The Seven Questions You Must Ask When Outsourcing Linux Support
There are lots of IT support companies out there. How do you choose between them? Here are seven questions that will help you pick the right one.
1. Why you?
Start by asking them:
“Why should I choose to do business with you over any other option open to me?”
Those options include:
- doing nothing
- managing the IT yourself
- using this company
- using one of their competitors
If they cannot be crystal clear about why you should choose to do business with them, you can’t be clear either.
2. How do you handle security?
When you delegate the support of your IT infrastructure to another department or company, you are handing over the keys to at least part of your business.
Those who have keys to your house have built up trust with you, usually over a long period of time. Those who have the keys to your IT infrastructure need to earn that trust, too.
There are a lot of areas of security, so here are a few extra questions that will give you a feeling for how seriously security is taken:
- How do you manage access to your customers’ servers?
- How do you store passwords to your customers’ systems?
- Who has access to those passwords?
- When do you use two-factor authentication?
- What is your process for keeping systems up to date with respect to security updates?
- What techniques do you use to maintain an audit trail of work done?
- Are you accredited under ISO27001:2017, the current version of the Information Security Standard?
It’s important that your servers are kept up to date and secure, and a good support contract will include the timely installation of security updates as an integral part of the service, not a paid-for extra.
3. What’s your focus?
When a company lists what it specialises in, be wary. “Specialise” and “lists”, particularly long ones, don’t sit well together.
If your business has chosen to run Linux servers, you want a support company that is serious about Linux. You don’t expect your GP to be an expert on orthopaedic surgery; equally, you shouldn’t expect an IT generalist to provide the very best Linux support.
For most businesses, the availability of IT services is critical. You may, from time to time, have a server become unavailable, but all the services your IT infrastructure provides should still be available.
All IT companies will (presumably) fix things when they break, but that is not the same as keeping services available. You could ask:
- How quickly do you fix problems?
- Describe how you prevent problems occurring.
- How many support incidents are included per month?
If they say they monitor servers, ask:
- Can I have access to that monitoring?
- How many parameters are monitored on a typical server?
If you do have a problem, it must be easy to speak to someone who can actually help. Your time is too valuable to spend listening to dubious on-hold music.
4. How will you help reduce costs?
IT is not an end in itself, but rather a means to an end. Your IT support company should understand why your IT systems are in place and what they are there to achieve.
If there is a better or cheaper way of achieving the same result, even if it involves reduces their income, they should tell you.
Why would an IT support company tell you how to save money with them? Because they should be a partner, not simply an expense item.
5. What qualifications do your staff have?
Historically, there has been a gap in the IT industry between the technical qualifications held and the technical competence demonstrated. With that in mind, some Linux qualifications have been designed to be more rigorous.
The key qualifications in the Linux world (in no particular order) are:
- Red Hat Certified Engineer (RHCE): the exam requires the candidate to configure a (Red Hat) Linux system in various ways. This is a not a multiple-choice written test: it’s a hands-on practical one. Verdict: a very high standard.
- Debian Developer (DD): not achieved by passing an exam, but by a peer-managed process of managing and maintaining Debian packages, and a deep understanding of the Debian philosophy. Verdict: again, a very high standard.
- Linux Professional Institute (LPI): distribution-agnostic written exams administered by the non-profit Canadian Linux Professional Institute. There are many levels of certification. Verdict: a useful guide, but not as thorough as the RHCE and DD.
Be aware that most qualifications lapse after a certain time, so be sure to ask about currentqualifications.
6. May I visit your offices?
Most IT support companies won’t have an issue with this, and it is a valuable thing to do. As discussed in question 2 (“How Do You Handle Security?”), you’re potentially handing over the keys to at least part of your business, so visiting their offices would seem to be a reasonable step in the process of due diligence.
If their company website lists the IT support team, there’s no harm in Googling them to see what kind of people they are.
So, when you visit, what are you looking for? Here’s a short list to get you started:
- Are they professional in their treatment of you and towards each other?
- How are they handling security with a stranger (you) in their midst?
- What’s the office culture? What’s on the desks and the walls? Would you want to work there?
- Are the answers given to your earlier questions reflected in what you see in the offices?
- Are the staff smart, professional, and human?
7. What does the contract include?
We believe a serious, professional IT support organisation will insist that both parties sign a contract. We’re not lawyers, but we think the contract should include:
- Any minimum term and the required notice period. Neither should be excessive: you should be staying with them because you want to, not because you have to.
- The days and hours of cover.
- A confidentiality clause. They are likely to have full access to all your data, so this is essential.
- A Service Level Agreement: this defines the response you are entitled to for a given severity of problem – but be aware that “response” is not the same as “resolution”. This may also vary at different times of day.
- Clarity. You should be able to read the contract and understand it without having a law degree.
What additional costs are not covered by the contract? Check for security updates, operating system upgrades, user requests, additions/changes/deletions to the services supported, and any limits on the number of incidents.
You shouldn’t expect to have to put the contract to test in a court, but having a contract ensures that both sides have a clear understanding of what will be provided at what cost.
8. Bonus points
The seven questions above will help you draw up a shortlist of IT companies that can support you. If you’re stuck choosing between two companies, perhaps the following may help:
- Do you like them? That may be unscientific, but you’re unlikely to have a successful business relationship with people you don’t like.
- Speak to their clients. Any respectable IT company will willingly provide references, and many people are more candid on the phone than in writing – so call a few. As well as their overall opinion, ask them what they wish they had known when they took out their support contract. Ask them about the service level, the professionalism, the partnership. How quickly is the phone answered? How quickly are problems resolved? What is their server availability like? Would they recommend their support company to others?