Most owners only review their IT provider when something has already gone wrong. By that point the review is colored by frustration and the data you would need to make a calm decision is no longer at hand. A year-end review is the structured alternative. Done once a year, it gives you an evidence-based read on whether the relationship is earning its place in your operating budget, and it produces something concrete to take into a renewal conversation.
Why the calendar matters
The end of the calendar year is useful for two reasons. The first is that most managed services contracts auto-renew on January 1 or on the anniversary of the original signing. A November or December review gives you time to act before the renewal becomes a fait accompli. The second is that twelve months is the right window to see real patterns. Ninety days of tickets can be skewed by a single bad project. A full year smooths out the noise and shows you what the relationship actually looks like in steady state.
The review also gives you a record. In our experience reviewing provider transitions, the businesses that handle them best are the ones that can produce a written assessment of what they tried, what they raised, and how the provider responded. That record is the difference between a renegotiation that moves and one that drifts.
Step One: gather the data before you form an opinion
The most common mistake in a year-end review is starting from a gut feeling and looking for evidence to confirm it. Reverse the order. Pull the data first, then read it.
Ticket history
Ask your provider for a full year of ticket data exported to a spreadsheet. You are looking for total ticket volume, average time to first response, average time to resolution, the count of tickets that were reopened after being marked resolved, and any recurring issues that surfaced more than twice. Most professional service management platforms can produce this in minutes. If your provider cannot, or treats the request as unusual, that is itself a data point.
Invoices and project charges
Pull every invoice from the past twelve months. Separate the recurring monthly fee from project work and one-off charges. Add up what you paid in total. Compare it to what your original agreement led you to expect. The gap between expected and actual is often larger than owners assume, and the surprises usually cluster in vendor pass-through fees and out-of-scope project work. What managed IT services should actually cost is a useful benchmark when you read the totals.
Outage and incident log
Write down every significant outage or security incident from the year, even briefly. For each one, note the duration, the root cause if it was ever shared, how the provider communicated during the event, and what changed afterward to prevent a recurrence. A provider that handles incidents well leaves a paper trail. A provider that does not handle them well tends to move on quickly and hope no one writes it down.
Internal feedback
Spend twenty minutes asking the people on your team who actually file tickets how the experience has been. Keep the questions specific. Whether responses arrive within a predictable window. Whether technicians explain what they did. Whether issues stay fixed. The answers from end users often differ from what the executive-level conversations with the provider suggest, and the gap is informative.
Step Two: read the data against the things that matter
With the data in front of you, the evaluation becomes straightforward. We focus on four areas during independent assessments. They are the four areas that, in combination, tell you whether the provider is functioning as an operational partner or as a vendor of last resort.
Responsiveness and resolution
Compare the contracted SLA to what actually happened. If the SLA says one-hour response on priority tickets and the average was four, that is the story. Look separately at reopened tickets, which are the cleanest signal of work that was closed before it was finished. A reopen rate above ten percent is worth raising directly.
Security posture
Ask your provider, in writing, to confirm what is currently in place: multi-factor authentication coverage across email and core business applications, patch cadence and exception handling, the most recent restore test from backup, administrator access lists, and email threat protection. The answers should be specific. If the answers come back in marketing language, the controls themselves are often weaker than the language suggests. The essential security baseline for small business is a useful frame when reading what comes back.
Proactive communication
Count the number of times in the past year that your provider initiated a substantive conversation that was not in response to a ticket or an invoice. Quarterly business reviews count if they had a real agenda. Drive-by check-ins do not. A healthy engagement should produce at least four substantive outreaches in a year. Many do not.
Cost transparency
Two questions. Do you understand exactly what is included in the recurring fee? And was every out-of-scope charge approved in writing before it landed on a bill? If either answer is no, the billing relationship needs to be rebuilt before the technical relationship is worth continuing.
Step Three: sit down with the provider
Once the data is organized, schedule a meeting with your account manager or the principal of the firm. Send the agenda ahead of time. The point of the meeting is not to ambush them with grievances. The point is to see how they respond to a specific, evidence-based conversation about the year.
A short list of questions usually surfaces what you need to know. What was our average response time for priority-one tickets this year, and how did that compare to our SLA? Of the tickets that were reopened, what was the root cause pattern? Which recurring issues did you identify, and what work was done to eliminate them at the source? What is the current state of our backup restore testing and our MFA coverage? What proactive recommendations did you bring to us this year that we did not act on?
The substance of the answers matters, and so does the tone. Providers who are functioning well welcome the conversation and often arrive with their own version of the data. Providers who are not functioning well become defensive, vague, or attempt to reframe the discussion as a relationship problem rather than a performance problem. Both responses are useful information.
Step Four: write down a decision
The review is only useful if it ends in a written decision. We see three reasonable outcomes, and the right one depends on what the data showed and how the conversation went.
Stay and maintain. The data is solid, the provider engaged with the review honestly, and the minor issues have a written plan attached. Renew with confidence and schedule next year's review now.
Stay and renegotiate. The relationship has value, but specific concerns came out of the review that need to be addressed in writing before the next renewal. How to negotiate better terms with your current MSP walks through which contract levers actually move and which tend to be theatrical.
Plan a transition. The review surfaced multiple persistent issues that have been visible to the provider for months, and the meeting did not produce a credible path to fixing them. Our guide to transitioning MSPs covers what an orderly exit looks like and how long it should take.
When to bring in an outside view
A year-end review you conduct on your own works well when the situation is clear. When it is not clear, an outside read is usually worth more than another round of internal debate. The free MSP Performance Scorecard gives you a structured ten-minute version. A full Technology Confidence Assessment goes deeper: a third party reviews tickets, invoices, security posture, and infrastructure, and delivers a written stay-or-switch recommendation grounded in evidence.
Want a second set of eyes on the review?
The Technology Confidence Assessment is the independent version of the year-end review described above. We pull the same data, ask the same questions, and deliver a written report you can take into your renewal conversation.
Schedule an AssessmentThe point of the annual review is not to manufacture grievances. It is to replace gut feeling with evidence, so that when renewal arrives you are deciding from a position of clarity rather than inertia. Done once a year, in the same month, it becomes the single most valuable hour you spend on the IT relationship.