How do you know if your IT company is actually doing their job? Most business owners across Ocala and North Central Florida pay a monthly fee for managed IT services but have no clear picture of what their provider is actually doing each month. Here are twenty things your IT company should be doing every single month — and if they are not, it might be time for a conversation.
60%
of breaches from unpatched software
15 min
Simply IT response time
100%
Simply IT client uptime
A comprehensive monthly checklist separates true managed IT services from break-fix support with a subscription fee.
Monitoring (1–5)
01
Monitor All Endpoints 24/7
Every workstation, laptop, and server in your environment should be under continuous monitoring for performance issues, hardware failures, and security threats.
02
Review Server Health and Performance
CPU usage, memory consumption, disk space, and service status should be reviewed and documented to catch problems before they cause downtime.
03
Check Network Device Status
Firewalls, switches, access points, and routers should be verified as online, updated, and performing within normal parameters.
04
Review Disk Space and Storage Trends
Running out of disk space causes crashes and data corruption. Your provider should track usage trends and alert you before it becomes a problem.
05
Generate and Review Monthly Health Report
You should receive a clear, readable report each month summarizing the state of your IT environment, open issues, and completed work.
Security (6–10)
06
Verify Endpoint Security Is Active on All Devices
Every device should have business-grade endpoint protection installed, running, and reporting to a central dashboard.
07
Review Security Alerts and Incidents
Alerts generated by your security tools should be reviewed, triaged, and documented — not just ignored or auto-dismissed.
08
Audit User Accounts and Access
Disabled employees, shared accounts, and excessive permissions should be identified and cleaned up every month.
09
Verify MFA Is Enforced
Multi-factor authentication should be confirmed as active on all accounts, especially email and remote access. New accounts should be checked for proper MFA enrollment.
10
Review Email Security Logs
Blocked phishing attempts, quarantined messages, and spoofing attempts should be reviewed to identify trends and adjust filtering rules.
Patching and Updates (11–15)
11
Apply Operating System Patches
Windows updates should be tested and deployed on a regular schedule — not left to individual employees to install whenever they feel like restarting.
12
Update Third-Party Applications
Software like Adobe, Java, Chrome, Zoom, and other business applications need regular updates to close security vulnerabilities.
13
Update Firmware on Network Devices
Firewalls, switches, and access points receive firmware updates that fix bugs and close security holes. These should be applied regularly.
14
Verify Patch Compliance
After patches are deployed, your provider should verify that every device actually received and installed the updates successfully.
15
Document Patching Activity
A record of what was patched, when, and on which devices should be maintained for compliance and troubleshooting purposes.
Backup and Recovery (16–20)
16
Verify All Backup Jobs Completed Successfully
Backups should be monitored daily, but a monthly review ensures no gaps have gone unnoticed over the past 30 days.
17
Perform a Test Restore
At least once a month, your provider should restore data from backup to verify that the backup is actually usable — not just running.
18
Review Backup Storage Capacity
Backup storage fills up over time. Your provider should monitor capacity and plan for growth before you run out of space.
19
Verify Offsite and Cloud Backup Replication
If your backup strategy includes offsite or cloud replication, that replication should be verified as current and complete every month.
20
Review and Update Disaster Recovery Plan
Your disaster recovery plan should be a living document that gets reviewed and updated as your environment changes — not a file that sits in a drawer.
"A backup you have never tested is not a backup — it's hope with a subscription fee."
Steve Condit — Simply IT
Reactive IT vs. Proactive IT
| Category | Reactive IT | Proactive IT |
|---|
| Monthly Reports | None | Detailed documentation |
| Response Time | Hours / Days | 15 minutes |
| Patch Management | Ad hoc | Automated weekly |
| Backup Testing | Never | Monthly verified |
| Security Reviews | None | Monthly audit |
| Hardware Planning | Replace when broken | Lifecycle roadmap |
VIDEO COMING SOON
Simply IT — What We Do Every Month for Clients
GRADE YOUR CURRENT IT COMPANY
Download our network assessment checklist and score your provider against all 20 requirements.
// Key Takeaway
If your IT company cannot produce a monthly report documenting all 20 of these activities, you are not getting managed IT services — you are getting break-fix support with a subscription wrapper. Demand transparency.
How Does Your IT Company Score?
If your current IT provider is not doing all twenty of these things every month, you are not getting the level of service your business needs. Many IT companies in the Ocala area handle a handful of these tasks but skip the rest — especially documentation, test restores, and proactive security reviews.
Simply IT provides a comprehensive monthly service that covers all twenty items and more. Download our network assessment checklist to see exactly how your current IT stacks up.
Download the Checklist →
