top of page
Search

How to Select the Right Managed Detection and Response (MDR) Provider: A Practical Guide for RFP Success

  • Writer: Ben de la Salle
    Ben de la Salle
  • Sep 8
  • 3 min read

With cyber threats evolving at pace, many organisations are turning to Managed Detection and Response (MDR) providers to bolster their security posture. But with a crowded market and a dizzying array of options, how do you run an effective RFP process and select the right partner?


ICA Consultancy article on Managed Detection and Response (MDR) providers

What to Look for in an Managed Detection and Response (MDR) Provider

When evaluating MDR providers, it’s easy to get caught up in technical jargon. Instead, focus on clear business outcomes and risk reduction:


  • Detection Capabilities: Does the provider offer advanced threat detection across endpoints, networks, cloud, and SaaS? Do they use threat intelligence and behavioural analytics?


  • Response Maturity: How quickly and effectively do they respond to incidents? How much responsibility do they assume during the incident, or are they just a “log-and-flog” provider? Are response actions automated, or do they rely on manual intervention?


  • Integration & Coverage: Can the MDR service integrate with your existing security stack? Is coverage 24/7, and do they support all your critical environments?


  • Reporting & Transparency: Will you get meaningful, timely and actionable reports? Is there clear visibility into what the MDR team is doing and how incidents are handled?


  • Expertise & Experience: Who triages and responds to alerts? How have they validated their capabilities and effectiveness? Do they perform red teaming activities to support their continuous improvement?


  • Regulatory Alignment: For regulated sectors (financial services, healthcare, etc.), can the provider demonstrate compliance with standards like DORA. Do they clear communicate how they support compliance with GDPR. What standards are they certified against, which in turn may support your certification – for example ISO27001?


  • Cost & Flexibility: Is the service priced transparently? Can it flex as your business grows or changes? How would they handle M&A, as businesses may operate independently for a while before merging?


How to Scope and Write an Effective MDR RFP

A successful RFP (Request for Proposal) is more than a shopping list—it’s your chance to clarify needs and set expectations. Here’s how we recommend approaching it:

 

1. Define Your Business Objectives

  • What are you trying to protect? (Data, systems, reputation)

  • What are your key risks and compliance requirements?


2. Document Your Current State

  • What security tools and processes do you already have?

  • Where are the gaps?


3. List Your Requirements

  • Must-have vs. nice-to-have features (e.g., 24/7 monitoring, threat hunting, cloud coverage)

  • Integration needs (existing SIEM, EDR, cloud, etc.)

  • Reporting, SLAs, escalation procedures

  • We often utilise the NIST CyberSecurity Framework to set out the objectives of the service – this works well with many MDR providers, as they map their services to them.


4. Ask the Right Questions

  • How do you detect and respond to threats?

  • Can you provide references from similar sectors?

  • What’s your onboarding and offboarding process, and timeline?

  • Where are the hand-offs in processes, such as incident management?

  • How do you continually test the effectiveness of your services?

  • How do you ensure data privacy and compliance?

  • Where do you sit within their customer base? – you will not want to be the largest or smallest customer.


5. Evaluation Criteria

  • How will you score and compare responses? (Capabilities, cost, experience, references)

  • How do each of these areas compare in terms of importance? (set weighting for each domain you are scoring)


6. Timelines and Process

  • Be clear about submission deadlines, evaluation stages, and decision dates.


How ICA Consultancy Can Help

Running an RFP for MDR is time-consuming and high stakes, get it right, and you’ll have a partner that genuinely reduces business risk. Get it wrong, and you risk gaps, wasted spend, or compliance headaches.

 

Here’s how we support our clients:

  • Requirements Gathering: We work with you to understand your risk profile, business objectives, and technical landscape.


  • RFP Creation: We help draft clear, focused RFP documents that attract the right providers and weed out the noise.


  • Vendor Evaluation: Our real-world experience means we know what to look for (and what to avoid) in MDR proposals.


  • Shortlisting & Selection: We facilitate workshops, scorecards, and Q&A sessions to make the selection process robust and transparent.


  • Onboarding Support: Once you’ve selected a provider, we help manage the transition, ensuring a smooth start and ongoing value.

 

With our deep sector expertise and practical approach, we help organisations avoid common pitfalls and achieve real, measurable improvements in cyber resilience.


Ready to run your MDR RFP or want to discuss your options?


 

 
 
 
bottom of page