Every Australian MSP is now claiming AI capability. The category is converging fast. First Focus has been acquired by US-backed Integris and rebranded around “future-ready managed AI”. Secure Agility positions itself as outcome-driven AI. Most other MSPs have added an “AI services” link to their menu. The question for any business buying AI services in 2026 is no longer whether your IT partner has AI capability. It is whether their AI capability is real.
These are the ten questions we recommend every business owner, CIO, or IT manager put to their current or prospective IT partner. We have included what a good answer looks like, and where the answers should make you nervous. Three of the questions are ones we think every honest MSP, including Epic IT, should not be able to ace cleanly. They are in here on purpose. If a vendor’s answer is too smooth on those three, ask follow-ups.
If you only have time for an executive cut, our companion piece on the three architectural questions Australian CEOs should ask their IT partner covers the Friday-meeting version. This is the deeper governance and operational pass.
A real AI-led MSP has a documented register of every AI tool it has assessed, with status (approved, conditional, prohibited), risk score, data residency, retention policy, and audit notes. The number on it should be in the range of 40 to 80 tools, because that is roughly how many credible AI products have launched into the enterprise space since 2024.
Good answer: “Here is our register. Sixty-three tools assessed. Twenty-eight approved for client use, fifteen conditional with data class restrictions, twenty prohibited. Last reviewed two weeks ago. We refresh it monthly because the vendor landscape moves.”
Bad answer: “We work with Microsoft Copilot and ChatGPT Enterprise.” Two tools is not a register. That is a sales pitch.
AI governance is a cross-functional discipline. The person accountable needs to understand technical controls (DLP, Conditional Access, sensitivity labels), regulatory exposure (Privacy Act, APRA CPS 234, sector-specific obligations), and business risk. If the answer is “our vCIO does it as part of the standard service”, that is a problem. vCIOs are good but they are not specialists.
Good answer: Named individual, identifiable on LinkedIn, with documented experience across security, compliance, and AI. They should be able to talk fluently about both the Microsoft Purview stack and the Privacy Act amendments coming in December 2026.
Bad answer: “Our whole team handles it.” That means no one does.
A real AI AUP is specific. It names approved tools, defines data class boundaries (what data may go into which tool), specifies who approves new tools, lists prohibited use cases, and clarifies enforcement consequences. Ask the MSP to walk you through theirs. A generic policy template downloaded from somewhere will read as generic. A real one will reflect actual decisions someone has made.
Good answer: The MSP shares an actual policy, names specific tools, references specific Privacy Act obligations, and explains why some decisions were made the way they were.
Bad answer: “We can give you a template.” Templates are not policy. Policy is decisions.
An honest MSP will admit this is hard. AI data exposure incidents are different from ordinary breach response. The data is often already gone (out to a model provider in the US), the affected individuals may not be obvious, the volume can be very large, and the audit trail can be limited if the tool was unsanctioned.
This is one of the three questions we think honest MSPs should not ace. AI incident response playbooks are early. Anyone who has a finished one in May 2026 is exaggerating.
Good answer: “We have a documented playbook based on the standard incident response framework, adapted for AI-specific elements. It covers containment, notification under the Privacy Act, model provider liaison, and post-incident review. We have not had to fully invoke it yet, and we are honest that our playbook will need refinement when we do. Here is the document.”
Bad answer: “We have not had any AI incidents.” That is not a procedural claim. That is luck. Probably also inaccurate, because shadow AI exposures happen all the time and just have not been noticed.
A genuine AI-led MSP has a defensible point of view here. We are a Microsoft Solutions Partner and we use Claude Enterprise as our primary AI platform internally. There are reasons for that, and an AI-led MSP should be able to explain their reasoning across at least Microsoft, Anthropic, and OpenAI.
Good answer: A nuanced position. “We deploy Microsoft Copilot for clients with deep Microsoft 365 integration needs and Anthropic Claude Enterprise for deeper reasoning and document work. Here are three workloads where each wins, and here are the data handling differences that matter to a financial services client.”
Bad answer: “We are Microsoft partners so we deploy Copilot.” The Microsoft Solutions Partner badge is a procurement asset. It is not an AI strategy.
AI agents are systems that take input, do multi-step work, and produce output. Building one in a demo is straightforward. Keeping one running reliably in production for a year is hard. Agents drift, integrations break, model providers update, business processes shift.
This is the second of the three questions where honesty matters more than length. Most MSPs in May 2026, including Epic IT, are still building their first wave of production AI agents. Anyone claiming three years of agent deployments is most likely counting Power Automate flows.
Good answer: A specific deployment, with the date it went live, the business process it handles, the integrations it touches, the number of users it serves, and what has broken and been fixed in the last six months.
Bad answer: Vague references to “AI workflows” without specific deployments. Or “many clients have AI agents”, with no client willing to talk about theirs.
AI governance does not sit separately from cybersecurity. Most of the technical controls for AI live inside the M365 security stack: Conditional Access, sensitivity labels, DLP rules, audit logging. If the MSP’s AI services are decoupled from their cybersecurity practice, that is a sign the AI work is bolted on rather than integrated.
Good answer: Clear articulation of how the Essential Eight baseline supports the AI controls. Specific examples of how E8 maturity unlocks AI governance options.
Bad answer: Treating AI and cybersecurity as separate practice areas. “Our cyber team handles E8 and our AI team handles AI.” That structure means the AI work is happening on top of an unverified security baseline.
ISO 42001:2023 is the international standard for AI Management Systems. It is the AI equivalent of ISO 27001. Very few Australian MSPs are certified to it in May 2026 because the auditor pool is small and the standard is new. But genuine AI-led MSPs should at least be aligned with it.
This is the third of the three questions where we think most honest MSPs should not yet be certified. The framework is approximately 18 months old. ISO 27001 took years for the MSP industry to broadly adopt. Anyone showing a certificate dated mid-2026 deserves a follow-up question about which auditor and which scope.
Good answer: “Aligned with ISO 42001 controls, certification scoped for late 2026 with [named auditor]. Here is our gap assessment from January.” Honest about the timeline, with evidence of progress.
Bad answer: Confusion between ISO 27001 and ISO 42001. Or claiming alignment without being able to describe the control framework.
Internal MSP use of AI is the most under-discussed governance topic. Your service desk engineer pastes your config into Claude or Copilot or ChatGPT to debug a problem. Is that allowed? Is your data part of the model’s training set? Is it logged?
A real AI-led MSP has answered this question internally and can explain it externally. Internal use of consumer AI on client data is a Privacy Act issue and the MSP needs a policy.
Good answer: “Engineers may only use [named enterprise AI tool] for client data, with zero data retention configured. Configuration data only. No PII unless the client has signed a specific data processing addendum. Audit logged. Reviewed quarterly.”
Bad answer: “We rely on staff judgement.” That is not policy. That is hoping.
The conversation should land on a structured way to evaluate the client’s specific situation. AI Readiness Assessments map current AI exposure, opportunity, and readiness across people, process, and technology. They produce a roadmap. They are diagnostic, not prescriptive.
Good answer: The MSP describes a structured assessment methodology with specific deliverables (current state, target state, roadmap, governance plan), timelines, and pricing. They offer to scope one for your business.
Bad answer: “We do free workshops.” Free workshops are sales calls in a different format. A real assessment is paid, time-bounded, and produces evidence-based output.
One technique that catches polish without substance: ask the same question twice in the same meeting, ten minutes apart. The first time, take the answer at face value. The second time, ask “Could you walk me through that again with a specific client example?” Genuine capability shows up in the specifics. Marketing shows up in the abstraction.
The other technique: ask about the questions you scored as deliberately hard (4, 6, and 8). If the MSP claims complete mastery of incident response playbooks for AI exposures, three-year-old production agents, and ISO 42001 certification, something is being overclaimed.
Honestly, against our own checklist:
If you are evaluating Epic IT for your AI services, run us through these ten questions. We will give you the honest answer to each one, including where we are still building. The full operational picture is in our guide to what an AI-led MSP actually delivers, and the underlying methodology is in our AI Governance Australia framework.
Send these ten questions to your current IT provider. Write the questions in a single email. Ask for written answers. The medium matters. A salesperson can talk around weaknesses in a meeting. Writing forces specificity. The shape and length of the responses will tell you most of what you need to know.
Compare against the answers above. Notice which questions get long answers and which get short. Notice which questions reference specific clients, specific tools, specific dates. Notice which get answered with marketing copy.
Book an AI Readiness Assessment. Whether you stay with your current provider or evaluate alternatives, an AI Readiness Assessment maps where your business sits today. Book yours, or call 1300 EPIC IT.
Questions 1 (tool vetting register), 6 (longest production agent), and 9 (your data in engineer workflows). The first reveals whether they have a systematic approach. The second reveals whether they actually deliver, or just consult. The third reveals whether they have thought about the governance of their own AI use, not just their clients’.
That is reasonable for some questions. Ask them to follow up in writing within five business days. The follow-up speed and quality are themselves diagnostic. A genuine AI-led MSP has these materials available because clients ask for them regularly.
Yes. For financial services, ask how the MSP supports APRA CPS 234 obligations for AI workloads. For healthcare, ask about TGA Software as a Medical Device exposure where AI assists clinical decisions. For government, ask about the AI in Government Policy. The vendor should be able to translate the general questions into your sector’s specific obligations.
Three signs. First, lots of certifications they can’t quickly produce. Second, named client examples that don’t match what those clients say publicly. Third, claims of capability without specifics on how the capability is delivered (which engineers, which tools, which methodology).
The three questions piece is the executive Friday-meeting cut, focused on AI agent architecture, permissions and audit, and what cannot be delegated to AI. This piece is the deeper governance and operational pass, focused on register discipline, governance ownership, incident response, and ISO 42001 maturity. They cover different layers of the same evaluation. Run the three in a 30-minute meeting. Use the ten as a written follow-up.
These ten questions evaluate the vendor. An AI Readiness Assessment is a structured engagement that maps your current AI exposure (shadow and sanctioned), identifies the highest-value automation opportunities, evaluates your cybersecurity baseline against AI governance prerequisites, and produces a 12-month roadmap. The assessment runs over two to three weeks and produces a board-ready report. It is a standalone engagement, no MSA required.
At Epic IT, our specialists focus on long-term solutions for your business.
Our 90-day guarantee is simple: if you’re not satisfied, we’ll refund your onboarding fee and give you $5K. Contact us today!
Call Us
1300 EPIC IT
Email Us
info@epicit.com.au
Perth HQ
HQ – Unit 2, 62 Angove Street North Perth WA
Queensland Office
12 The Cct, Brisbane Airport QLD
Sydney Office
Unit 3, 104 Anglesea Street, Bondi NSW
