It looks like you're in the US. Switch to the US site
    Volobyte LogoVolobyte

    Choosing an IT Partner

    The questions most companies forget to ask, the red flags that matter, and what good looks like. Including the Cyber Essentials 2026 litmus test.

    MSP · Consultancy · Managed IT · Strategy

    Book a CallGet an Audit
    20 min

    Free consultation

    Dedicated Team

    Every engagement

    April 2026

    CE litmus test

    Measurable

    Outcomes, not promises

    MSP, consultancy, or both?

    Managed Service Providers (MSPs) handle ongoing IT operations: helpdesk, monitoring, patching, and day-to-day support. IT consultancies scope and deliver projects: migrating to a new platform, rolling out SSO, or setting up device management.

    Some companies do both. Some only do one. The distinction matters because an MSP that takes on a complex project may not have the engineering depth to deliver it well. And a consultancy that does not offer ongoing support may leave you with a well-designed system and nobody to maintain it.

    Start by asking yourself: do I need a specific problem solved (project), or do I need someone to run my IT ongoing (managed services)? If the answer is both, look for a partner that structures those as separate, clearly scoped engagements.

    Red flags

    Product-first pitch

    They recommend platforms before understanding your problem.

    Replace everything

    Ripping out your whole stack should be a last resort.

    No measurable outcomes

    They cannot point to specific results from similar engagements.

    Sales-only conversations

    You never speak to the engineers who will do the work.

    Opaque pricing

    "We will tell you after you sign" is not acceptable.

    Yes to everything

    A partner that never pushes back is not technically strong enough.

    Good signs

    Questions first

    They ask more questions than they answer in the first meeting.

    Honest about scope

    "You do not need that yet" is one of the most valuable things they can say.

    Engineer on the call

    The person you evaluate is the person who will deliver.

    Similar references

    They can describe specific outcomes from companies like yours in size and complexity.

    Trade-offs explained

    "Option A is faster but costs more. Here is why we recommend A."

    What good onboarding looks like

    Week 1

    Discovery

    Full documentation of your current environment: platforms, licences, admin accounts, pain points.

    Week 2

    Access Handover

    Admin credentials, vendor contacts, DNS, and critical system access transferred and verified.

    Week 3

    Priority Fixes

    Quick wins addressed: MFA gaps, stale accounts, expired certificates, misconfigured policies.

    Week 4

    Operations Begin

    Ongoing support starts. First review meeting. SLA baselines established.

    Want to check where you stand?

    Our free IT audit covers identity, devices, and endpoint compliance in under 10 minutes.

    Take the free audit →

    Why most IT providers look the same

    Most MSPs follow the same playbook: heavy Microsoft stack, templated configurations, same setup for every client. It works well enough for basic email and file storage. But if you need Apple device management, a proper identity platform, or security tooling beyond Defender, they are out of their depth.

    A good IT partner starts with your problem, not their preferred vendor. The software stack should be tailored to your business, your compliance requirements, and the platforms your team actually uses.

    Volobyte runs IT for businesses. We have worked alongside internal IT teams at large organisations, which means we build proper software stacks: tailored, not forced Microsoft, with bespoke configurations for your exact needs. Where most organisations share similar requirements, we use proven baseline templates, but every deployment is adapted to your business. Nothing is forced. Nothing is bundled for our convenience.

    The compliance litmus test

    A simple test: ask any potential partner about the compliance frameworks that apply to your business. Their answer tells you whether they are keeping up.

    UK Deadline

    Cyber Essentials 2026

    From April 2026, Cyber Essentials v3.3 makes MFA an auto-fail criterion and critical patches must be installed within 14 days. Ask any potential partner: "What changes in Cyber Essentials from April 2026?" If they cannot answer, they are not keeping up.

    A good partner should know about it before you ask.

    Book a call to see how we compare →
    US Standard

    SOC 2 Readiness

    A good IT partner should know what SOC 2 requires before you ask. If they cannot explain logical access controls, MFA requirements, or audit logging without checking their notes, they are not deep enough.

    Even if you never pursue the audit, building towards SOC 2 means your controls are defensible, documented, and ready for due diligence.

    Talk to us about compliance readiness →

    That is the difference between building right and bolting on security after the fact. We provide controls and evidence to support audits and questionnaires. Certification decisions sit with your auditor.

    Contracts, lock-in, and exit terms

    Contract terms vary. Some partners offer month-to-month, others require annual or multi-year commitments. Neither is inherently wrong, but you should understand exactly what you are signing up for. Ask: what is the minimum term? What is the notice period? What happens if the relationship is not working?

    Data ownership: Your configurations, documentation, and runbooks should belong to you. If the partner built it on your systems, you should be able to walk away with everything.

    Transition support: A good partner will help you transition to someone else, even if they lose the business. That tells you everything about their confidence in their own work.

    Volobyte offers flexible terms. Most engagements start month-to-month after an initial scoped phase, with longer commitments available when they make sense for both sides. Your documentation is yours regardless of contract length.

    SLAs: what to actually look for

    Response time vs resolution time: Response time is how fast they acknowledge the issue. Resolution time is how fast they fix it. Most SLAs only guarantee response time. Ask for both.

    Priority levels: P1 (business down), P2 (degraded), P3 (inconvenience), P4 (request). Check what each level actually commits to and what the escalation path looks like.

    Business hours as a starting point: Most companies start with business-hours support, which covers the majority of day-to-day needs. If you have infrastructure that needs to stay online outside working hours, or teams in multiple time zones, ask about extended or 24/7 options and what they cost.

    Custom over templated: A good SLA is scoped to your business, not a one-size-fits-all document.

    Volobyte builds custom SLAs for every client. We scope response and resolution targets to your actual needs. Most of our clients operate within business hours, and their SLAs reflect that.

    Questions to ask before signing

    Most companies focus on pricing and skip the questions that actually matter:

    01

    Who specifically will work on our account, and what is their background?

    02

    Can you describe a specific outcome from a company with similar size and challenges?

    03

    What does your handover process look like at the end of a project?

    04

    How do you handle scope changes once a project has started?

    05

    What happens if we are not happy with the work mid-engagement?

    06

    Do you have vendor partnerships, and does that influence your recommendations?

    07

    What would you not recommend for our situation?

    08

    What are your response and resolution time targets, and are they custom to our situation?

    09

    What happens to our data, documentation, and configurations if we leave?

    10

    If you use subcontractors or specialist partners, how do you manage quality and communication?

    Size matters (but not how you think)

    Large IT consultancies have deep benches and can handle complex, multi-country deployments. But for most growing companies, they are expensive, slow, and you will rarely speak to a senior engineer. Your project will be staffed by junior consultants following a playbook.

    Smaller, specialist consultancies often deliver faster, cheaper, and with more direct access to experienced engineers. The trade-off is less geographic coverage and smaller teams for very large projects.

    The right size depends on your needs. If you need someone to deploy Okta for 200 people and manage your Mac fleet, a specialist will outperform a generalist. If you need a global SAP migration across 15 countries, you need a larger firm. We are a specialist consultancy, so we are biased, but we are also honest about when a larger firm is the better fit.

    We work with companies at every stage, from early teams formalising their IT for the first time to established businesses replacing an underperforming provider.

    Partner evaluation roadmap

    01

    Define the Problem

    Project or managed services? One-off or ongoing? Write it down before you talk to anyone.

    02

    Shortlist on Fit

    Size, specialism, engineering depth. Ignore marketing. Ask for relevant references.

    03

    Evaluate in Person

    Engineer on the call. Trade-offs explained. Honest about what you do not need.

    04

    Start Small

    A scoped discovery or audit before a large engagement. Prove the relationship works.

    Frequently Asked Questions

    What is the difference between an MSP and an IT consultancy?

    An MSP handles ongoing operations: helpdesk, monitoring, patching. A consultancy scopes and delivers projects: platform migrations, SSO rollouts, compliance readiness. Some companies do both, but the skill sets are different.

    How much does managed IT support cost?

    UK: £30 to £80 per user per month is typical, but the structure matters more than the headline number. Ask whether licensing, configuration, and support are broken out or hidden in one figure. US: $75 to $200 per user per month, depending on complexity and SLA level.

    What should an IT support SLA include?

    Response time targets by priority level, resolution time targets, escalation procedures, and clear scope. A good SLA is custom to your business, not a template applied to every client.

    How do I switch IT providers without disruption?

    Start with documentation. A good provider will have your environment fully documented. Overlap the old and new provider for 2 to 4 weeks. Prioritise credential handover, DNS, and admin access transfers first.

    Should I choose a specialist or generalist IT partner?

    Specialist if you have specific platform needs (Okta, Jamf, Microsoft 365 at scale). Generalist for broad coverage. For most growing companies, a specialist who also offers managed services is the best fit.

    What is zero-trust and should my IT partner know about it?

    Zero-trust means no device or user is trusted by default, even inside your network. Every access request is verified. Your IT partner should explain how they implement this practically, not just use it as a buzzword.

    Volobyte offers a free 20-minute call and a scoped discovery phase for every engagement. No commitment until you have seen how we work.

    Talk to us about where to start →

    Ready to talk?

    Book a free 20-minute call. We will tell you what you need, what you do not need, and whether we are the right fit.

    Book Free Call View All Services

    Related reading

    About

    About Volobyte

    Meet the team and understand how we work.

    Read more     Audit

    Free IT Audit

    Check your identity, devices, and endpoint compliance in under 10 minutes.

    Read more     Contact

    Contact Us

    Book a free 20-minute call to discuss your IT needs.

    Read more

    Cookie Preferences

    This site uses cookies for bookings and core features. Optional cookies help us improve your experience.

    Privacy Policy