NCSC Checklist for Selecting the Right IT Provider for your Cyber Security
The National Cyber Security Centre (NCSC) has created a checklist that businesses should use when selecting an IT Provider for their Cyber Security needs
.jpg)
Cyber security tools are only part of the picture
When you work with a Managed Service Provider (MSP), you gain access to specialist cyber security tools and expert support, but how confident are you that your MSP is truly protecting your business?
Not all MSPs deliver the same level of cyber security, transparency, or accountability. To help organisations make informed decisions, the UK’s National Cyber Security Centre (NCSC) has published a practical checklist outlining the key questions every business should ask their IT provider.
In this blog, we walk through the NCSC’s due diligence checklist and explain how Technical Drive meets each requirement. If you’d like to explore the full guidance yourself, you can view the official NCSC resource below.
Covering everything from recognised certifications and service transparency to incident response and supply chain risk, these questions are designed to ensure your MSP follows best practice and takes cyber security seriously.
How CyberSafe365+ Supports your Cyber Security
At Technical Drive, we’re proud to confidently answer every one of these questions, and to provide clear evidence to support our approach.
Our CyberSafe365 package offers a straightforward, easy-to-understand suite of security tools, backed by our experienced Cyber Security team, giving our clients peace of mind that their systems and data are well protected.
View the full NCSC checklist here: https://www.ncsc.gov.uk/guidance/choosing-a-managed-service-provider-msp
Key questions to ask your MSP
The NCSC recommends asking your IT provider the following questions to understand whether they are equipped to protect your organisation effectively.
1. Do they hold recognised security certifications?
- TD Answer: Yes. We hold recognised certifications including Cyber Essentials Plus and work in line with ISO 27001 principles. Audit reports and scope statements are available on request.
2. Can they provide references, testimonials, or case studies from other SMEs?
- TD Answer: Absolutely. We can provide verifiable references, testimonials, and case studies from SMEs across a wide range of sectors, including professional services, manufacturing, and charities.
3. Do they have a proven track record of security and service quality?
- TD Answer: Yes. Our documented service KPIs, patch compliance records, incident metrics, and SLA performance demonstrate consistent, reliable service delivery.
4. Do they provide transparency around services and processes?
- TD Answer: We believe transparency is essential. Clients receive access to service catalogues, runbooks, onboarding plans, architecture diagrams, and clear monthly service reports.
5. Are service levels such as response times and uptime clearly defined?
- TD Answer: Yes. Our SLAs clearly define response and restoration targets, availability metrics, change windows, escalation paths, and service-credit mechanisms.
6. Do they offer solutions that fit your needs and budget?
- TD Answer: The CyberSafe365 package is a cyber security package that's designed to fit the needs and budget of SMEs. Providing a suite of security tools, backed by our experienced Cyber Security team.
Cyber security services your MSP should provide
A capable MSP should deliver more than ad-hoc support. These core services form the foundation of a strong cyber security posture, helping to reduce risk, detect threats early, and ensure your business can recover quickly if something goes wrong.
-
Timely patch management across all systems and software to address known vulnerabilities
-
Automated, off-site backups with regular testing to ensure data can be restored when needed
-
Continuous security monitoring and logging, with alerts for unusual or suspicious activity
-
Use of two-step verification (2SV) across all access points to reduce the risk of unauthorised access
-
Clear, documented incident response and management procedures
-
Prompt application of security updates and firmware patches across infrastructure
Without these fundamentals in place, even well-resourced organisations can be exposed to unnecessary cyber risk.
Contract and agreement considerations
Your contract with an MSP should clearly define what you can expect from the service and how cyber security responsibilities are shared. A well-structured agreement helps avoid confusion during day-to-day operations and is especially important during security incidents.
-
A detailed and clearly defined Service Level Agreement (SLA)
-
Clear roles, responsibilities, and liabilities for both parties
-
Defined processes for how and when security incidents are reported
-
Regular service reviews and reporting to maintain transparency
-
Application of the principle of least privilege to MSP system access
-
Clear provisions for managing obsolete accounts and infrastructure
-
A transparent process for contract review, renewal, or termination
These points help ensure accountability and give you confidence that cyber security obligations are understood and enforceable.
Risk and responsibility
Cyber security risk doesn’t stop with your MSP. Their suppliers, tools, and partners can all impact your overall security posture, which is why supply chain risk and responsibility must be clearly addressed.
Key areas to explore include:
-
Clearly documented accountability and liability in the event of a cyber security incident
-
A tested incident response and recovery plan that includes realistic scenarios
-
Agreed backup and disaster recovery procedures aligned with your business needs
-
An ongoing programme of cyber security training and user awareness
Understanding how risk is managed, and who is responsible at each stage, is essential for building a resilient cyber security strategy.
Take Control of Your Cyber Security
Choosing the right MSP Your MSP should give you confidence, not uncertainty. Knowing your cyber security is managed properly makes all the difference.
The NCSC’s checklist shows what good looks like, and at Technical Drive, we work to that standard.
Through clear processes, recognised security frameworks, and our CyberSafe365 service, we help organisations reduce risk and stay protected.
If you’re reviewing your IT provider or want reassurance about your cyber security, speak to our team today.
Call us on 01527 880088
Get in touch online
Featured blogs
A Webinar Win! Kicking Off the Series with Cyber Security
We kicked off our IT webinar series with a strong start, exploring Cyber Security with KnowBe4 and welcoming 30+ attendees.
Read more
.jpg)
Cut Costs, Not Calls: Free Teams Phone Set-Up Until 31st Dec
Discover how Microsoft Teams Telephony can simplify business communication, reduce costs, and save you up to £2,000 with Technical Drive’s limited-time offer.
Read more
TD on TV!
Technical Drive makes its TV debut with a brand-new Sky advert!
Read more
Jingle All the Way to 5k! Running for Birmingham Mind!
Three Technical Drive elves dashed through Cannon Hill Park for the Mental Elf 5K, spreading festive cheer and supporting Birmingham Mind!
Read more
The Night We'll Be Talking About Until Next Christmas!
A night of glamour, laughter and surprises. From live music to magical moments, this Christmas party had it all.
Read more
New Year, New IT
Getting your IT sorted before January gives your business a smoother, calmer and more secure start to the year with help from Technical Drive.
Read more
Festive Knits, Turkey Baps & Secret Santa!
Jumpers, joy and pigs-in-blankets, our office Christmas vibes in full swing.
Read more
Christmas Bank Holiday Emergency Opening Times 2025
Emergency IT support available across the festive season, including Christmas and New Year
Read more
The Survey Results are in!
Our 2025 Client Satisfaction Survey results are in and we’re delighted to have achieved outstanding feedback from our clients yet again!
Read more
Cyber Criminals Don't Stop for Christmas
SMEs can be especially vulnerable during the festive season, but Technical Drive provides the protection and vigilance needed to keep businesses safe.
Read more
.jpg)
Start the New Year Stronger: Book Your IT Audit Today
Now is the perfect time to act. An IT audit ensures your technology is running smoothly, you have the right cyber security protection
Read more
Results That Matter: Technical Drive in 2025
Reflecting on how our teams helped customers stay productive, protected and confident in their IT during 2025.
Read more
.jpg)
Six IT Priorities Every SME Should Be Planning for in 2026
A practical look at the six IT priorities IT managers and directors should focus on in 2026 to stay secure, efficient and ready for what’s next.
Read more
Email sign up
As your Managed IT Service Partner, we take responsibility to proactively help you drive your business forward through technology. With our fast, responsive, and strategic team we can digitally transform organisations to drive productivity, profitability, and success. Sign up to receive helpful advice and industry news that could affect your IT, data storage and communications.
Get in touch
Is your current company not performing, not being proactive, not getting value for money? Or perhaps you have an urgent problem?