If the only time you talk to your IT provider is when
something breaks or a contract comes up for renewal, you're leaving money and
risk on the table.
Technology doesn't sit still. New threats show up every
month. Tools your team relies on drift out of date. Small misconfigurations
pile up until they cause real problems. The businesses that stay ahead of this
aren't the ones with the biggest budgets. They're the ones asking the right
questions at the right frequency.
Quarterly check-ins aren't a nice-to-have. They're how you
catch the things that don't set off alarms but still cost you.
Here are 6 questions worth asking every quarter. And more
importantly, what the answers should tell you about whether your IT provider is
actually a partner or just a vendor waiting for the next ticket.
1. Where are we exposed right now?
Every environment has weak spots. The question isn't whether
they exist. It's whether anyone's actively looking for them.
A provider who's truly managing your security should be able
to walk you through what they found this quarter. Which systems are overdue for
patches. Whether any users triggered suspicious login alerts. Which endpoints
fell out of compliance. Not a vague "you're good" but a specific, documented
picture of where your biggest exposure sits today.
At Framework IT, this is baked into how our account teams
operate. Your virtual Chief Information Officer (vCIO) conducts a security posture
assessment grounded in CIS Controls during your first Strategic Business Review
and tracks your security posture in every review after that. Your Proactive
Infrastructure Engineer (PIE) runs scheduled health checks on monthly,
quarterly, and annual cadences, catching the things that would otherwise drift.
And our 24/7 Security Operations Center (SOC) through BlackPoint Cyber is
correlating alerts across your endpoints, email, and cloud environment every
day, not just when something goes wrong.
If your provider can't give you a clear, current answer to
this question, they're not watching closely enough.
2. Have our backups actually been tested?
Having backups and being able to recover are two different
things. A lot of businesses find that out at the worst possible moment.
Ransomware hits. A server fails. Someone deletes a critical
folder. The first question is always "how fast can we get back up?" And if
nobody's tested the answer recently, you're guessing.
The numbers are sobering. 68% of attacks attempt to corrupt
or delete backups. 1 in 3 small and midsized businesses discover their latest
backup is unusable during recovery. And 41% of compromised data turns out to be
unrecoverable.
Your provider should be able to tell you exactly when the
last recovery test ran, what the restore time looked like, and whether cloud
applications like Microsoft 365 are covered.
Framework IT partners with
Axcient for backup and disaster recovery across servers, endpoints, and
cloud platforms. Axcient's AutoVerify runs automated backup testing and
screenshot verification so we know backups are recoverable without waiting for
a crisis. AirGap immutable protection means even if ransomware compromises your
production environment, your recovery points stay intact. Your PIE monitors
backup health daily. When disaster strikes, we're not scrambling. We already
know the plan works.
3. What's slowing our people down?
Most productivity problems don't trigger an outage ticket.
They show up as 15-second delays that happen 50 times a day. A video call that
freezes mid-presentation. A system that's become so unreliable people build
workarounds instead of reporting it.
80% of workers report lacking time and energy to do their
jobs effectively, and a big chunk of that friction traces back to technology
that's not keeping up. These aren't dramatic failures. They're slow leaks that
drain hours every week.
A quarterly review should surface the systems generating the
most complaints, hardware that's past its useful life, and software that your
team has outgrown. Your provider should be bringing these patterns to you, not
waiting for you to notice.
This is where a strategic IT partnership pays for itself.
Framework IT's vCIO tracks ticket trends, system performance data, and user
feedback to identify the friction points that don't make it into an emergency
call. Then we build those fixes into your Business Optimization Roadmap, a
technology plan aligned to your actual business goals, so improvements happen
on a timeline you can budget for. After 15+ years of operational data, we've
found that partners who follow this roadmap experience approximately 30% fewer
disruptions. That's not a promise on a slide deck. It's a pattern backed by
data.
4. Are we still meeting compliance requirements?
Compliance isn't a one-time checkbox. Requirements shift.
Cyber insurance carriers tighten their questionnaires. Industry regulators
update their expectations. A business that was fully aligned in January can
have gaps by July without anyone realizing it.
Your provider should be tracking whether any requirements
changed this quarter, whether your documentation is current, and whether your
security controls still meet what your insurance carrier and regulators expect.
Framework IT's security stack is designed to meet the
requirements of over 97% of cyber liability insurance policies. That includes
SentinelOne endpoint detection and response, 24/7 SOC monitoring, MFA, Mimecast
email security, KnowBe4 security awareness training, dark web monitoring, and
Axcient encrypted backups. Your
vCIO develops and maintains the written security policies, including Acceptable
Use, Incident Response, and Data Backup and Recovery, with employee attestation
workflows that create the documented proof insurers and auditors ask for.
5. What should we budget for next quarter?
Surprise IT expenses are one of the top frustrations
business owners bring up when they're evaluating a new provider. And usually,
the surprise wasn't truly a surprise. It was a known issue that nobody flagged
early enough.
A quarterly review should cover aging hardware approaching
end of life, warranties and licenses coming up for renewal, infrastructure
upgrades on the horizon, and security investments worth planning for. The goal
is to spread costs out over time instead of absorbing emergency purchases that
blow up a quarter.
Framework IT's Business Optimization Pricing Model is built
around this principle. As your environment aligns to best-practice standards,
your monthly managed services pricing decreases. Think of it like a safe driver
discount. The better your technology hygiene, the less you pay, because aligned
environments generate fewer disruptions and lower costs for everyone. Your vCIO
maps this out during Strategic Business Reviews so you can see the financial
trajectory, not just the technical roadmap.
6. Where are we falling behind?
This is the question most IT providers avoid because it
requires strategic thinking, not just technical support. It's also the question
that separates a vendor from a partner.
Are there tools or automations your competitors are using
that you haven't adopted? Have cybersecurity expectations shifted in ways that
affect your industry? Is your infrastructure built for the team you have today,
or the team you had 2 years ago?
A provider who only maintains the status quo isn't
protecting your business. They're letting it fall behind slowly enough that you
don't notice until it's expensive to catch up.
At Framework IT, your vCIO's job is to think about this
before you have to. They're tracking industry trends, evaluating new tools, and
benchmarking your environment against what we see across our client base of
managed services partners. That perspective is how you stay ahead of both the
technology curve and the threat landscape.
If These Conversations Aren't Happening, That's the Biggest Red Flag
A quarterly check-in isn't a courtesy meeting. It's the
mechanism that turns reactive IT into proactive IT. If your provider isn't
bringing these conversations to you, they're not managing your technology.
They're waiting for it to break.
The difference between a vendor and a partner is what
happens between the emergencies. A real partner prevents them.
Book a
meeting to talk about what your quarterly IT reviews should actually look like.
And if you know a business owner who's not sure whether
their IT provider is keeping up, send this their way.
About the Author
Adam Barney is President and Managing Partner of Framework
IT, a Chicago-based managed IT services firm he's helped lead for more than 15
years. He and his team of 40+ professionals specialize in IT support, strategy,
and cybersecurity for small and mid-sized businesses. Adam's insights on
business technology have been featured in the Harvard Business Review, the
Washington Post, and Fox 32 Chicago.