← Back to blog
IT Support Small Business

How to Choose an IT Support Company in the UK — 7 Questions to Ask

Choosing an IT support company is one of the most consequential decisions a small business makes — and one of the hardest to undo once the wrong choice has been made. A poor IT provider doesn't just cost money; it leaves your systems vulnerable, your staff frustrated, and your business exposed to risks you may not even know about. The problem is that most IT companies say the same things in their marketing. Here are seven questions that will help you separate the competent providers from the ones who will let you down.

Question 1: What Is Your Response Time, and Is It Contractually Guaranteed?

Every IT company will tell you they respond quickly. The question is whether that's a contractual commitment or a marketing claim. Ask to see the service level agreement (SLA) and look for specific response time commitments for different types of issue: a critical outage (where no one can work) should have a response time measured in minutes to an hour; a routine issue should have a response time measured in hours, not days.

Ask how response times are measured and what remedies exist if the SLA is breached. If the provider can't answer clearly, or if the SLA doesn't include specific commitments, that's a significant warning sign.

Question 2: Do You Have Experience With Businesses Like Mine?

IT support for a twenty-person professional services firm is meaningfully different from IT support for a retail business with a warehouse, or a healthcare practice with specific compliance requirements. Ask for references from businesses of a similar size and sector to yours. A provider who primarily serves large enterprises may not have the processes or patience for small business needs; one who primarily serves micro-businesses may not have the depth of expertise your organisation requires.

Ask specifically about their experience with your primary business applications. If your firm relies on a particular accounting package, CRM system, or industry-specific software, you want an IT provider who knows it — not one who will be learning on your time.

Question 3: How Do You Handle Cybersecurity — Specifically?

Be wary of vague answers here. Every IT company will say they "take security seriously." What you're looking for is specific: do they enforce multi-factor authentication for all clients as standard? Do they manage patching on a defined schedule? Do they include endpoint detection and response tools, not just basic antivirus? Do they provide security awareness training?

Ask whether they can help you achieve Cyber Essentials certification, and whether any of their staff hold relevant security qualifications. The NCSC's Cyber Essentials scheme provides a useful baseline — an IT provider who doesn't know what it is, or who hasn't helped clients achieve it, is not keeping up with the current threat landscape. Our post on why UK small businesses are top ransomware targets explains why these specifics matter.

Question 4: What Does Your Monitoring Actually Cover?

Monitoring is a term that gets used loosely. Some providers monitor only whether a server is online or offline. Others monitor individual services, event logs, hardware health metrics, backup success and failure, security alerts, and performance thresholds — and respond automatically to anomalies. The difference between these two approaches is the difference between knowing that a server went down and knowing that a server was about to fail three days before it did.

Ask for a specific list of what is monitored, how alerts are handled, and what the provider's out-of-hours cover looks like. If your business operates outside standard 9–5 hours, you need to know that someone is watching your systems during the times that matter to you.

Question 5: What Happens to My Data If We Part Ways?

IT providers often become custodians of significant amounts of business data — backup copies, configuration data, access credentials for your systems, licences registered in their name. Before you sign a contract, understand exactly what happens if the relationship ends: who owns the data, how it will be transferred to you or a new provider, and what the handover process looks like. A reputable provider will have a clear offboarding procedure. One who hedges on this question may be planning to make departure difficult.

Question 6: Are You a Microsoft Partner, and at What Tier?

If your business uses Microsoft 365 — which most UK small businesses do — your IT provider's relationship with Microsoft matters. Microsoft Partners who have achieved Solutions Partner status have demonstrated expertise across Microsoft's product range and have access to technical support resources that non-partners don't. They can also provide Microsoft 365 licences directly, manage your tenant, and escalate issues to Microsoft more effectively than an unaccredited provider.

For guidance on what Microsoft 365 plans include, see our post on Microsoft 365 Business Basic vs Standard vs Premium.

Question 7: What Is Your Pricing Model, and What Is Included?

IT support pricing models vary considerably: per-user monthly fees, per-device fees, all-inclusive contracts, or hybrid models with a base fee plus hourly charges for certain types of work. Understand precisely what is and isn't included before you sign. Common exclusions include out-of-hours support, project work (setting up a new server, onboarding a new office location), hardware supply, and third-party software licensing.

Ask for a worked example: if your server fails at 7pm on a Tuesday, what happens, and what does it cost? The answer will tell you a great deal about how transparent the provider is about their actual service model. A provider like Lasetech is upfront about what's included in a managed support contract and what falls outside it — that transparency is a basic expectation, not a differentiator.

Red Flags to Watch For

  • No written SLA or vague response time commitments
  • Reluctance to provide references from existing clients
  • Licensing your software in their name rather than yours
  • No mention of cybersecurity in their standard service offering
  • Pressure to sign a long contract before you've had a chance to assess their service
  • Inability to explain what they monitor and how they respond to alerts

Frequently Asked Questions

How much should a small business pay for IT support in the UK?

For a fully managed IT support service covering monitoring, helpdesk, patching, and cybersecurity tools, most UK small businesses pay between £50 and £120 per user per month. The price varies depending on the level of service, the complexity of your systems, and whether hardware support is included. Be cautious of prices significantly below this range — they usually indicate a reactive-only service with limited monitoring or security provision.

What should an IT support contract include?

A comprehensive IT support contract should include: a defined scope of services, specific response time SLAs for different incident priorities, details of what is monitored and how, patch management commitments, backup monitoring (if backups are managed), escalation procedures, out-of-hours support terms, and a clear description of what falls outside the contract. Any contract that is vague on these points should be clarified in writing before signing.

Is it better to have in-house IT or outsource to an IT support company?

For most UK businesses under 50 employees, outsourcing to a managed IT provider is more cost-effective than hiring in-house. A single internal IT person typically costs £35,000–£50,000 per year in salary alone, and provides coverage only during their working hours. A managed IT provider offers a team with broader expertise, 24/7 monitoring, and a defined SLA, usually for a fraction of the cost of a full-time employee. In-house IT makes more sense once a business grows to a scale where the volume of support work justifies the headcount.

Can I switch IT support companies without disruption?

Yes — switching IT providers is manageable if handled properly. A reputable provider will assist with the handover, transferring documentation, access credentials, and configuration details to your new provider. The process typically takes two to four weeks for a small business. The main risks are providers who resist handover or hold data in ways that complicate the transfer. Ensuring your contract includes clear offboarding terms before you sign protects you if you later need to switch.