12 questions to ask before you sign.
Most MSP sales conversations skip past the questions that actually predict whether the relationship will work. Here are 12 we would want our own clients to ask us — and we would happily answer.
Choosing an MSP is a long-term decision. The wrong choice is painful to undo. Here are the questions that predict whether the relationship will work.
1. Who exactly will be on my account?
Names. A lead engineer, a backup engineer, an account manager. Not "our team." If they cannot tell you, you are buying anonymous helpdesk.
2. What is your response-time SLA — and what counts as response?
"Response within 15 minutes" can mean a human picked up the phone, or it can mean a ticketing system sent an autoreply. Get the definition in writing.
3. Are you on-call after hours, or just monitoring?
Many MSPs say "24/7" and mean a NOC that watches alerts, not a team that takes a call at 2 AM. Important distinction. Especially in healthcare and retail.
4. What is in your security stack, by name?
"Industry-leading EDR" is not an answer. Ask: which EDR product? Which email gateway? Which firewall brand? Which MDR provider? Real answers are specific.
5. Do you own incident response, or hand it to a partner?
Either is fine. But the answer should be unambiguous, and the partner (if external) should be named. Check whether the IR engagement triggers extra billing in the middle of an incident.
6. Show me a sample report you send your customers monthly.
What gets reported is what gets attention. Real reports list patches applied, tickets resolved, security events, restore-test results, capacity trends. Cosmetic reports show smiley faces and a "97% green" pie chart.
7. How do you handle change?
Documented change management — every change to production logged with who, what, when, rollback plan. Or "we just go in and fix things." The second answer is fine for tiny shops; risky at scale.
8. What is your approach to backup testing?
"We test backups regularly" is not an answer. Ask: how often is a full server restored from backup to a test environment? Quarterly is the floor.
9. What is your onboarding process?
The first 90 days set the relationship. Real onboarding includes a documented inventory, a security baseline review, identified-risk register, prioritised remediation plan. "We will get to know your environment over time" is an answer to avoid.
10. Can I talk to references in similar industries?
Three references, in your size range and your industry, picked by you (not curated by them). Two phone calls of 15 minutes each tells you more than a sales presentation.
11. What is your offboarding commitment?
Every healthy relationship contemplates its end. Ask: if we leave, do we own all our documentation, configurations, credentials, data exports? At what cost? Get it in writing.
12. Why have you lost customers?
The most diagnostic question. An MSP that has never lost a customer is either lying or new. Honest answers ("we grew faster than we could service," "we got the security wrong on a customer once," "the customer wanted things we did not offer") indicate a firm that learns.
What 4UIT commits to
One-year contracts that auto-renew. Named team on every account. Documented onboarding. Quarterly business reviews with real reports. References available before you sign. Offboarding handover at no extra cost. Take a brief if any of that resonates.
// Frequently asked questions
What is an MSP?
Managed Services Provider — a firm that takes on ongoing IT operations for another business under a fixed monthly contract. Typical scope: helpdesk, server and network management, security, backup, M365 administration, vendor management, strategic planning. Not the same as a project IT consultant or a break-fix shop.
How much does an MSP cost?
For Ottawa SMBs in 2025, expect $130–$250 CAD per user per month all-in for a fully-managed plan covering helpdesk, security, backup, and platform licenses. Per-device-only plans are cheaper but typically exclude licenses, security, and after-hours support.
What is the difference between an MSP and an MSSP?
An MSSP (Managed Security Services Provider) focuses specifically on security operations — SOC, MDR, SIEM, incident response. Many MSPs partner with an MSSP for the security layer (we partner with Sophos for MDR). Some MSPs run both functions in-house at scale.
How long should the contract be?
Three years is common in our industry. We prefer one-year contracts that auto-renew — so the relationship is earned, not locked. If a prospective MSP demands a long initial term, ask why.
Should I get multiple MSP quotes?
Yes. Ask three Ottawa MSPs for proposals against the same scope. The price spread will be meaningful, and the conversations themselves are diagnostic — pay attention to which firms ask good questions vs. which firms demo their portal.