IT outsourcing looks simple on the surface: you sign a contract, someone takes requests, you pay an invoice. The problem is that the differences between providers only come out when something stops working. Below is a list of criteria that in practice separate a solid partner from a company that presents well on its website.

Start with the SLA, not the price

The SLA, that is the service level agreement, is the heart of the cooperation. It is the document that says how quickly the provider will respond and within what time they will solve the problem. Without it, you are buying a promise, not a service.

What to pay attention to:

  • Response time and repair time, kept separate. A 15-minute response means nothing if the repair can take a week.
  • Classification of requests. A failure blocking the whole company and a request to change a password cannot have the same priority.
  • Support hours. The standard is 8:00 to 18:00 on working days, but if you work longer or at weekends, ask about out-of-hours support.
  • Contractual penalties or rebates for missing the SLA. These show whether the provider believes their own declarations.

In practice the best test of an SLA is the question: what do I get if you miss those times. If the answer is vague, the SLA is only marketing.

Check the skills of the team, not of one person

Many small IT companies rely on a single specialist. As long as they are available, everything works. When they fall ill or leave, you are left alone with a system nobody knows.

Ask directly:

  • How many engineers will handle your company and who is the cover.
  • Whether the team has skills in the technologies you use: Microsoft 365, Windows Server, networks, virtualisation.
  • What documentation of your environment looks like. A good provider keeps it so that the next person takes over a matter without an investigation.
  • Whether there is someone who grasps the whole, not just individual requests.

A provider who can talk about their team and processes usually has them in order. One who talks only about tools is often selling licences, not a service.

Security is a condition, not an add-on

An IT company gets access to your servers, email and data. It is one of the most sensitive kinds of access in the whole organisation. Treat the provider’s security as seriously as your own.

It is worth establishing:

  • How the provider secures its own administrative accounts. MFA on access to your systems should be obvious.
  • Whether it keeps backups and can restore data after a failure or a ransomware attack.
  • How it responds to a security incident and whether it has a procedure for it.
  • Whether it signs a personal data processing agreement, if it touches data covered by GDPR.

If you are planning to put order into this area, it is worth combining support with an audit right away. Our managed IT services assume security as part of the standard, not a separate project for later.

Ask for references and check them properly

References on a website are easy to write. What has value are conversations with current clients, ideally from a company similar to yours in size and industry.

Ask specifically:

  • How the provider behaved during a serious failure.
  • Whether they meet deadlines and whether the invoices match the arrangements.
  • What communication looks like day to day, not only in a crisis.
  • Whether they would recommend them again.

One honest phone conversation says more than ten logos on a website.

Read the contract before you sign it

The contract decides what happens when the cooperation does not work out. It is not a formality, it is your safeguard.

Pay attention to:

  • The scope of services. What exactly is included in the subscription and what is charged extra.
  • The notice period. One that is too long locks you into a relationship that is hard to leave.
  • Ownership of data, licences and accounts. Everything must stay on your side, including logins to services.
  • The rules of escalation and the emergency contact.

Plan the IT takeover from day one

The most underrated stage is onboarding, that is taking over the environment from the previous provider or an in-house administrator. A good partner starts with an inventory: they write down the servers, accounts, licences, hardware and configuration.

Check whether the provider:

  • Carries out a starting audit and hands over its result in writing.
  • Revokes access in an orderly way and changes administrative passwords.
  • Sets priorities for the first weeks rather than promising to fix everything at once.

If you are looking for a partner to take over IT without chaos, that is exactly how our IT outsourcing in Warsaw works: first we understand the environment, then we tidy it up, and only at the end do we issue an invoice for the peace of mind. Invite two or three providers to a conversation and compare their answers to the questions above. You will see the differences straight away.