How to Choose the Right IT Partner for Your SMB (Checklist)
Your IT partner ends up knowing your business better than almost any other supplier. They hold the keys to your systems, your data and often your security. Yet many SMBs choose a managed service provider (MSP) on price alone, then spend years frustrated by slow responses and finger-pointing. This checklist helps you choose on the things that actually matter, and spot the red flags before you sign.
Start with what you actually need
Before you talk to anyone, write down:
- Headcount and locations: how many users, how many sites, how much remote work.
- Your stack: Microsoft 365 or Google Workspace, key line-of-business apps (Exact, AFAS, industry software), any servers.
- Your pain: is it slow support, security worry, an ageing server, a compliance deadline (NIS2)?
- Your growth: will you double headcount in two years?
A good partner conversation starts from your goals, not their standard package.
The questions to ask every provider
Support and SLA - What is your **guaranteed response time**, by priority level, and what happens if you miss it? - Are you available **outside office hours**, and at what cost? - Do I get a **named contact / account manager**, or just a ticket queue? - Where is your helpdesk based, and do they speak Dutch?
Proactivity - Do you **monitor proactively** and fix issues before we notice, or only react to tickets? - How often do we get a **review** (roadmap, risks, budget)? - Do you provide **strategic advice (vCIO)**, or only hands-on support?
Security - Is **security included** (MFA, EDR, patching, awareness training) or an add-on? - Can you help us with **NIS2 and ISO 27001**? - How do you secure **your own** access to our systems (this is a supply-chain risk)?
Continuity and data - How do you handle **backups**, and do you **test restores**? - What is your **own** disaster-recovery plan? - Do we **own our documentation and data**, and how do you hand over if we leave?
Commercials - Is pricing **fixed per user**, and what is explicitly excluded? - What is the **contract term and notice period**? - Are projects (migrations, new hardware) quoted separately?
How to read an SLA
An SLA is only as good as its definitions. Check:
- Response vs resolution: "response within 1 hour" means they reply, not that it is fixed. Look for resolution targets too.
- Priority levels: how are urgent vs low incidents classified, and who decides?
- Coverage window: 8x5, 12x5, or 24x7?
- Credits: what do you actually get if they breach the SLA?
- Exclusions: third-party outages, out-of-scope apps, "acts of god". Read the small print.
Red flags to walk away from
- No SLA, or vague promises like "we usually respond quickly".
- Security as an expensive afterthought rather than baked in.
- Lock-in tactics: they own your documentation, licences are in their name, or exit fees are punitive.
- One-person dependency: a single engineer who knows everything. A holiday or resignation becomes your outage.
- No references in your size range or sector.
- Pushy long contracts (36 months) with no trial or short-term option.
- They can't explain your invoice clearly.
Green flags to look for
- Transparent, fixed per-user pricing with clear scope.
- Proactive monitoring and regular strategic reviews, not just reactive tickets.
- Security included and a credible answer on NIS2/ISO 27001.
- Certifications and partnerships (e.g. Microsoft partner status) plus real references.
- A structured onboarding that documents your environment properly.
- Clear offboarding terms: a confident provider is happy to explain how you would leave.
The scoring checklist
Score each provider 1-5 on: response SLA, proactivity, security, continuity/backup, strategic advice, cultural fit, transparency of pricing, and references. Weight the categories that matter most to you. The cheapest provider rarely wins once you weight security and responsiveness properly.
Don't underestimate cultural fit
You will talk to these people every week for years. Do they explain things without jargon? Do they treat a 5-person team with the same care as a 200-person one? Do they push back honestly when you are about to make a mistake? A partner who challenges you constructively is worth more than one who just says yes.
FAQ
MSP or a freelance IT'er, which is better for an SMB? A freelancer can be cheaper and personal, but creates single-person dependency with no cover for holidays, sickness or security. An MSP gives you a team, an SLA and continuity, usually the safer choice above ~10 users.
How long should an IT contract be? 12 months is common and reasonable; 36-month terms should come with clear benefits and a fair exit clause. Be wary of long lock-ins with no trial period.
Should security be part of the deal or separate? It should be built in. With NIS2 arriving in 2026, a partner who treats MFA, EDR and awareness training as expensive extras is behind the curve.
How do I switch IT providers without disruption? Insist on owning your documentation and licences, agree a handover period, and plan the transition (knowledge transfer, credentials, monitoring) before terminating the old contract.
Talk to a partner, not just a supplier
Looking for an IT partner that scores well on every box above? Explore our Managed IT & Support service, or read What managed IT costs per user to benchmark the quotes you receive.
