How to Evaluate Your Current IT Provider

After thirteen years of taking over Texas client environments from other IT providers, I can usually form a reasonably reliable opinion within one site visit whether the existing provider is doing the job. The tells are unromantic — they are not about certifications on the wall or logos on a website, and they are almost never about technical skill. They are about discipline, documentation, and whether the relationship is being maintained like a relationship or billed like a subscription.

This article is the checklist I actually use. I'm writing it for the business owner or office manager who suspects something is off with their current IT arrangement but cannot quite put words to it. The questions below will either surface a real problem or confirm that your provider is doing better work than you gave them credit for. Either outcome is useful.

The first test: ask for your asset inventory

Call your IT provider and ask them to send you the current list of every device your business owns: every workstation, laptop, server, firewall, switch, wireless access point, printer, IP phone, and camera. Serial numbers. Warranty end-dates. Assigned user. Operating system and version. You want this delivered as a document — a spreadsheet, a PDF, a link to a documentation portal — within one business day.

If you get it, that is one of the strongest single signals that your provider is competent. If you don't, everything else in this article is moot: without an inventory, your provider cannot reliably patch what you have, cannot defend it, and cannot replace it on a rational schedule. The absence of the inventory is the single clearest tell in the entire industry.

The second test: the network diagram

Ask for a current network diagram. Not a screenshot of the controller. A diagram — drawn and labeled, showing how your internet enters the building, which firewall it lands on, which VLANs and SSIDs exist, which switches and access points serve which sections of your office, and where your servers, workstations, and cameras sit.

If the provider cannot produce one, it means either it was never drawn, or it was drawn at onboarding and never updated, or it exists only in the head of a technician who may or may not still work there. Every one of those outcomes should worry you.

The response-time conversation

Ask for the last ninety days of ticket history. Not aggregate numbers — the individual tickets: opened, categorized, first response, resolved, notes. A provider on a managed agreement with you should be able to produce this in minutes, because it is the core operational record of the relationship.

What you're looking at: median first-response time (aim for under an hour during business hours), median resolution time (varies by ticket type), and — most telling — how many tickets were opened by you versus opened by the provider's monitoring. A healthy ratio in a managed environment is that a meaningful fraction of tickets are opened by the monitoring system before you noticed an issue. If every ticket in your history was opened by your staff, you are being supported reactively; the managed part of the managed-services agreement is not functioning.

The backup test

Ask when the last actual test restore was performed. Not "the backup ran successfully last night" — an actual restore, where a file or a database was pulled out of backup and brought back to a usable state. A real provider runs test restores on a defined cadence, ideally quarterly, and can tell you the last one by date.

If the answer is "we test when we need to" or "the backup status shows green every morning," you do not have a tested backup, you have a theoretical backup. I have restored production data from enough "green-status" backups that turned out to be corrupt, incomplete, or missing critical volumes to consider the test-restore discipline non-negotiable.

The security baseline

Ask three questions: Is multi-factor authentication enforced on every administrative account across our environment? Do we have endpoint detection and response, not just signature-based antivirus, on every workstation and server? When was our last vulnerability scan?

The honest answers tell you where you sit. "MFA is on most things, we should probably enforce it across the board" is a reasonable answer from a provider who is actively managing the environment. "MFA? I'd have to check" is not. "We have Windows Defender" is a stopping point; you need more than that in 2026, and your provider should already know it.

Proactive or reactive — a direct question that gets a direct answer

Ask your provider: "What will you change about my environment in the next ninety days without me asking?"

A good provider has an answer — patches scheduled, a firewall upgrade planned, a backup migration, a Microsoft 365 license review. A weaker provider will pause and then describe, in generalities, that they are always watching. That is a tell. Active management produces a list of planned work; passive management produces talking points.

Documentation, again

I keep coming back to documentation because the single most consistent pattern in my thirteen years of onboarding new clients is that the prior provider's documentation was either absent, outdated, or so fragmented across systems that no one could reconstruct it. Ask to see your documentation: the environment map, the configuration baselines, the runbooks for common incidents, the password vault (or evidence that one exists), and the current account inventory across all your SaaS platforms.

A serious MSP uses a documentation platform — IT Glue, Hudu, SuperOps's own docs, Confluence, something. A serious MSP keeps the documentation current. The least-visible part of the job is also the part that separates a real practice from a marketing website, because documentation is where you pay the cost of the quality you deliver.

The communication test

A simple test that costs nothing. Send your provider a non-urgent question by email — something like "what's our current Microsoft 365 license count and are we on the right plan?" — and time how long it takes to get a substantive answer.

Substantive is the key word. An acknowledgment that arrives in fifteen minutes and is followed by nothing for four days does not count. The real answer — with the license count, the plan, and the recommendation — should arrive inside one business day. If it takes longer than three, your provider is overwhelmed, under-staffed, or not prioritizing your account. All three are problems.

Money, transparency, and the month-to-month question

Pull out your last managed-services invoice and check two things. First, does it match the agreement you signed? Invoices that have drifted from the agreement are a persistent low-grade tell of a disorganized practice. Second, is the agreement month-to-month, or are you locked into a multi-year term?

I do not believe long-term lock-ins serve clients. BVTech's managed agreements are month-to-month by default, because the discipline of having to earn the renewal every month is the best forcing function for quality I have ever found. If your current provider has you on a 36-month contract with a substantial early-termination fee, that is a data point about where they think their leverage lives.

Scope creep, the silent tax

One final thing worth watching. Scan the last twelve months of invoices for "project work," "out-of-scope support," or "additional services" charges. In a healthy managed-services relationship, these exist but they are rare and always preceded by an explicit conversation and a written authorization. If your monthly invoice routinely includes unexpected hourly line items, either your scope is wrong or your provider is using project-work billing to supplement an agreement that is priced too low to be sustainable.

Neither is necessarily an emergency. Both are conversations worth having.

What to do with what you find

The tests above will usually produce one of three outcomes.

Your provider passes on most or all of them. That is a good result. Call them and tell them so. Then invest in the long-term relationship — ask what they would change about your environment if money and time were not constraints, and take at least some of the recommendations seriously. A good provider has a backlog of improvements waiting for client attention.

Your provider passes on some and fails on others. Also useful. The specific failures are the specific conversation. Ask for a plan, with dates, to close the gaps. Follow up in thirty days. If the plan is executed, the relationship is repairable. If the plan is missed without explanation, you have learned something important about how the provider is likely to behave when it matters.

Your provider fails most or all of them. You have a decision to make. Switching IT providers is not trivial, but it is also not as disruptive as people fear if the incoming provider is disciplined about the transition. I have handled these transitions for dozens of Texas businesses. The well-run ones take a month and a half from contract signature to full cutover. The difficulty is mostly in the leaving, not the arriving.

If you are reading this and sitting with the answer to that third case, I am happy to talk through what a transition would look like for your specific environment. There is no commitment and no cost in the conversation; if we are not the right fit, I will tell you so and usually have a recommendation for a Texas provider who might be.