IT service providers deliver outsourced IT services, cyber security services, consulting, and strategic IT planning and advice, typically to companies with between 10 and 250 employees. An IT service provider helps companies avoid the cost and complexity of hiring an IT staff.
When you partner with an IT service provider, you gain their expertise and focus from doing one thing extremely well, namely the delivery of IT services in the workplace. But not all IT service providers have the same level of experience and expertise or offer the same level of service. If you are thinking about outsourcing your IT for your next leg of growth or you are dissatisfied with your existing provider, what should you look for in a world-class provider? This IT services buyer’s guide answers that question.
Explore the ten most important attributes in a world-class IT service provider.
Finding the right provider can be challenging. This article serve as a roadmap or checklist for the most important attributes and best practices you should consider. World-class IT service providers not only believe in great customer service, they put client cyber security first, while making key investments in people, process, and technology to transform how clients use and leverage technology.
Security First Approach
Cyber security threats are among the biggest risks faced by businesses today.
Despite the widespread impression that cyber criminals only target large, well-funded enterprises, every year SMBs make up a substantial portion of cyber security incidents. As reported in the widely respected Verizon Data Breach Investigation Report, SMBs were 43% and 28% of the cyber breach incidents reported in 2019 and 2020, respectively.1
Therefore, when considering an IT service provider, you should partner with a company that puts cyber security first.
Prioritizing cyber security requires more than just the right investments in security software tools and defense measures. It also requires the right process and procedures to make information technology secure by design. That is, in nearly every IT system, proper deployment and configuration forms the foundation of security. Your supplier should also have highly skilled and well trained and certified staff on hand. Your provider should also address the human side of security, by helping clients implement internal security policies, best practices, and employee training and awareness.
1. Verizon, 2020 Data Breach Investigations Report
Apart from cyber security risks, slow response times and poor follow through are among the biggest complaints we hear from clients who have left their former provider. Technology is vital today and if something is broken or poorly performing, every frontline employee or business leader deserves fast and thorough problem resolution.
When looking for an IT service provider, it is important to look for investments in service management software tools, along with a commitment to delivering outstanding service.
The provider should leverage remote monitoring and management software tools to proactively monitor the health of networks, computers, servers, and applications, so things can be proactively repaired before they ever impact users. Proactive patching, maintenance, and repair not only makes company networks more secure, but cuts off most common problems at the pass. Your provider should also utilize sophisticated ticketing systems, so problems can be tracked, delegated, and resolved in a timely and organized fashion. The ticketing process should provide high levels of communication with users. Top notch providers will have dedicated dispatching staff to triage and prioritize tickets and problems, so that the most important and urgent issues are resolved quickly.
Promises Kept
Great Onboarding Experience
When selecting a new provider, everyone wants things to start off right.
That is why you should select a provider that has a documented and well executed onboarding program.
Your new provider should perform a thorough network and security risk assessment, so that any potential gaps can be identified early and quickly corrected. A risk management philosophy should be employed, where gaps and potential security improvements can be made in a stepwise and systematic fashion.
Technology standards are a critical component as well.
Your new provider should have a clear point of view on their preferred and supported technologies and plans should be made for the gradual upgrade and alignment of the client’s technology with the provider’s standards. Early in the relationship, it is important to discuss gaps in standards, so that budgets and investments can be planned over time. With a solid risk assessment completed, there is often a sizable list of medium-term improvements which can be made in security, network performance, and backup and disaster recovery early in the business relationship.
All business leaders want and deserve a strategic relationship with their service providers. Unfortunately, strategic advice and planning is far too uncommon in most IT outsourcing relationships.
Business leaders should ask hard questions about how potential IT service providers deliver strategic advice and planning.
As mentioned above, periodic risk assessments are vital to surface risks, gaps, and a prioritized improvement plans. Importantly, risk assessments are not one and done exercises. The external threat environment is ever-changing and clients are continuously faced with new business and growth challenges. Risk assessments should be conducted on an annual basis.
Ask about the provider’s Technology Business Review (TBR) process, which is a quarterly or semi-annual meeting where IT projects, budgets, security issues, and other planning items are discussed.
TBRs need consistent execution and follow through. When done correctly, the IT service provider has a seat at the table with the client’s leadership team and is involved in strategic planning. IT budgets should be aligned with the overall corporate budget and big corporate initiatives should be evaluated on their needs and impacts to technology and security. Last but not least, your provider should be expert at IT lifecycle management, so that aging equipment is upgraded and replaced at predictable intervals, so everything operates at peak performance.
Strategic IT Process
Document Everything
Documentation is an area often overlooked, yet it is extremely important. Many of the most common security incidents occur due to the increasing complexity of poorly documented IT systems and configurations. If IT documentation is neglected, the complexity of IT systems can often overwhelm IT staff and vendors, leading to unknown security gaps and risks.
Therefore, you should ask potential suppliers about their approach to IT documentation and the tools they use to manage it.
First, all company IT assets should be inventoried in a services automation platform. Network topologies, configurations, and all assets need to logged and well understood. Custom configurations should be documented and tracked as they evolve over time. Ask your service provider if they use a tool like IT Glue or Passportal to track and document everything about each client. It is important to also ask your service provider about how they manage passwords. Your IT service provider will have admin access to many of your most important IT systems and data. Your service provider should have sophisticated, enterprise-grade password management software so teams of technicians can collaborate effectively to serve your company, while keeping system passwords secure.
If you can measure it, you can manage it. And that goes for delivering outstanding customer service as well. In lots of service businesses, it is amazing how little of the service interaction gets measured. Fortunately, with IT service management, nearly every problem or resolution gets a ticket assigned. Communications, interactions, and next steps, whether f rom the technician or the user all get logged. And when the problem is resolved, its likely the user is sitting in front of a computer. This is all to say, with IT service management there are more opportunities to measure service satisfaction from the user.
Business leaders should ask hard questions about how potential IT service providers deliver strategic advice and planning.
They should be using a tool like Smileback, so they can offer quick surveys and get feedback from every user interaction. Ask if they have dashboards around their office, so they can track and monitor aggregated client satisfaction data in real time. A clear focus on the discipline of asking for feedback, acting on it, and managing satisfaction over time will yield high levels of client satisfaction.
Customer Satisfaction, Measured and Managed
Great Company Culture
Company culture is a squishy topic, but it matters immensely.
When you outsource your IT, your employees will have frequent and continuous interactions with the staff at your service provider. You want to be working with good people who are part of a healthy company culture. When an organization takes company culture seriously, they will have their mission, vision, and values documented. Healthy organizations put their company culture into action with training, company events, and visible expressions of a healthy company culture. It is usually easy to spot, when visiting the company website, social media properties, or the office.
Don’t overlook other simpler things as well. You will want to work with a service provider that is primarily or exclusively staffed with “badged employees,” rather than contractors. Look for employees who are staffed locally to the headquarters. While a ton of IT service management work can be done remotely today, you will want to partner with a service provider that has “boots on the ground” near your office, since technology still requires lots of truck rolls, office visits and continuous optimization and improvement. Lastly, ask about some of the more nuanced dimensions to company culture. What is the average employee tenure? What kind of benefits does the organization provide its staff? How does the organization help its staff with soft skills development and work/life balance. An outsourced service provider will be an extension of your team. Make sure you understand and appreciate their company culture.
The technical skills of your IT service provider are vitally important.
A winning IT service provider will place employee technical training above all else when it comes to employee development. Ask about the certifications held by the staff and about how many hours are dedicated to technical training per year. Obviously, certifications from top tier vendors such as Microsoft, Cisco, SonicWall, Citrix and VMware are important. Also look for industry certifications, from organizations like CompTIA, and specialized certifications, such as those from the security arena, such as CISSP. Cyber security training should be a non-stop endeavor for your IT service provider and their staff. In 2020 alone, security researchers have reported greater than a 700% increase in ransomware attacks.2 The cyber security landscape is changing all the time, requiring savvy service providers to continually train and upskill their technical staff.
A leading IT service provider should have well defined career paths for their technicians and internal training programs that leverage all the ways adults learn and develop, from self-paced, online education; classroom-based, instructor-led training; and certification learning paths. Ask how training is paid for and budgeted.
If company leadership is skimping on employee training, be wary.
Highly Trained Staff
When you look to partner with an IT service provider, you are also looking for a partner to help you transform your workforce. The pace of technological change is relentless. The range of cyber security risks facing companies is broad. Organizations need their staffs to continuously upgrade their skills and technical knowledge in a fast-paced economy. Moreover, cyber security awareness and good habits are the first of the line of defense in stopping cyber criminals.
Your IT service provider should offer various training programs to help your staff level up in their cyber security awareness and to properly leverage their technology and resources.
Too often, software, technology, and tools are rolled out to frontline employees with inadequate training and education. Naturally, employee productivity in these situations will suffer. Your IT service provider should deliver senior officer training, around security, IT policy and governance issues. All staff should be offered ongoing cyber security awareness training. And select staffers and departments should receive advanced cyber security and technology training where appropriate.
Client Training Programs
Last, but certainly not least, your IT service provider should understand your business issues and how technology can play a strategic role in your growth and success.
As discussed earlier in this whitepaper, your IT service provider is not there merely to staff the help desk and close trouble tickets.
Your IT service provider is your strategic partner when it comes to technology.
This means that they will need to understand the unique issues from your particular industry, geography, and competitive landscape.
They should also understand your mission, goals, budgets, and long-term game plan. And they should be able to connect the dots on how technology can be an area of strategic investment and competitive differentiation. This level of strategic insight and alignment with your business needs is only available from the upper echelon of IT service providers in the market.
