Is Your IT Provider Too Busy to Monitor and Document?

By Brent Lacy | RewiredMSP.com

Your IT provider is too busy putting out fires to prevent the next one. Here is what the data says about why that is the most expensive problem in managed services — and what to do about it.

Your IT provider is too busy.

Not too busy to answer the phone. Not too busy to send an invoice. Too busy to document the network they have been managing for three years. Too busy to review the monitoring alerts that fired at 2 AM last Tuesday. Too busy to update the password inventory after your office manager left in March.

I have spent nearly thirty years in this industry. I have walked into hundreds of client environments after their previous MSP relationship ended. The pattern is always the same. The network works. Mostly. But nobody can explain why that firewall rule is set that way. Nobody has a current diagram. Nobody knows when the backup was last tested. And the new provider is about to spend 40 hours and $5,000 reconstructing documentation that should have existed already.

This is the most expensive problem in managed services. Not ransomware. Not a breach. Not even downtime. It is the knowledge that walks out the door because nobody wrote it down.

The Documentation Gap Is Real

The 2026 Kaseya State of the MSP Report surveyed more than 1,000 managed service providers. Staffing constraints jumped from 9 percent to 16 percent year over year. It is now the number one operational bottleneck.

Not tools. Not processes. Not sales. People.

When your MSP is short-staffed, documentation is the first thing that suffers. Your technician knows that Server 4 in the back closet makes a weird noise every three weeks. But that knowledge lives in their head, not in a shared system. When they leave, that knowledge leaves with them.

The ISACA 2025 Tech Workplace and Culture Study found that 30 percent of IT professionals changed jobs in the last two years. Among workers under 35, that number climbs to 43 percent. Every departure is a brain drain. And if your provider is not documenting, every departure makes your environment a little less understood and a little more fragile.

What “Too Busy to Monitor” Actually Looks Like

Here is what I see when I walk into an environment where the provider has been too busy to do the work that does not generate an invoice.

The monitoring is set up but not tuned. Alerts fire constantly. The technicians have learned to ignore them because 90 percent are false positives. The 10 percent that matter get lost in the noise. A real monitoring review takes time. It requires someone to sit down, look at every alert, and ask whether it still matters. That is not billable work. So it does not get done.

The documentation is outdated or missing. Network diagrams from 2019. Password spreadsheets that have not been updated since the last technician left. Vendor contact lists that still include the rep who changed companies two years ago. When something breaks at 2 AM, the new technician is starting from scratch.

The backups have not been tested. Everyone assumes backups are running. Very few people verify that they actually restore. I have seen providers discover, during a real emergency, that the backup job has been failing silently for six months. The data is gone. The client is devastated. And the provider is explaining why they never tested the thing they were being paid to maintain.

The security patches are months behind. Not because the provider does not know about them. Because applying patches requires testing, scheduling downtime, and dealing with the fallout when something breaks. It is easier to put it off. Until it is not.

The Cost of Not Documenting

Let me put a number on this.

When a client switches providers and the documentation does not exist, the new provider spends an average of 40 to 60 hours reconstructing the environment. At typical MSP rates of $150 to $200 per hour, that is $6,000 to $12,000 in transition costs. The client pays for this, either directly or through higher rates.

But the real cost is the risk. Every undocumented system is a system that could fail in a way nobody anticipated. Every untested backup is a backup that might not work. Every unpatched vulnerability is a vulnerability that might be exploited.

The 2025 Ponemon Cost of Insider Threats Global Report found that the average annual cost of insider threat incidents is $17.4 million. IBM’s 2025 Cost of a Data Breach Report put the global average cost of a breach at $4.4 million. The US average was $10.2 million. And credential-based breaches took an average of 292 days to identify and contain.

During those 292 days, an attacker with stolen or misused credentials is doing more damage every single day. The attackers are not always from outside the building either. Sometimes the threat is a current employee. Sometimes it is someone who used to work there.

What Good Looks Like

A well-managed MSP will have the following in place, and will be able to show it to you on request.

Current network documentation. Not a diagram from 2019. A living document that gets updated every time something changes. It does not have to be fancy. It has to be accurate and accessible.

Tested backups with documented recovery procedures. Not just “the backup ran.” A verified restore test on a regular schedule, with documentation of what was tested, when, and the result.

Tuned monitoring with documented alert thresholds. Not 500 alerts per day. A manageable number of meaningful alerts, each with a documented response procedure.

A current password inventory. Every system, every service, every vendor account. Stored securely. Updated every time someone leaves or a password changes.

A patch management process with documented timelines. Not “we patch when we can.” A defined schedule, a testing process, and documentation of what was patched and when.

Quarterly access reviews. Every user account reviewed. Former employees removed. Privileges adjusted for role changes. Documented.

Questions to Ask Your IT Provider

If you are a business owner relying on an MSP, here are the questions you should be asking. Today.

1. Can you show me current network documentation? If they hesitate, that tells you something.
2. When was the last backup restore test? If they cannot give you a date, that tells you something.
3. How many open alerts are currently in your monitoring system? If the number is in the hundreds, the monitoring is not being managed.
4. Can you provide a current password inventory? If they cannot, your credentials are at risk.
5. What is your patch management process? If they do not have a documented process, they are patching reactively, if at all.
6. When was the last time you conducted an access review? If former employees still have access to your systems, you have a problem.

The Bottom Line

Your IT provider is busy. I understand that. But the work that does not generate an invoice is often the work that prevents the crisis.

Documentation is not glamorous. Monitoring reviews are not exciting. Backup restore tests are not urgent. Until the day they are the most urgent thing in the world.

Ask the questions. Demand the documentation. And if your provider cannot provide it, find one that can.

That is the Rewired MSP standard. Not just keeping the lights on. But knowing exactly how the lights are wired, and having it written down.

Brent Lacy has spent nearly 30 years in the IT industry building and advising managed service providers. He is the author of Rewired MSP: Mastery, Scalability and Performance, vCIO Rewired: Virtually Conquering IT Obstacles, and Near Miss: Preventable IT Failures Threatening Your Business Security. He does not sell consulting services or subscriptions. He shares what works.

Related articles:

– Why Your Best Technician Is Already Looking at Job Postings

– Is Your IT Provider Giving Users Too Many Rights?

– Offboarding With Dignity: How to End an MSP Relationship Without Burning Bridges