What Your IT Company Should Be Doing (But Probably Isn’t)
A straight-talking checklist for small businesses in Jacksonville, St. Augustine, and Green Cove Springs
We work with a lot of businesses that came to us after years with a provider they never felt great about. The pattern is almost always the same: they didn’t know things could be different until they saw what different looked like.
Here’s what proactive, competent IT support actually looks like. Below you will also find the questions worth asking if you are not sure where your current provider stands.
1. You Shouldn’t Always Be the One Calling Them
If every IT issue in your business starts with you picking up the phone, your provider is reactive. They’re waiting for you to tell them something is wrong before they act. That is not managed IT support. That is a help desk you are paying a monthly retainer for.
A legitimate managed IT provider runs remote monitoring and management (RMM) software on every device they support. That software is watching things like CPU usage, disk health, memory pressure, failed login attempts, service outages, and backup status around the clock. When something crosses a threshold, it generates an alert. A good provider acts on that alert before it becomes your problem.
Here’s what that looks like in practice: your server’s hard drive starts showing early signs of failure on a Tuesday afternoon. With proactive monitoring, your IT company sees the alert, orders a replacement drive, and schedules a swap before anything goes wrong. Without it, you find out about the problem on Thursday morning when the server doesn’t come back up after a reboot.
One of those scenarios costs you an afternoon of inconvenience. The other can cost you days of downtime, data loss, and emergency labor rates.
“Can you show me the monitoring dashboard for our environment, and walk me through the last three alerts you acted on before we called you?”
If they can’t answer that with specifics, they’re not monitoring proactively.
2. You Should Know Exactly How Long You’ll Wait
“We’ll get to it as soon as we can” is not a service level agreement. It’s a way of avoiding accountability.
A real SLA defines response times in writing, and it distinguishes between different severity levels. A critical issue, one where your whole team is down and cannot work, should get a response in under an hour. An urgent issue affecting one person should have a defined window, typically two to four hours. A non-critical request like a new user setup or a software install should have a next-business-day or same-day commitment.
The reason this matters isn’t just about speed. It’s about accountability. When response times are documented, you have something to point to when things slip. Without it, every slow response becomes a matter of opinion.
Some providers also separate “response time” from “resolution time.” Response time is how long until someone acknowledges the ticket. Resolution time is how long until the problem is actually fixed. Both should be defined. A provider who responds in 15 minutes but takes three days to fix something has only solved half the problem.
“Can you send me a copy of our SLA with the specific response time commitments for critical, urgent, and standard issues?”
If they don’t have one in writing, or if they tell you they’ll “do their best,” that’s your answer.
3. Switching Providers Shouldn’t Feel Risky
This is the thing that keeps more businesses stuck than anything else. The assumption is that switching IT companies means weeks of chaos, systems going down, and your team losing productivity while two companies figure out who owns what.
That assumption is usually wrong, and the businesses that stay because of it are doing their current provider a favor they haven’t earned.
Here’s how a well-managed transition actually works. Your new provider starts by doing a full discovery of your environment: every device, every piece of software, every account, every vendor relationship. They document all of it. Then they coordinate directly with your outgoing provider to arrange the handover of credentials, licenses, and access. They deploy their monitoring and security tools in parallel, before the cutover date, so there’s no gap in coverage. On the transition day, the switch happens in the background. Your team keeps working.
The businesses that experience painful transitions are usually dealing with one of two things: a new provider who didn’t manage the process well, or an outgoing provider who made it difficult on purpose by withholding documentation or dragging their feet. The second situation is more common than it should be, and it’s something worth asking about upfront.
“If we decided to leave, what would the offboarding process look like? Would you provide all of our documentation and credentials?”
How a provider answers that question tells you a lot about how they operate.
4. You Should Have a Team That Actually Knows Your Business
Call your IT company right now and tell them you’re having a problem with your practice management software, or your accounting platform, or whatever line-of-business application is critical to your operation. How long does it take before you’re talking to someone who knows what that software is?
For a lot of businesses, the answer is too long, because they are calling into a general support queue staffed by technicians who rotate through dozens of accounts with no real familiarity with any of them. Every call starts at zero. You explain your setup, your history, your environment, and then you wait while the technician figures out where to start.
That’s not just frustrating. It’s slower and it produces worse outcomes. A technician who knows your environment diagnoses problems faster, catches patterns, and understands the context behind a change you made six months ago that might be related to what’s happening today.
At Advanced IT Support, we keep our client list tight on purpose. Every client works with the same dedicated team, people who know your setup, your staff by name, and the quirks of your environment. When you call, you’re not starting from scratch.
“Who specifically handles our account, and how many other clients are they responsible for?”
A technician managing hundreds of accounts can’t know any of them well. There’s a ceiling on how familiar someone can be with your environment when they’re spread that thin.
5. Your Passwords and Documentation Should Belong to You
This one doesn’t surface until something goes wrong, and when it does, it tends to go wrong badly.
If your IT company manages your environment, they almost certainly hold credentials you don’t have direct access to: your firewall admin password, your server administrator accounts, your Microsoft 365 tenant credentials, your domain registrar login, your SSL certificate renewals, your vendor support contracts. If that relationship ends badly, or just ends suddenly, how do you get your business back?
The answer should be that you already have everything, because a good IT partner maintains documentation in a format that belongs to you and keeps you informed. That means a network diagram, a full asset inventory, a password manager or secure credential vault that you have access to, and a record of every vendor account and support relationship.
Some providers use proprietary systems specifically to make this handover difficult. It’s a retention tactic, not a service. If you’ve never been shown your own documentation or given access to your credentials, ask why.
“Can you give us a current copy of our network documentation and confirm that we have access to all of our admin credentials?”
If there’s hesitation, that’s information.
6. Security Should Be More Than Antivirus
Antivirus software works by recognizing known threats, specifically malware and viruses that have already been identified and added to a database. It’s a necessary baseline, but it hasn’t been a complete security solution for years. Modern attacks, especially ransomware and business email compromise, are specifically designed to evade signature-based antivirus detection.
A provider doing the job properly should have set up multiple layers of protection. Endpoint detection and response (EDR) uses behavioral analysis to catch threats that do not match known signatures. It looks at what a process is doing, not just what it looks like.
Email filtering stops malicious links and attachments before they reach your inbox, which matters because email is still the most common entry point for attacks. Multi-factor authentication (MFA) means that a stolen password alone isn’t enough to access your accounts. Dark web monitoring watches for your business credentials showing up in breach databases, so you know when a password needs to be changed before an attacker uses it.
None of this is exotic. For any business handling client data, financial records, or sensitive information, it’s the baseline expectation. If your IT provider hasn’t walked you through what’s in place across all of these categories, the conversation is overdue.
“Can you walk us through our current security stack, specifically what we have for endpoint protection, email security, MFA, and credential monitoring?”
A provider who can’t answer that in detail either hasn’t implemented it or isn’t tracking it. Both are problems.
7. You Should Be Able to Reach Someone Who’s Accountable
When something serious goes wrong, such as a server down, a ransomware infection, or a key employee locked out of critical systems, who do you call?
For a lot of small businesses, the answer is a general support number that routes to a ticketing system. You open a ticket, you get a confirmation email, and then you wait. If the issue is escalating, there’s no one to call back. There’s no name attached to the problem. There’s just a ticket number and whatever priority level the system assigned it.
That’s a structural accountability problem. When no specific person owns your account, no specific person is responsible when things go wrong. Issues fall through the cracks not because anyone is malicious, but because the system doesn’t assign ownership clearly.
You should know the name of the person or team responsible for your account. You should have a direct number for escalations. And there should be someone at the ownership or management level you can reach if a critical situation isn’t being handled the way it should be.
At Advanced IT Support, that person is Jeremiah. His number is the same number on our website. That’s not an accident.
“If we have a critical outage outside of business hours, who specifically do we call, and what’s their direct number?”
If the answer is “the main support line” or “submit a ticket and mark it urgent,” you don’t have a real escalation path.
If You’re Keeping Score, Trust That Feeling
Most businesses that end up switching IT providers say the same thing afterward: they wish they’d done it sooner.
The list above isn’t a high bar. It’s what competent, proactive IT support looks like. Proactive monitoring, written SLAs, a team that knows your environment, documentation you actually own, layered security, and someone accountable when things go wrong. That’s the job.
If your current provider is falling short on more than one of these, it’s worth at least having a conversation.
Not Sure Where Your IT Company Stands?
Book an Assessment with Jeremiah
We’ll take a look at your current setup and give you a straight answer, no sales pitch, no pressure. Most businesses walk away knowing exactly what they have and what, if anything, needs to change.
