How to Pick an MSP in NYC: 10 Questions to Ask

Most prospects pick an MSP wrong. They get three quotes, compare prices line-by-line, and pick the middle one. The work is mostly the same on paper, so price is the only obvious differentiator.

The actual differentiation is hidden in operating reality — response time, escalation paths, who picks up the phone at 2 AM, how billing surprises happen, and whether the team can actually execute the security stack they sold you. Here are the 10 questions we wish more prospects asked us.

1. What is your average response time, measured how?

A real answer cites a number from a real ticketing system: “Our 2025 average first-response time was 14 minutes, measured from ticket creation in ConnectWise.” A bad answer is “very fast” or “industry-leading.” This is the most important question when evaluating any managed IT provider.

2. Who answers the phone at 2 AM on a Saturday?

A specific human. A specific name. A specific phone number. Or — bluntly — nobody, and we don’t claim to. The wrong answer is a 1-800 number that goes to a generic “after-hours queue” overseas.

3. What is included in your flat-rate price, line by line?

Get the SOW. Read it. Look for ambiguous terms like “limited” or “subject to fair use.” Real flat-rate has a complete service catalog — what is included, what is excluded, what is project-priced.

4. What is your average ticket aging, broken down by priority?

A good MSP knows this number cold. It tells you whether tickets actually get closed or whether they pile up in a backlog. Ask for the past 90 days, broken down by P1/P2/P3/P4.

5. How do you handle escalation when your first-tier engineer cannot solve a problem?

The right answer involves named senior engineers, documented escalation paths, and SLA commitments at each tier. The wrong answer is “we figure it out.”

6. Who is on your team? Where are they located?

Ask for a team page or org chart. Ask which functions are in-house versus outsourced (helpdesk to overseas providers is common — say so if it is true). Ask which engineers carry which certifications.

7. What is your cyber insurance posture and what are your security baselines for managed clients?

If they cannot list their EDR, SIEM, MFA, and backup stack from memory, that is a flag. If their security baseline is “we recommend it” rather than “it is included,” you are not buying security, you are buying advice.

8. Show me your last incident postmortem (with the client name redacted).

Every MSP has incidents. The question is whether they document them, learn from them, and share lessons with clients. A blameless postmortem culture is rare and valuable.

9. What is your process for offboarding a client?

A good answer involves a documented runbook, asset return, credentials handover, knowledge transfer, and reasonable timing. A bad answer involves contractual penalties, withholding admin credentials, or “we’d never let that happen.” You want to work with an MSP that is comfortable with the door swinging both ways.

10. Can I talk to three current clients in my industry and size range?

Three references should be easy. They should be in your industry, your size range, and willing to talk on the phone for 15 minutes. If references are hard to produce, that tells you something about retention.

Bonus questions worth asking

• What is your average client tenure?
• What is your annual client churn rate?
• What is your engineer-to-client ratio?
• How are tier-3 escalations handled?
• What is your stance on hardware markups? (Many MSPs make significant margin on hardware resale; ask whether they pass through at cost or mark up, and how transparent they are about it.)
• Do you have an account manager who is not on the technical team? (For larger engagements, having a non-technical relationship owner matters.)

Red flags

• Vague pricing (“it depends” with no follow-up)
• Lock-in contracts longer than 12 months
• No 30-day out clause
• Inability to produce a current SOC 2, cyber insurance certificate, or basic security documentation
• High-pressure sales tactics, “today only” pricing, or aggressive discounting
• Unwillingness to start with a small engagement to prove fit

What to do with the answers

Most prospects we talk to have already gotten 2–3 quotes. We always recommend running these 10 questions across all the MSPs in the consideration set. The differences will be more revealing than the price comparison.

Bonus: do you actually need a full MSP, or co-managed IT?

If you already have an in-house IT person — or a small internal team — and you are looking at MSPs because that person is overwhelmed, on call 24/7, or about to go on vacation, the right answer may not be a fully-managed MSP. It may be co-managed IT — keep your in-house person, add Sage as the depth, 24/7 SOC monitoring, after-hours, and tier-3 escalation behind them. Same security stack, lower monthly cost than fully-managed, dramatically reduces your in-house lead’s burnout risk. Use the tools-only / co-managed pricing calculator to model what the engagement looks like before you book a call.

Related services

• Managed IT — fully-managed IT for businesses outsourcing the entire function
• Co-Managed IT — tooling, SOC, after-hours, and escalation behind your existing IT team

If you want to run these 10 questions on us, book a 30-minute call and we will answer them on the spot, with documentation where it matters.

Download the scoring worksheet

We turned the 10 questions above into a printable worksheet where you can score up to 3 MSPs side by side. Includes a scoring rubric, red flags checklist, and summary table.

Download MSP Evaluation Worksheet (PDF)