How to Choose an IT Outsourcing Provider: 10 Criteria That Actually Matter
May 8, 2025 · 11 min read · System Networks
The cheapest IT outsourcing offer rarely means the lowest total cost. Hidden charges, SLA loopholes, and undocumented dependencies can turn a ₽50,000/month contract into a ₽500,000 annual headache. This checklist helps you evaluate providers on what actually matters.
10 Evaluation Criteria
FSTEC and ISO certifications
CriticalFor regulated industries, the provider must hold FSTEC TZKI license. ISO 27001 certification is a strong positive signal for security practices.
Response time SLA (P1/P2/P3)
CriticalCritical incidents (P1): 15–30 min response, 4h resolution. Anything weaker is unacceptable for production systems. Verify SLA with references — ask about actual recent P1 incidents.
On-site engineer availability
HighCan an engineer be physically present at your office within 2 hours? Remote-only support is insufficient for hardware failures, network outages, or physical security incidents.
Security background of staff
HighDo engineers handle customer data? Background checks, NDA, and access control policies should be standard. Ask for their security onboarding procedures.
Transparent escalation path
HighWho do you call when the helpdesk fails you? There should be a named account manager and a clear escalation path to technical leadership.
Contract structure
HighFixed monthly fee with defined scope is preferable to time-and-materials for predictable budgeting. Watch for ambiguous scope definitions that allow scope expansion billing.
Reference clients in your industry
MediumReferences from companies of your size and industry are more valuable than enterprise logos. Request contacts and actually call them.
Technology stack alignment
MediumDoes the provider have certified specialists for your specific infrastructure (Cisco/HP/Dell, Windows/Linux, specific applications)? Generic IT providers often lack depth.
Transition and exit plan
MediumHow do you transition away from this provider? All documentation, credentials, and configurations must be yours — not held by the provider.
Financial stability
MediumA provider that goes bankrupt takes your infrastructure knowledge with it. Check company age, client base size, and ask about key person dependency.
SLA Red Flags to Reject
⚠️ Response time measured from ticket creation, not call
If you call at 3am and the ticket is created at 9am, your P1 response timer starts at 9am.
⚠️ "Best efforts" language anywhere in SLA
Best efforts is not an SLA. Any critical metric must have a defined measurement and penalty.
⚠️ Penalties capped at one month of service fee
A ₽50,000/month penalty cap means the provider can lose your production for days at minimal risk to them.
⚠️ Exclusions for "force majeure" without definition
Overly broad force majeure can exclude provider-caused outages from SLA coverage.
⚠️ No documented escalation path
If the on-call engineer cannot resolve an issue, who do they escalate to? And how quickly?
Questions to Ask in the Final Evaluation
IT outsourcing with 18 years of experience
System Networks IT outsourcing services →FSTEC licensed · 15 min P1 response · 24/7 on-call · Named account manager