Choosing an IT partner “on gut feel” is expensive. Use these questions to get clear answers before you commit.
1) What response times do you actually deliver?
Ask for real averages and what happens after hours. Hours—not days.
2) How do you protect email and access?
You want MFA, phishing filtering, and clear password policies. If this is fuzzy, move on.
3) Backups: how often, where, and who tests restores?
A backup that’s never been restored is a risk. Ask for documented restore tests.
4) Who owns patching and updates (OS, apps, firmware)?
You need a set schedule that won’t disrupt the team. Request the patch calendar.
5) What asset visibility do I get?
Hardware, users, licenses, and security posture. No inventory = blind spots.
6) What’s the incident process and communication flow?
Clear channels, escalation paths, named owners. Less noise, faster resolution.
7) If I leave, how do I exit cleanly?
You keep admin credentials and documentation. No lock-in games.
Next step: use this list on your first call.
Related: IT Risk & Vulnerability Management
