Most small businesses rely on a Managed Service Provider (MSP) for their IT and website support. If you are not an IT specialist yourself, knowing how to choose the right MSP – and how to be confident they can deliver the level of service your business needs – can be difficult.

With UK businesses facing increasing threats from cyber criminals, and given that your MSP has access to your systems and data, it is also essential to be assured that your provider takes cybersecurity seriously.

To help with this, the National Cyber Security Centre (NCSC) has produced a practical guide designed to help businesses ask the right questions and take a more proactive approach when working with an MSP.

What does the guide cover?

The guide explores a range of key areas, including:

  • Selecting a suitable MSP – Guidance on the certifications you should expect an MSP to hold, as well as what should be set out in a clear and transparent contract.

  • Security topics to raise with your MSP – Suggested discussion points covering patching and updates, data backups, user access, system logs and incident response procedures.

  • Key contract details to review – Including information on Service Level Agreement (SLA) response and resolution times, along with plans for systems that are approaching the end of their life.

The guide concludes with an MSP due diligence checklist, which can be a valuable tool when reviewing your current IT and website arrangements or when you are looking to appoint a new MSP.

To review the guide, see: https://www.ncsc.gov.uk/guidance/choosing-a-managed-service-provider-msp