How To Choose An MSP Without Losing Control
Choosing an MSP should give a business more control, not less. The key is to agree ownership, access, reporting, exclusions, and handover before the relationship starts.
Quick answer
To choose an MSP without losing control, keep ownership of business accounts and documentation visible, insist on named admin access, agree the monthly reporting rhythm, confirm exclusions, ask how handover works, and make sure commercial decisions stay with the business.
Key takeaways
- A good MSP relationship should increase clarity and ownership.
- Admin access, documentation, reporting, and handover should be agreed early.
- Avoid vague promises; ask for package names, remote-only boundaries, fair-use wording, add-ons, and evidence.
Selection criteria
- Clear service scope and exclusions, including whether the provider is remote-only or offers onsite work.
- Named support route and escalation process.
- Transparent setup and onboarding plan.
- Documented approach to devices, users, access, patching, and reporting.
- Clear admin access model and account ownership.
- Monthly reporting that explains actions, exceptions, and decisions.
- Plain handover process if the relationship ends.
- Package names and pricing that match the written proposal.
Compare the packages
| Kindura package | Best fit | Boundary to check |
|---|---|---|
| Secure Device | Teams that want managed device inventory, patching, endpoint protection status, encryption checks, and reporting without bundled helpdesk | Support is bought through add-ons or hourly remote support |
| Secure Support | Teams that want secure devices plus practical fair-use remote IT support and workspace administration | Fair-use support is not open-ended cover, project work, or a fixed public response commitment |
| Secure Complete | Teams with higher client, insurance, regulatory, or Cyber Essentials readiness needs | Readiness support is not guaranteed certification or Cyber Essentials Plus |
| Add-ons | Teams that need extra support banks, extra devices, setup work, hardening, backup monitoring, or vulnerability scanning outside package scope | All add-ons should stay remote-only unless separately agreed |
Control points to protect
| Control point | What good looks like | Warning sign |
|---|---|---|
| Admin access | Named accounts, limited privileges, clear ownership | Shared or unexplained admin accounts |
| Documentation | Current records available to the business | Only the supplier knows how things are set up |
| Licensing | Business understands licences and renewal ownership | Bundled charges with unclear licence detail |
| Reporting | Monthly evidence and decisions needed | Only ticket counts or informal updates |
Questions to ask in the sales process
- What happens in the first 30 days?
- Is delivery remote-only, and which onsite, physical, or hardware tasks are excluded?
- Does the package include one primary laptop or desktop per named user?
- How are extra laptops, shared computers, mobiles, servers, and network devices priced?
- Which systems will you document and how do we access that documentation?
- How do you handle joiners, movers, and leavers?
- How do you report device and patch status?
- What is outside the monthly service?
- If support is described as fair-use, what triggers a support review or separate quote?
- If Cyber Essentials is mentioned, is the provider offering readiness help, certification fees, assessor liaison, or something else?
- How are security recommendations prioritised?
- What happens if we change provider?
Handover and exit
A healthy provider relationship includes a clear exit path. That does not mean you expect the relationship to fail; it means the business remains the owner of its systems and can make decisions without being trapped by missing documentation.
Ask about admin credentials, tenant ownership, documentation, device records, licences, open tickets, backup ownership, current project work, and the handover work that is included or separately priced before signing.
Related resources
Guide
What Managed IT Should Include At Each Price
A calm buyer guide to comparing managed IT packages by scope, evidence, exclusions, and service rhythm without relying on headline monthly fees.
Guide
Signs Your Business Has Outgrown Ad Hoc IT Support
A practical guide to recognising when informal IT support is no longer enough, and what to put in place before issues become harder to untangle.
Checklist
The SME IT Operations Checklist
A practical monthly checklist for keeping devices, access, updates, support, reporting, and supplier ownership visible in a growing SME.