When your IT systems go down in South Africa — whether it is your email, your point-of-sale, your accounting software, or your entire network — every hour of downtime has a direct cost. A reliable IT support company can mean the difference between a 20-minute fix and a two-day nightmare of unanswered calls and technicians who have no record of your previous issues. For small and medium businesses in particular, IT problems are rarely just inconvenient — they can stop operations entirely. Choosing the right support provider before something goes wrong is far cheaper than trying to solve it under pressure.
This guide covers the different types of IT support arrangements, how to evaluate a provider's actual capabilities, what your service agreement should contain, the security practices that responsible IT companies should be implementing, and the warning signs that suggest a company is not going to be reliable when you need them most.
Understand the Different Types of IT Support
Break-fix support is the simplest model: you have a problem, you call, a technician comes out or connects remotely and fixes it, and you pay per incident. This is appropriate for individuals or very small businesses with minimal IT infrastructure and occasional needs. The problem is that break-fix providers have no ongoing visibility into your systems, no history of your setup, and no proactive relationship with your IT environment — every call starts from scratch.
Managed service providers (MSPs) monitor your IT environment continuously, apply updates and patches proactively, and handle issues as part of a fixed monthly fee that covers a defined scope of support. For businesses that depend on IT for daily operations, an MSP arrangement is almost always more cost-effective than break-fix in the medium term — the cost of one or two major IT failures typically exceeds what a year of managed services would have cost.
On-demand or retainer support is a middle ground — you pay a monthly retainer that covers a set number of hours, with a defined response time commitment and an established relationship with a technician who knows your setup. This suits businesses with moderate IT needs that fall short of requiring full managed services.
Project-based IT work covers specific implementations — setting up a new server, migrating to cloud services, deploying a new network, implementing a VOIP system. Many IT companies offer both ongoing support and project work. Keeping these relationships distinct in your agreements helps avoid scope creep.
Certifications and What They Actually Mean
IT certifications signal that a technician has demonstrated competence in specific technologies. The most relevant certifications for small and medium business IT support in South Africa include CompTIA A+ and Network+ for general IT fundamentals, Microsoft certifications (particularly the Microsoft 365 or Azure tracks) for businesses running Microsoft environments, and vendor-specific certifications for the networking equipment you run — Cisco, Ubiquiti, Mikrotik, and similar.
Ask which specific certifications the technicians who will be working on your systems hold. A company that sends a certified Microsoft 365 administrator to manage your Microsoft 365 environment is doing things properly. A company that sends whoever is available and hopes for the best is not.
Certifications are not the only measure of competence — experience matters enormously in IT, and many excellent technicians have deep practical knowledge that exceeds their paper qualifications. But certifications do provide a baseline verification that has been assessed by a third party. In the absence of any certifications, you are relying entirely on the company's own description of their capabilities, which is not a reliable basis for making a decision.
Also check whether the company is a registered partner or reseller for the major platforms they support. Microsoft Partner status, Google Workspace reseller status, and similar designations mean the company has met certain requirements set by those platforms — including having certified staff and maintaining client support standards.
Service Agreements, Response Times, and SLAs
A service level agreement (SLA) is a contract that specifies what you are entitled to expect from your IT support company. Any company offering managed services or ongoing support should be able to provide one. If they are operating without a written service agreement, you have no formal protection when they fail to deliver.
Your SLA should specify response times for different categories of issue. A critical outage that stops all operations is different from a single user unable to print. Typical SLA categories are P1 (critical — business down, response within one to two hours), P2 (high — significant function impaired, response within four hours), and P3 (medium — non-critical issue, next business day response). Make sure the response times in the SLA match what you actually need for your business to function.
The SLA should also specify what response means — does it mean someone picks up the phone, or does it mean active work on the issue has begun? These are different things. Ask specifically about after-hours support. Many South African businesses operate outside standard business hours, and IT issues do not wait for 8am Monday morning. Confirm whether after-hours support is included, excluded, or available at a surcharge.
Understand the escalation process. When the first technician cannot solve a problem, who takes over and when? A company with no formal escalation path — where the most complex problems eventually just sit with the most junior technician available — will frustrate you when you need them most.
Security Practices You Should Expect
IT support companies have extensive access to your systems, your data, and often your email and cloud accounts. Their security practices directly affect your security. A company with poor internal security practices can become the entry point for a ransomware attack or a data breach that affects your business.
Ask whether they use multi-factor authentication (MFA) for all access to client systems. Ask about their remote access tools — legitimate MSPs use professional remote access software with audit logs, not consumer-grade tools. Ask how they handle your credentials and passwords — they should be using a proper password manager and vault, not storing your passwords in a spreadsheet.
Ask about their backup and disaster recovery offering. Any managed service provider worth the name should be managing offsite or cloud backups for your critical data, testing those backups regularly, and being able to tell you exactly how quickly they could restore your systems if the worst happened. If backup is not part of their service, it should at minimum be something they proactively raise with you rather than waiting for you to ask.
For businesses handling sensitive customer data — medical practices, legal firms, financial services — ask specifically about their understanding of POPIA (Protection of Personal Information Act) compliance requirements for IT infrastructure. Not all IT companies are up to speed on this, and if they manage systems that store your clients' personal information, they should be.
Questions to Ask Before You Sign
Who will actually be working on my systems day to day? Knowing whether you will be dealing with a senior technician or rotating juniors matters significantly for consistency and quality.
How do you document client environments? A well-run IT company maintains detailed documentation of each client's systems, network layout, software licensing, and known issues. This means any technician on their team can pick up where another left off. A company with no documentation creates dependency on one individual who holds all the knowledge in their head — which is a risk every time that person takes leave or leaves the company.
What happens if you cannot solve a problem within your scope? Knowing their referral or escalation relationships for issues outside their capability — specific vendor support, complex network problems, specialist security incidents — tells you whether they will be transparent about their limits or try to muddle through.
Can you provide references from clients with a similar setup to mine? A company that primarily supports retail businesses may not have the specific experience needed for a professional services firm with very different IT requirements.
Red Flags to Watch For
No written service agreement. Any company that resists putting their commitments in writing is asking you to trust a verbal promise. When something goes wrong — and in IT, something always eventually goes wrong — a verbal promise is worth nothing.
Slow response to your initial inquiry. How quickly a company responds to a sales inquiry tells you a great deal about how quickly they will respond to a support call once you are a paying client. If they take three days to get back to you before you have signed anything, do not expect faster turnaround when you have an urgent issue.
A single technician operation with no backup. A one-person IT company is entirely dependent on that one person being available. Their availability disappears when they go on leave, get sick, or have a family emergency — often at the exact moment your crisis occurs. Ask specifically what their staffing model looks like and who covers when the primary technician is unavailable.
Vague pricing. IT support pricing should be transparent. What is included in the monthly fee, what is excluded, and what are the rates for out-of-scope work? If the pricing conversation feels evasive, the invoicing conversation will feel worse.
Quick Checklist Before You Sign
- Get a written service agreement with defined response times for different issue categories
- Ask about certifications held by the technicians who will work on your systems
- Confirm after-hours support availability and any associated cost
- Ask how they handle remote access and whether they use MFA for all client system access
- Confirm that backup and disaster recovery is part of the service or clearly addressed
- Ask who covers when your primary technician is unavailable
- Request references from existing clients with similar IT setups
- Ask how they document client environments and what happens to that documentation if you switch providers
An IT support company that is genuinely good at what they do will make themselves felt mostly through the problems you never have to deal with — the proactive patches applied before a vulnerability is exploited, the backup restored quietly before you noticed it was needed. Reviews from other businesses about their day-to-day experience with local IT support providers are one of the most useful research tools available before making this decision. KiesSlim makes it easy to find and compare IT support companies near you based on what real clients have experienced.