Choosing a managed IT company is one of the more consequential decisions a business can make. You’re not just hiring a vendor, you’re giving an outside team access to your infrastructure, your data, your day-to-day operations. If that relationship goes wrong, the fallout isn’t just inconvenient. It’s expensive, disruptive, and sometimes damaging to your reputation.Â
Here in New Jersey, there’s no shortage of IT providers competing for your business. Some are excellent. Others are excellent at marketing themselves. Knowing how to tell the difference before you sign a contract is the whole game.
At Rivell, we’ve worked with businesses across New Jersey and South Jersey long enough to know exactly what separates a genuine IT partner from a company that will leave you waiting on hold during your worst outage. These are the questions you should be asking, and what a good answer actually sounds like.
How Long Have You Been in Business, and How Big Is Your Team?
This sounds like a basic question, but it filters out a surprising number of providers right away. Managed IT is not a service you can wing. It takes years to build the right processes, the right vendor relationships, and the institutional knowledge to handle complex, fast-moving problems at scale.
A company that’s been around for five years or more has had time to iron out operational gaps. Their engineers have seen edge cases. Their processes have been stress-tested. A newer provider might have talented people, but they’re still building the systems that protect your business. That’s not a risk most businesses should take.
Team size matters just as much. A small shop with two or three technicians might be responsive and personable, but what happens when multiple clients have emergencies at the same time? You need a provider with enough staff to cover you consistently, not just on good days.
Do You Have Experience Working with Businesses in My Industry?
This question gets underestimated constantly. IT infrastructure varies significantly from one industry to another — the technology stack, the compliance requirements, the security risks, and the workflow integrations are all different depending on what your business does.
A professional services firm in South Jersey has different needs than a logistics company in Newark or a healthcare practice in Cherry Hill. An MSP that has experience in your space already understands those differences. One that doesn’t will be learning them on your time.
Ask for specific examples. Ask if they can connect you with a reference from a similar business. A good provider won’t hesitate to do that.
How Do You Handle Cybersecurity?
More specifically, what security measures do you actually have in place, and can you prove it?
This is arguably the most important question on this list, and it’s the one most businesses don’t ask in enough detail.
Your managed IT provider will have deep, privileged access to your systems. That means their security posture becomes part of your attack surface. If their internal controls are weak, a breach on their end can become a breach on yours — and you’ll be the one dealing with the fallout.
Ask whether they hold a SOC 2 Type II certification. This is an independent audit that verifies a provider’s security controls around data confidentiality, availability, and privacy. It’s not just a badge — it means a third party has reviewed and validated how they operate. Any provider that can’t answer this question clearly, or gets defensive about it, is telling you something important.
Also ask: Do you have a dedicated Security Operations Center (SOC)? How do you monitor for threats outside of business hours? What’s your incident response process if something goes wrong on our end?
Beyond certifications, ask them to run a security assessment of your environment. A provider who’s serious about security will be able to do this and deliver clear documentation. One who can’t — or won’t — isn’t equipped to protect you.
What Are Your Response Times, and How Are They Guaranteed?
Promises about response times are easy to make and hard to verify until you actually need help. The language to pay attention to here is SLA (Service Level Agreement). This is a contractual commitment, not a sales claim.
Ask for specifics: What’s the guaranteed response time for a critical issue versus a routine ticket? Does that SLA apply after hours, on weekends, and on holidays? What happens if they miss it?
Some providers advertise 24/7 support but route after-hours calls to a third-party call center or an on-call technician who’s sleeping. That’s very different from having a fully staffed help desk around the clock. Make sure you understand exactly what you’re getting before you assume the best.
Downtime is expensive. For most businesses, even a few hours of system unavailability translates directly into lost revenue and productivity. Your provider needs to understand the urgency and have the infrastructure to back it up.
Who Will Actually Be Managing Our Account Day to Day?
This question exposes something that a lot of businesses find out too late: the team that sold you the contract is rarely the team that shows up when something breaks.
Ask for specifics, not just “our support team handles everything.” You want to know who your primary point of contact will be, what their experience level is, what certifications they hold, and who covers for them when they’re unavailable. A mature MSP can answer all of that without hesitation.
Also ask about the escalation path. When a tier-one technician can’t resolve an issue, how does it get escalated? How fast? Who’s involved? Clear answers to these questions are a sign of operational maturity, while vague ones are a red flag.
What Services Are Included, and What Will Cost Extra?
This is where a lot of businesses get burned. A contract that looks comprehensive on paper can have significant gaps, things you’d reasonably assume are covered but technically aren’t. Backup testing, on-site support visits, peripheral device management, after-hours support, project work — all of these are potential add-ons depending on how the contract is written.
Ask for a full breakdown of what’s included and what isn’t. Ask specifically whether the contract covers devices like printers, scanners, and mobile phones, or just workstations and servers. Ask whether custom software built by another vendor falls under their support scope. Ask what triggers additional billing.
Pricing models vary too. Some MSPs charge a flat monthly fee per user or device. Others customize pricing per client. Neither model is inherently better, but you need to understand exactly what you’re paying for and what would change that number before you sign a contract.
How Do You Handle Data Backup and Disaster Recovery?
This question matters more than most businesses realize until they’re sitting in front of a ransomware screen at 8am on a Monday.
A serious managed IT provider doesn’t just “do backups.” They have a documented disaster recovery plan with defined Recovery Time Objectives (RTOs), how long it will take to get you back online, and Recovery Point Objectives (RPOs), which defines how much data you can afford to lose in a worst-case scenario. Both of those numbers should be specific, not aspirational.
Ask how often backups run. Ask where the data is stored. Ask how frequently the recovery process is actually tested, not just assumed to work. A provider who can walk you through a specific scenario, step by step, has actually thought this through. One who says “we’ve got you covered” without details has not.
Can You Support Our Business as We Grow?
IT needs don’t stay static. If you open a second location, add a remote workforce, migrate to the cloud, or scale your headcount significantly, your IT infrastructure needs to scale with you. A provider who’s great for your business today may not be equipped to handle your business two years from now.
Ask whether they offer cloud services and how they handle migrations. Ask about their experience supporting distributed or hybrid work environments. Ask whether they have a process for technology roadmapping, meaning they’ll help you plan for infrastructure investments proactively, not just react to them after the fact.
The best MSPs in New Jersey don’t just keep the lights on. They act as a strategic technology partner, helping you make smarter decisions about where your IT is headed.
Are You Familiar with the Compliance Requirements in My Industry?
If your business operates in a regulated industry like healthcare, financial services, legal, or government contracting, this question is non-negotiable. Compliance isn’t optional, and neither is working with an IT provider who genuinely understands it.
For healthcare, that means HIPAA. For financial services, GLBA or PCI DSS. For government contractors, CMMC. These frameworks carry real consequences if handled incorrectly, and an IT provider who has to Google what they mean is not the right partner for your business.
Ask how they’ve helped other clients in your industry meet compliance requirements. Ask what documentation they can provide. If they understand the question, they’ll have a clear, specific answer. If they don’t, that’s your answer.
What Does Onboarding Look Like, and How Long Does It Take?
Transitions are where MSP relationships often get off to a bad start. There’s a gap period between when the old provider hands off and when the new one is fully up to speed, and if that process isn’t managed carefully, things fall through the cracks.
Ask what their onboarding process looks like in detail. A good provider should be able to walk you through exactly how they’ll document your environment, transition responsibilities, and get their team familiar with your setup before any changes are made. Ask for a realistic timeline. Ask who leads the onboarding internally and what your team will need to do to support it.
One More Thing: Pay Attention to How They Ask Questions Back
Here’s something that doesn’t show up on most lists, but it matters: the quality of questions a provider asks you.
A managed IT company that’s genuinely trying to understand your business will ask you thoughtful questions about your current pain points, your growth plans, your existing technology stack, and your risk tolerance. One that’s mostly trying to close a deal will walk you through a canned presentation and hand you a brochure.
That dynamic tells you a lot about what the relationship will look like once the contract is signed.
Â
Rivell Serves Businesses Across New Jersey and South Jersey
At Rivell, we work with B2B clients throughout New Jersey, from South Jersey to the broader NJ metro, providing managed IT services, cybersecurity, cloud solutions, help desk support, and compliance guidance. We’re not a call center. We’re a local team that knows your market and has the depth to handle your IT the right way.
If you’re currently evaluating managed IT providers in New Jersey, we’d rather earn your business by answering these questions than by avoiding them.
Book a Free IT Assessment with Rivell. No pressure. No sales pitch. Just a direct conversation about your technology and where we can help.
