So Your Business Can Be Ready for Tomorrow

Is your network running?

Does this sound like the beginning of a bad joke? For many organizations, a running network and cost are often the only metrics against which their IT provider is measured. However, without additional metrics such as the quality of documentation, adherence to established standards, and responsiveness, a business may struggle to truly assess the performance of their service provider.

For businesses, cost is indeed a critical factor. While the total IT budget is finite, the evaluation of service quality should not be overlooked. Simply running isn’t enough—if services aren’t well managed and documented, they may not be running efficiently, potentially costing the organization business opportunities and sales.

Service Level Agreements

SLAs are a common metric used to assess IT services, often focused on uptime. However, with the current quality of hardware and software, achieving high uptime isn’t particularly difficult, even with low-cost components. The services need to be running, but they also need to be well managed. Poor management and documentation can lead to inefficiencies that undermine the benefits of high uptime.

Response Time

Response time is another critical component of SLAs. While quick responses are important, the type, result, and quality of the response are just as crucial. An initial one-minute response is meaningless if the solution takes weeks or months to implement.

Standards and Certifications

A key metric for evaluating an IT service provider is their adherence to standards and certifications. Do they operate within an ISO 27001/27002 or similar framework? Do they employ staff with the necessary certifications to work in regulated industries? Adherence to recognized standards is a sign of professionalism and commitment to quality.

Documentation

Above all, documentation is the best metric for evaluating an IT service provider. Comprehensive documentation reveals mistakes, omissions, and the true quality of the service provided. Regularly auditing documentation ensures that infrastructure is configured correctly and that standardized processes are followed. Lack of proper documentation can lead to fear of change, updates, and new software, which can stifle business growth and profitability.

Key Questions to Ask Your I.T. Provider

1. Where is the documentation for services and applications supported by the provider?
   • Lack of documentation is a serious red flag, indicating an unwillingness to be held accountable.
   • Documentation should always be available to the business, owned, and hosted as part of the customer’s data.
   • The documentation must be appropriate for the business size and industry, and should be regularly maintained and updated to reflect the running environment.
2. What is being documented?
   • Small businesses should at least have security policies, server/service documentation, licensing information, and domain/email configuration documented. Monthly service reporting should also be provided.
   • Line of Business applications such as an Enterprise Resource Planning (ERP) service for manufacturing, or a Document Management System (DMS) should always be documented.
3. Does documentation also include procedures for service technicians?
   • Regardless of business size, service issues should be documented with causes and solutions.
4. Where is my data, and how securely is it stored?
   • The security of the data center should be proportional to the value of the data. Eight figures worth of hardware and data should not be held behind a glass door in an unguarded industrial bay on a dark backstreet.
5. What security standards are being implemented?
   • Every business needs a security standard appropriate for its operations. If specific compliance requirements aren’t necessary, the IT provider should recommend a suitable standard. As an example, a good IT service provider will support complex password requirements through self-service portals and other end-user centric tools that allow for high security while reducing or eliminating service ticket requests to reset passwords.
6. What certifications and standards are set for the IT service technicians?
   • Do they have the relevant certifications and experience needed to manage your network effectively?
7. What Service Level Agreements (SLAs) are in place, and are reports being generated to validate SLA adherence?
   • It’s important to verify SLA compliance with concrete proof, such as uptime reports and response time documentation. It’s easy to make claims – make sure they’re backed up.
8. What is their service model and methodology?
   • Does your provider operate in a break-fix mode, or are they proactively managing your IT services? Managed Services should be more than just prepaid break-fix; they should include proactive management and support.
9. What is the budget for your IT services, and how well does the provider work within it?
   • A low hourly rate doesn’t necessarily mean cost-effective solutions. Does the provider assist with cost reduction and work with you to establish a realistic budget?
10. Does the IT provider engage in fair business practices?
    • For example, if they bill two hours for setting up one laptop, do they bill ten hours for setting up five? The answer should be no—setup costs should decrease with scale.
11. Do you audit your IT services?
    • Regular independent audits are necessary to ensure that standards are met, documentation is maintained, and the IT budget is realistic and adhered to. You should be able to trust your IT provider – by verifying their work through regular audits.

If these questions raise concerns, consider contacting an independent IT Auditor and Virtual Chief Information Officer (vCIO) like Clark B. Lebarge to discuss auditing and assessing your network, servers, and services, as well as assistance with choosing a reliable IT service provider.