Your managed service provider (or tech person) is supposed to be the safety net between your business and disaster. They monitor your systems, manage your backups, and promise to keep things running when everything else goes sideways. But how do you know they can actually deliver on that promise? The answer starts with five straightforward questions about business continuity. If your MSP stumbles on any of them, it is time to pay attention.

Question One: “What is our current recovery time objective, and how was it determined?”

Every business has a threshold for how long it can survive without its critical systems. That threshold is your recovery time. A capable MSP will not only know an estimate of your recovery time off the top of their head but will also be able to walk you through how they arrived at that number. It should reflect conversations about your` customer commitments, your compliance requirements, and the operational realities of your environment.

If your MSP gives you a blank stare or quotes a generic number that sounds like it came from a boilerplate contract, that is a problem. Your recovery time should be as specific to your business as your business plan. A provider who cannot articulate it has not done the foundational work required to actually protect you.

Question Two: “When was our disaster recovery plan last tested, and what were the results?”

A disaster recovery plan that has never been tested is not a plan. It is a guess. Testing reveals the gaps that documentation alone cannot uncover: the backup that restores slowly, the dependency nobody remembered, the credential that expired six months ago. Your MSP should be running tabletop exercises and full restoration tests on a regular cadence, and they should have documented results they can share with you.

If the last test was “a while ago” or “we have not gotten around to it,” you are operating on hope. Hope is not a business continuity strategy. A mature MSP treats testing as a recurring discipline, not a checkbox they tick once during onboarding.

Question Three: “If our primary systems went down right now, what is the exact sequence of events that follows?”

This question tests whether your MSP has a real, rehearsed incident response workflow or just a vague sense of what they would probably do. The answer should be specific. You want to hear about alerting protocols, escalation paths, communication plans for your team, the order in which systems get restored, and who is responsible for each step.

Vague answers like “we would get on it right away” or “our team would jump in” are not reassuring. They suggest a reactive culture rather than a prepared one. In a genuine outage, clarity and speed come from preparation. Every minute spent figuring out what to do next is a minute your business is losing money and trust.

The difference between a four-hour outage and a four-day outage often comes down to whether someone had to improvise or simply had to execute.

Question Four: “Where are our backups stored, and are they protected from the same threats as our primary environment?”

Backups that live in the same environment as your production systems are vulnerable to the same failures. A ransomware attack that encrypts your servers can just as easily encrypt your backups if they are sitting on the same network. Your MSP should be able to explain a layered backup strategy that includes offsite or cloud-based copies, immutable storage options, and air-gapped protections for your most critical data.

If your provider cannot clearly explain where your backups live, how they are isolated, and how often their integrity is verified, you are carrying more risk than you realize. This is not a technical footnote. It is the difference between recovering from an incident and starting over from scratch.

Question Five: “How do you ensure our business continuity plan evolves as our business changes?”

Businesses are not static. You add new applications, migrate workloads to the cloud, open new locations, onboard remote employees, and shift priorities quarter to quarter. Your continuity plan needs to keep pace with all of that. A strong MSP builds regular reviews into the relationship, reassessing your risk profile, updating recovery procedures, and adjusting priorities as your infrastructure and operations evolve.

If your MSP set up a plan two years ago and has not revisited it since, the plan is probably protecting a version of your business that no longer exists. Continuity planning is a living process, and a provider who treats it as a one-time project is not truly invested in your resilience.

Here are some warning signs your MSP (or tech person):

•             They cannot produce documentation for your disaster recovery plan on request

•             Backup reports are not shared with you proactively or on a regular schedule

•             You have never been invited to participate in a recovery test or tabletop exercise

•             Your last business continuity review predates a major change in your infrastructure

•             Incident response feels improvised rather than rehearsed when issues arise

•             They deflect technical questions with jargon instead of clear, direct answers

These five questions are not designed to be gotchas. They represent the bare minimum of what a competent managed service provider should know about your environment and your risk posture. The answers reveal whether your MSP is a genuine partner in protecting your business or simply a vendor collecting a monthly fee.

If your provider cannot answer these questions confidently and specifically, it’s time to find one that can. One that will have a serious conversation about expectations, accountability, and what business continuity actually looks like in practice. Your business deserves a partner who is ready before disaster strikes, not one who starts preparing after it does. Valley Techlogic can be that partner, learn more today.

• First Meta and then Claude, what does it mean when AI language models are leaked online

• Microsoft 365, Google Workspace and.. Apple Business ? What is Apple’s new entry into enterprise software and what does it mean for your business
• So long Sora, ChatGPT pulls the plug on AI video generation platform amidst a $1 billion dollar pull out by Disney
• Anthropic’s AI product Claude experienced a surge in new subscribers after they told the government “no” to removing safeguards, a new look at AI ethics

This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.