The Five Maturity Stages
Procurement specialists and IT leaders who have managed MSP selections report: 74% of MSP relationships that fail cite misaligned expectations according to Channel Futures research. Much of this misalignment traces to maturity mismatch. MSPs exist at different maturity levels. Service Leadership’s Operational Maturity Model identifies five stages, each with distinct characteristics and client implications.
| Stage | Characteristics | Client Fit |
|---|---|---|
| Level 1 | Reactive, heroic individuals | Very small businesses |
| Level 2 | Emerging processes, inconsistent | Small businesses |
| Level 3 | Defined processes, documentation | SMB |
| Level 4 | Managed metrics, optimization | Mid-market |
| Level 5 | Continuous improvement, innovation | Enterprise |
Only 23% of MSPs operate at Level 4 or above. Maturity mismatch creates problems. Level 2 MSP can’t serve enterprise needs. Level 5 MSP pricing doesn’t fit small business budget.
The Assessment Framework
Evaluating MSP maturity requires structured assessment:
| Dimension | Level 1-2 Signs | Level 4-5 Signs |
|---|---|---|
| Documentation | Tribal knowledge | Comprehensive, current |
| Processes | Ad hoc | Defined, measured, improved |
| Staffing | Owner-dependent | Deep bench, specialization |
| Tools | Basic, fragmented | Integrated, optimized |
| Security | Reactive | Proactive, certified |
| Scalability | Limited | Demonstrated growth support |
No MSP is perfect. Assessment reveals strengths and weaknesses for informed decision.
The Reference Check Reality
Reference checks reveal what proposals hide:
Questions that matter:
- What went wrong and how was it handled?
- How responsive is the MSP during crisis?
- What would you change about the relationship?
- Would you choose them again?
- What surprised you after engagement?
Red flags in references:
- Only willing to provide handpicked references
- References are all new clients
- References can’t speak to problems
- References describe dramatically different experience than proposal
The Technical Assessment
Technical capability assessment areas:
| Area | Assessment Method |
|---|---|
| Security posture | Request SOC 2, penetration test results |
| Tool stack | Understand what tools they use and why |
| Automation level | What's automated vs. manual |
| Monitoring capability | What do they see, how quickly |
| Response capability | How do they respond to incidents |
| Scale capacity | How many endpoints, what growth capacity |
Technical capabilities should match your requirements. Over-capability costs extra. Under-capability creates gaps.
The Cultural Fit Factor
Cultural alignment affects relationship success:
| Cultural Dimension | Alignment Questions |
|---|---|
| Communication style | How do they communicate? Match yours? |
| Decision speed | How quickly do they decide? Match your pace? |
| Risk tolerance | How risk-averse? Match your profile? |
| Innovation orientation | How do they approach new technology? |
| Relationship model | Transactional or partnership? |
Cultural misfit creates ongoing friction regardless of technical capability.
The Financial Stability Assessment
MSP financial health affects service continuity:
Indicators to assess:
- Years in business
- Revenue trend (growing, stable, declining)
- Client concentration (dependency on few clients)
- Ownership structure (independent, PE-backed, preparing for sale)
- Insurance coverage (E&O, cyber liability)
- Credit standing
MSP financial distress becomes your operational problem.
The Specialization Question
Generalist vs. specialist MSP trade-offs:
| Factor | Generalist MSP | Specialist MSP |
|---|---|---|
| Industry knowledge | Broad but shallow | Deep in specialty |
| Compliance understanding | General | Specific to industry |
| Best practices | General IT | Industry-specific |
| Tool selection | Standard | Industry-optimized |
| Peer benchmarking | Cross-industry | Within industry |
| Price | Often lower | Often premium |
Specialized needs suggest specialist MSP. General needs may be well-served by generalist.
The Geographic Capability
MSP geographic coverage must match your footprint:
| Your Footprint | MSP Requirement |
|---|---|
| Single location | Local MSP sufficient |
| Regional | Regional coverage needed |
| National | National footprint or partner network |
| International | Global capability required |
Geographic gaps create coverage gaps. Understand how MSP covers locations outside their primary area.
The Scalability Assessment
MSP ability to scale with your growth:
Scalability indicators:
- Current client size range
- Largest client they serve
- Recent growth in their client base
- Staff hiring trajectory
- Infrastructure investment
- Acquisition history
MSP that serves 50-user clients may struggle with 200-user clients. Match MSP scale to your current and projected scale.
The Security Certification Landscape
Security certifications indicate capability:
| Certification | What It Indicates |
|---|---|
| SOC 2 Type II | Controls operate effectively over time |
| ISO 27001 | Information security management system |
| CMMC | Defense contractor requirements |
| HITRUST | Healthcare security framework |
| PCI-DSS | Payment card security |
Certification relevant to your industry matters more than generic certifications.
The Proposal Evaluation
Proposal comparison challenges:
| Challenge | Mitigation |
|---|---|
| Different scope definitions | Create common scope document |
| Different pricing models | Request alternative pricing formats |
| Different assumptions | Require assumption documentation |
| Marketing vs. reality | Reference check, site visit |
| Missing elements | Comprehensive RFP checklist |
Proposals are sales documents. Evaluation must look beyond presentation.
The Proof of Concept Option
For significant engagements, proof of concept reduces risk:
| POC Approach | Purpose |
|---|---|
| Limited scope pilot | Test operational capability |
| Parallel operation | Compare to current state |
| Specific project | Assess project execution |
| Discovery engagement | Understand environment before commitment |
POC costs money. The cost may be worthwhile compared to multi-year commitment risk.
The Contract Negotiation Phase
Selection isn’t complete until contract is signed:
Negotiation priorities:
- SLA definitions and enforcement
- Termination provisions
- Data ownership and portability
- Liability limitations
- Change management for scope
- Price protection mechanisms
- Exit assistance requirements
Selection of best MSP fails if contract terms create problems. Negotiate before committing.
Building Selection Process
Effective MSP selection process:
Phase 1: Requirements definition. What do you need? What matters most?
Phase 2: Market scan. Who serves your market, size, industry?
Phase 3: Initial screening. Narrow to manageable candidate list.
Phase 4: RFP/proposal. Structured information gathering.
Phase 5: Evaluation. Compare against requirements.
Phase 6: Due diligence. Reference checks, site visits, deep assessment.
Phase 7: Selection. Choose best fit for requirements.
Phase 8: Negotiation. Finalize terms and contract.
Phase 9: Transition planning. Prepare for engagement.
Rushing the process leads to selection regret. Investment in thorough selection pays in relationship quality.
Sources
- Operational Maturity Model: Service Leadership
- MSP selection criteria: IT services procurement research
- Reference check methodology: Vendor assessment best practices