified organisations.

UKAS · ISO 27001 / 9001

Information-security and quality-management certifications confirmed through the UKAS-accredited certification body, not just a logo on a footer.

Crown Commercial Service

Public-sector supplier status checked against the CCS supplier list and the G-Cloud / Digital Marketplace.

Individual certifications

Professional certifications held by named staff — CISSP and (ISC)², Microsoft, CompTIA — checked against the issuing body.

ICO registration

Registration as a data controller or processor, checked on the Information Commissioner’s public register.

Professional & cyber insurance

Evidence of current professional indemnity cover (graded by level) and dedicated cyber insurance.

Independent reviews & NPS

Ratings and review counts from Google and other public platforms, plus an evidenced Net Promoter Score where provided.

Companies House Cyber Essentials ISO 27001 ICO registered PI insured
Independence

The metal is earned, never bought.

Providers pay for the audit and, if they choose, for a premium listing. Neither buys a better score and neither changes the ranking. A provider that fails the baseline is told so — and is not charged for a badge. The leaderboard you see is ordered by score alone, and it always will be.

£0
For buyers, always
/50
Evidence-based score
5
Weighted categories
0
Paid rankings

Compare the register

Browse every vetted provider, ranked by independent score.

Get matched

Answer a few questions and we’ll shortlist providers that fit.

Learn how to choose

Our guide walks you through evaluating an MSP yourself.