When it comes to selecting an IT service provider, many organizations make the mistake of equating competence with the size of the provider. However, this assumption could not be farther from the truth. In reality, the size of an IT service provider should not be the primary factor in your decision-making process. In this article, we will explore the reasons why competence and expertise should be the focal points when choosing an IT service provider, regardless of their size.

Expertise Over Numbers:

One of the most significant misconceptions in the IT industry is the belief that larger IT service providers inherently possess more expertise. Many 60-person MSPs are grossly incompetent. Some small teams of about 8 people are exceptionally skilled. While bigger companies may have a large number of employees, it is the knowledge, skills, and experience of the team members that truly matter. Smaller teams often consist of highly specialized professionals who excel in their respective domains. These experts are not only well-versed in the latest technologies but also agile and adaptable, essential qualities in the fast-paced world of  . QPC’s paradigm is the least number of handoffs possible, we do not believe in silos.

Personalized Attention and Responsiveness:

Smaller IT service providers can offer a level of personalized attention that is often lacking in larger organizations. When you work with a smaller team, you are more likely to receive individualized solutions tailored to your specific needs. Moreover, smaller teams are usually more responsive to client requests and can adapt swiftly to changing requirements. In contrast, larger providers may struggle to maintain a high level of responsiveness due to bureaucratic processes and a higher volume of clients. Out of these large companies, they may not have a single engineer or security architect that has the talent of one person on the smaller MSP team. The smaller teams tend to have the highest performing personnel. And even if that larger team does have someone of competency, do you have any access to them?

Agile Problem-Solving:

The IT landscape is riddled with challenges that require innovative and agile problem-solving. Smaller IT service providers are often more flexible in their approach, enabling them to address unique problems with creative solutions. Their ability to quickly pivot and implement new strategies can be a game-changer for businesses facing intricate IT issues. For example, during the COVID pandemic, we were able to help some clients triple their revenue because of our ability to quickly change the way that some of their customer interaction systems worked.

In contrast, larger providers may struggle to deviate from established protocols and standardized solutions and suffer from poor workflow. For example, you put in a request to have your EDI server modified for some EDI changes. The ticket goes to an L2 tech, and the MSP has no policy that requires quality control around the changes to that server. If you even have CISO services from that MSP, they have no visibility into that service request ticket that came in. The L2 tech does not have the skill to be able to manage the software support vendor, nor are they going to update server documentation with the configuration changes. So, what happens? Well, the L2 tech gets on a session with the software company support personnel who almost invariably mess up your server. Now it does not mean that it is going to break right now. But it is at least 95% certain that the changes that the software company makes to that server are not done properly and the L2 tech has no idea how to manage them or what should have been handled differently. All their interest is to close out that ticket and make the immediate problem of the service request go away. The end result for the customer is an undocumented server which damages business continuity efforts.

If you are the operations manager or the COO and happy because the newly requested EDI works - you would think everything is wonderful. But it was probably not documented properly, the change was not made consistently in accordance with standards, and most likely credential abuse and overuse was employed.

Cost-Efficiency and Competitive Pricing:

Smaller IT service providers typically have lower overhead costs, allowing them to offer competitive pricing without compromising the quality of their services. By opting for a smaller team, businesses can enjoy cost-efficient IT solutions without sacrificing expertise.

Efficiencies also result from the post-COVID reality of remote workplaces. Retaining top quality talent means not requiring that people work in offices and thus being able to tap into a wider talent pool. Good managers have found ways to effectively manage staff without requiring their physical presence. QPC has always been a 100% remote team, and as such, we have healthy and happy employees who are able to work in environments that best suit them, with higher productivity due to not being distracted by office issues. We can focus on work.

This balance between affordability and quality is often challenging to achieve with larger providers, whose services can come with a hefty price tag due to their extensive infrastructure and administrative expenses. We hear about VC companies taking over IT support and then their clients get destroyed and burned, and they end up regretting the decision. But they are stuck in 3-year contracts. Why would you do business with anyone that requires you to commit to a 3-year contract? It is better to just engage small initially and then expand. The size of the company is not relevant. The ownership is.

Building Lasting Relationships:

Establishing a strong partnership with your IT service provider is crucial for long-term success. Smaller teams often prioritize building meaningful, long-lasting relationships with their clients. This dedication fosters trust, open communication, and a deep understanding of your business goals. It is critical to understand that this goes both ways, client managers have responsibilities in a relationship, and so do the clients.

In contrast, larger providers might struggle to offer the same level of personalized attention, making it challenging to cultivate a genuine partnership based on mutual understanding and trust. Let's talk about how larger companies use "account managers". Account managers are not people who are qualified to even fix a PC. Yet when you engage with them, they are pretending to convey a bunch of information to you such as critique on what your current IT service provider is doing.

Let's talk about how larger companies use "account managers". Account managers are not people who are qualified to even fix a PC. Yet when you engage with them, they are pretending to convey a bunch of information to you such as critique on what your current IT service provider is doing.

QPC has seen repeatedly where "account managers" provide misinformation to clients and prospective clients. They play the game of chat or telephone with their internal team. A prospect is never going to gain access to the technical talent of an organization unless they are a very large prospective client. And even then, the dog and pony show will probably be what they get with the president, account manager, and some technical people that show up for a meeting. The intent is to overwhelm you and show how many people they have.

What a client really needs is a relationship with a single incredibly talented technical resource who can authoritatively advise them. Sure, that person can bring in other resources on the team as needed.

But as a client, you will pay the least amount of money and have the best service by having the least amount of people touch a task or project. Even if you could write a check for $500,000 worth of remediation, it will not be possible to find enough humans of the right talent level to close your compliance gaps in the desired timeline. You must find a business partner who can help you in this journey and work towards improving your organization's compliance and cybersecurity maturity every single month.

What is the QPC Insight on this?

We are 10 people. Our local competitor, with 60 employees, does not have even one employee that can do what any one of 5 different experts at QPC can do. If your inquiry is based upon attempting to determine the ability to respond to simultaneous requests, understand that the number of people is irrelevant without other factors. The number you should be asking about is - how many people on the team can 100% fully handle any project or any request you submit without handoffs?

The capacity to answer phone calls is not the capacity to solve problems or prevent them from the beginning. If you want to assess something very revealing about an IT service provider, look at their SOW for patch management or server management. QPC Security will be more than happy to simplify it and explain to you what you are not getting and how your cyber insurance policy is being invalidated due to their failure to include necessary items while leading you to believe it is an adequate service they are providing. There are real issues with failure to disclose material facts.

Ask about their RBAC (role-based access control) models or how many people will have access to your systems if you do business with them. When we were security architects for a 13,000-user multinational company, there were only 8 people worldwide that had full admin access. Why do you think it takes 60 people to support your 8-person business? Ask your service provider to put in writing how many people will have full admin access to your systems if you do business with them. Ensure that the data about their counterparties is disclosed. It is entirely inappropriate that an IT service provider should have 250 people in their chain of permissions into a client's environment who have admin access. This does not bode well for risk management or compliance.

We have been in serious business for 25+ years. You can look us up as a registered legal entity and find we have always been in good standing. Look at larger companies and you will find that they cannot even maintain their legal standing with the State competently. Subject them to rigorous vetting:

  • If they cannot maintain their legal standing, what kind of quality do they have with their other legal or accounting practices, and what risk does that introduce you to?
  • How much debt do they carry?
  • Ask them for a typical invoice example.
    How much detail is on it? What kind of accuracy and transparency do they standardly provide on invoices?
  • How about technical people or sales and marketing people? Our competitors have one or two passable technical people, and the rest are not there to deliver you solutions but cost overhead.
  • Ask about depth of bench. What are the skills, background, certifications of the personnel on the team?


If you are looking for a business partner you can trust, you need to look at the management of an organization and understand the correlation between management's worldview and the risk they present to your organization. There is not one other IT service provider in our service area that has our cumulative technical skill with dedication to high security and compliance strategies. QPC is not owned by sales or marketing people. We are not a sales and marketing driven company; we are a security and risk management company.

In conclusion, when choosing an IT service provider, it is essential to look beyond the facade of size and focus on the provider's competence, expertise, and ability to deliver tailored solutions. Smaller teams often excel in these areas, offering businesses the advantage of personalized attention, agility, cost-efficiency, and the opportunity to build lasting relationships. By prioritizing competence over company size, businesses can ensure they are partnering with a provider capable of navigating the complexities of the digital landscape and driving their success in the long run.

Talk to us to learn more about working with an expert, agile, and competent team.