What does a standard tech audit include and what is a reasonable price for it? [closed]
I suspect this question is out-of-scope for Server Fault, since it's really about scoping the delivery of IT services. Having said that, the scope seems reasonable (if a little "sales-ey"-- "IT Standards"... heh heh). The scope seems inclusive enough to show that this isn't this company's first rodeo (or, alternatively, that they bought some rather inclusive sales template documents).
I couldn't comment on pricing w/o knowing more about the metes and bounds of your infrastructure. It doesn't seem out of line, just off the cuff. It depends on how much "stuff" you have and how thorough they're going to be. Whether or not the report will be of use to you is probably more of a good factor to assess the value for the price paid.
I would ask to see a sample report that has coverage for all of the areas they intend to cover for you. (I prepare a sample for every type of report / audit that I provide as part of developing the "product" and I find it to be a handy "sales" tool.) This will give you an idea of how thorough they're planning on being (and gives you a standard to hold them to when you get your report).
I would evaluate the sample report to see if it is helpful as a standalone resource. If it doesn't provide sufficient detail to be worth the cost then I'd be wary of purchasing the offering they're proposing. I don't think it's sensible to pay them for delivering a service if, ultimately, the service only helps them scope the "opportunity" with you and doesn't give you an actionable resource. I've seen "managed IT services" firms use reports like this as a way to start a contractual service arrangement. If it's being "sold" as a report to you with usefulness that stands on its own, and not as just part of the contract fees for starting an IT support contract with this provider, I'd be very, very sure that the sample report stands up as being a useful resource on its own (and, if it doesn't, I would immediately be suspicious of the "character" of the provider).
When I prepare audits for prospective Customers I impress upon them that my report can be taken to any vendor of IT services as part of a Request for Proposal. I think that's the only honest way to do it. I write my report hoping that I'm going to be the future vendor to act on the report's recommendations, but I don't assume it. I prepare most of my reports as work-for-hire, with the Customer "owning" the report's "intellectual property" after they pay for the report. You should find out what the license you're going to receive is like to determine if you can redistribute, "remix", or otherwise make use of the report for your own purposes.
IT services is a largely unregulated industry, and although there have been various attempts at "standardizing" the methodology and delivery of IT service provision (ITIL, etc), there is really no guarantee that any provider is going to follow any particular methodology or reporting standard. The onus is on you, as a consumer of IT services, to assess how applicable the services are to your needs.
The scope is pretty common, looks like they're hitting the big things.
Even for a small company with a small server footprint, doing the assessment is about 4-8 hours of work minimum, and writing the report and recommendations and getting a review is probably another 4-8. So, 1-3 man-days worth of work.
The pricing isn't out of line with that, depending on your geographic area. If you want to know more, ask some other vendors for their price in doing an audit, and finding out what it covers. Of course, as you know, price can be inverse to quality, but for an assessment, it might be seen as a loss-leader for a services firm if they assume that they'll get the business.