DealFlow OS
Get started free
Due Diligence Guide · IT Managed Services Provider

Due Diligence Guide for Acquiring an IT Managed Services Provider

Validate MRR quality, assess key-man risk, and uncover cybersecurity liability before closing on your MSP acquisition.

Find IT Managed Services Provider Acquisition Targets

Acquiring an MSP requires scrutinizing contractual recurring revenue, technical staff dependency, and cybersecurity exposure. This guide walks buyers through the critical phases to validate a $1M–$5M MSP and avoid costly post-close surprises.

IT Managed Services Provider Due Diligence Phases

01

Phase 1: Revenue Quality & Contract Analysis

Validate that reported MRR is contractually obligated, transferable upon ownership change, and supported by low historical churn rates.

MRR/ARR Contractual Verificationcritical

Confirm every recurring revenue dollar is backed by a signed, written agreement. Flag month-to-month arrangements; they represent churn risk and reduce defensible recurring revenue at close.

Change-of-Control Contract Transferabilitycritical

Review all managed service agreements for assignment clauses. Many MSP contracts require client consent upon ownership transfer, which can delay close or trigger cancellations.

Historical Churn Rate Analysisimportant

Request 36 months of MRR data by client. Calculate gross and net churn annually. Sub-5% annual churn supports premium valuation; above 10% signals service delivery or relationship issues.

02

Phase 2: Operational & Technical Assessment

Evaluate tool stack standardization, documented processes, and whether operations can run independently of the current owner post-close.

PSA/RMM Stack and Documentation Reviewcritical

Assess PSA (ConnectWise, Autotask) and RMM (NinjaRMM, Datto) configuration maturity. Well-configured, documented tooling signals scalability; fragmented stacks complicate roll-up integration significantly.

SOP and Runbook Completenessimportant

Verify existence of written escalation procedures, onboarding/offboarding workflows, and NOC processes. Absence of documented SOPs means the business cannot operate without the selling owner.

Vendor Agreements and Partner Program Transferabilityimportant

Confirm Microsoft CSP, Datto, and other key vendor agreements are assignable. Partner tier status may not transfer automatically and loss can materially impact margins.

03

Phase 3: People, Risk & Cybersecurity Liability

Identify key-man dependencies, assess technical staff retention risk, and quantify cybersecurity exposure embedded in client contracts.

Key-Man and Technical Staff Dependencycritical

Map which clients and technical functions rely solely on the owner. Identify certifications held personally vs. by the business entity. High owner dependency compresses multiples and complicates earnout structures.

Client Contract Indemnification and Cyber Liability Reviewcritical

Review all MSAs for indemnification clauses holding the MSP liable for client breaches. Confirm active E&O and cyber liability insurance with adequate per-occurrence limits.

Customer Concentration Risk Assessmentimportant

Calculate each client's percentage of total MRR. Any single client above 20% of revenue requires earnout protections or escrow provisions to protect buyer against post-close loss.

04

Phase 4: SBA Financing and Deal Structure Validation

Verify the IT Managed Services Provider acquisition qualifies for SBA financing, the purchase price is supportable by the verified cash flow, and the deal structure protects the buyer's downside.

SBA Eligibility Confirmationcritical

Confirm the IT Managed Services Provider meets SBA 7(a) eligibility requirements: the business is for-profit, U.S.-based, within SBA size standards, and the buyer meets personal financial requirements. Some industries have specific SBA restrictions — verify before LOI.

Normalized EBITDA vs. SBA Debt Service Coveragecritical

Model verified normalized EBITDA against projected SBA loan payments at current rates. A $1M SBA 7(a) loan at 10.5% over 10 years costs approximately $13,000/month. The IT Managed Services Provider must generate at least 1.25x debt service coverage after a market-rate manager salary to pass underwriting.

Seller Note and Earnout Structure Reviewimportant

Confirm the seller note is properly subordinated to the SBA loan and goes on 24-month standby as required by SBA rules. If an earnout is included, define exact measurement metrics, time period, and dispute resolution process before signing the purchase agreement.

IT Managed Services Provider-Specific Due Diligence Items

  • Request a signed client list with MRR per account, contract start/end dates, and auto-renewal terms to build a true recurring revenue waterfall model.
  • Obtain proof of all active cybersecurity, E&O, and general liability insurance policies; verify no prior breach incidents, open claims, or coverage lapses exist.
  • Audit technical certifications (CompTIA, Microsoft, Cisco) held by individual employees versus those registered to the business entity to quantify post-close staffing risk.
  • Review all subcontractor and NOC outsourcing agreements for transferability, pricing stability, and SLA obligations that survive an ownership change.
  • Benchmark gross margin by client using PSA data; MSPs with 50–65%+ recurring gross margins signal efficient delivery; sub-40% margins indicate pricing or labor inefficiency.
  • Verify that the purchase price divided by verified normalized EBITDA produces a multiple consistent with current market comparables for IT Managed Services Provider transactions — overpaying by 0.5x–1.0x EBITDA is the most common buyer error in this sector.
  • Confirm the lease terms are assignable to the buyer with the landlord's written consent, and that the remaining lease term extends at least through the SBA loan term — lenders require this before funding.
  • Request copies of all material vendor contracts, supplier agreements, and service relationships — confirm which are transferable, which require novation, and which may terminate on change of ownership.

Standard Document Request List

Before signing a Letter of Intent, request these documents from the seller. Missing or incomplete items are a red flag — not a reason to proceed without them.

  • 3 years of business tax returns (Schedule C or Form 1120)
  • Last 3 years profit & loss statements (monthly detail)
  • Current balance sheet and accounts receivable aging
  • Customer/client list with revenue by account (anonymized)
  • All active contracts, subscriptions, and recurring agreements
  • Equipment list with condition and estimated replacement cost
  • Employee roster with tenure, title, and compensation
  • Any pending or threatened litigation or regulatory complaints
  • Owner compensation and discretionary expense add-backs
  • Year-to-date financials vs. prior year same period

Frequently Asked Questions

What is the most important due diligence item when buying an MSP?

MRR contract quality is paramount. Verify every recurring revenue dollar is backed by a signed, transferable agreement. Informal month-to-month arrangements can evaporate immediately after close.

How do I assess key-man risk in an IT managed services acquisition?

Map all client relationships and technical functions to specific individuals. If the owner holds the primary relationships for top accounts, structure earnout payments tied to client retention post-transition.

What cybersecurity liabilities should MSP buyers investigate?

Review client MSAs for broad indemnification clauses, confirm active E&O and cyber liability insurance, and request disclosure of any prior breach incidents, client disputes, or regulatory investigations.

How does customer concentration affect MSP valuation and deal structure?

A single client above 20% of MRR significantly compresses multiples. Buyers typically respond with escrow holdbacks, earnout provisions tied to that client's retention, or a reduced upfront purchase price.

More IT Managed Services Provider Guides

Buy a IT Managed Services Provider BusinessSell a IT Managed Services Provider BusinessValuation GuideEBITDA MultiplesLOI TemplateSBA Loan GuideDeal StructureAcquisition ChecklistExit Readiness ChecklistFinancing GuideBuy vs. BuildCommon MistakesPost-Acquisition IntegrationRoll-Up StrategyRoll-Up GuideFind a Broker

Find IT Managed Services Provider businesses ready for acquisition

DealFlow OS surfaces targets with seller signals and motivation scores — so you know before you start diligence. Free to join.

Start finding deals — free

No credit card required

For Buyers

For Sellers

Free Tools

Platform

DealFlow OS
© 2026 DealFlow OSPrivacy PolicyTerms of Service