In a recent blog, we suggested that organisations should always ask any prospective IT partner what isn’t included in their service.

We’ve received a few questions about it since, so in this blog we’re going to take a look at the sorts of things that may be omitted from your service if you don’t choose the right IT partner.

In 2018, Grant McGregor published a short guide; the '6 Secrets' to getting the most from any potential IT supplier.

You can get a copy here.

Secret number three was beware of choosing an IT support provider on the basis of price alone!

One of the reasons for this is because some suppliers will not tell you about the hidden costs wrapped up in the way they deliver their service. For this reason, we suggested you should always ask: What isn’t included? Or what restrictions are there?

Let’s take a look at the sorts of things that might not be included and what this will mean to your IT service quality, potentially to your security protection measures, to your effectiveness and to your and overall cost.

#1. There’s a limit on the amount of support provided

This is the obvious one: is there a maximum number of hours or a maximum cost of support that cannot be exceeded?

We recently had a couple of enquiries from companies whose current provider has complained to them that they logged too many requests or tickets during lockdown. Another said they only logged more requests because the underlying problem was never fixed, just a sticky plaster put on it. 

When things go wrong, you need to know that you are going to be supported until the problem is fixed, not until the hours run out.

#2. There’s a limit on the type of support provided

Just as importantly, your support company shouldn’t be ruling out types of support from the cover they provide.

We know that taking a proactive approach to cyber security, system maintenance, updates and software patches, and a whole host of other IT activities will help to reduce the amount of problems and vulnerabilities you have.

Most IT providers also claim to offer this 24x7 monitoring but never react to the alerts generated - often because they're too busy or the alerts are out of control. What's the point of that?

If only reactive troubleshooting is covered and you have to pay for proactive activity, it’s self-defeating model for both you and your IT supplier.

#3. You only have access to junior or less experienced staff

You might have had access to senior staff during the sales process, but what are the credentials of the staff you will be working with on a daily basis?

If your IT provider employs too many inexperienced techs or has inefficient routines then it's hardly surprising they'll be using Google to find the answer.

Does the team have experts dedicated to specific activities, such as responding to alerts, cyber security and IT device management?

#4. Security updates are limited

You know that security patches to your software must be carried out within specific timescales if they are going to protect you in the way they should.

Ask for evidence that these essential day-to-day jobs, such as backups, updates and monitoring, are being carried out. If the company has the right systems in place, it should be easy to evidence this sort of activity is taking place on the schedule it should.

Furthermore, it’s worth checking the extent of what is included in these activities. Firmware and BIOS updates for servers and network devices are just as important as software updates – and this will only grow in importance in this age of the Internet of Things.

Unfortunately, too many IT providers overlook these updates. Remember, your cyber security is only as strong as your weakest link, so ask for evidence that all updates are included and that alerts are reacted to promptly.

#5. User admin isn’t properly managed

We’ve often taken over from other IT companies where user accounts for employees who haven’t worked for the business for years are still active. The implications for this are significant. First, there’s an obvious security risk. Second, there’s a cost optimisation issue: what licences are you paying for that you don’t need or that could be recycled to other users?

It’s really important to take a proactive approach to user management: leavers, starters, permissions and privileges all need consistent management and timely action.

Make sure it’s included, because poor user management could cost you money – and will certainly leave you vulnerable.

#6. Onboarding leaves you vulnerable

As we’ve noted, proactive user management is something that is often overlooked by IT suppliers. And there is a second question that goes alongside this: the need for a specific structure to be developed and agreed that sets out appropriate access policies.

It’s ideal to follow a policy of “least privilege” if you are going to minimise vulnerabilities and optimise security. However, this can be a significant piece of work.

As a result, it’s often overlooked by IT suppliers. However, you can’t possibly hope to manage user rights and access without it. Make sure it’s included and they're helping you to tightly manage it.

#7. Downtime costs you dearly

When your key systems like servers need a reboot or key infrastructure projects need to happen, does it happen during the working day and impact your business?

Certainly security updates or software updates and patches or firmware or BIOS can mean a server, a switch or a PC have to be restarted. But does this happen for you in a planned way or is it done when your IT supplier wants to do it? And are major projects disrupting your working day too? 

A good, mature IT partner should plan this with you carefully or use out of hours resources if available to conduct this work (so long as you're happy to cover any extra costs for that). This means that you and your team are not distracted and disrupted from doing the day job and can make best use of your technology when you need it. Too often, we see that these essential updates are just not being done - which is even worse - just because they cannot plan.

Conclusion: Beware of the hidden costs!

These are some of the common complaints we encounter when we speak with organisations who want to switch their IT supplier. We think it’s always going to be worth checking on these issues when you are considering a new IT supplier.

Any company should be happy to give you the answers you need.

If you've been less than happy with your current IT supplier then contact our team to talk about any of these issues, or any other aspect related to what included in the IT service we deliver.