The third-party maintenance market is a wonderful thing when it works. Fifty to seventy percent off OEM renewal pricing, faster response times, coverage that runs years past end-of-service-life. Real TPM providers keep enterprise gear running long after the manufacturer stops selling contracts.
It is also a market with almost zero barrier to entry. Register a domain, spin up a landing page, run some paid search, and you look identical to a firm with actual parts depots and field engineers. The difference shows up at 2 AM when your storage array is throwing errors and you find out whether the promised four-hour parts SLA has any warehouse behind it.
Here is the sanity checklist we run when a client asks us to shortlist providers. None of it requires a phone call — it's all things you can verify from a browser tab in about twenty minutes.
1. Real phone number in the structured data
Every legitimate business runs schema.org structured data on their site — usually an Organization JSON-LD block in the page head, sometimes a LocalBusiness variant. It's the machine-readable version of the same contact info humans see. Because it's rarely edited by the marketing team once launched, it's a great honesty tell.
Open the provider's homepage in your browser. Right-click → View Source. Search for application/ld+json. Find the phone number in the block. Then:
- Google that exact number. A real support-line number turns up on a dozen other pages — third-party directories, review sites, hiring listings, past customer testimonials. A number that appears only on the provider's own site is a red flag.
- Check the area code against the claimed HQ location. Not proof of anything, but suspicious when the "Chicago-based" provider lists a phone that geolocates to a shared VoIP provider.
- Look for literal 555 numbers. The North American 555 exchange is reserved for fiction. If a provider is running with
+1-800-555-1234in their production schema, that page was never proofread. Assume nothing else was either.
The 555 case sounds like a joke. We've seen it in production on at least one competitor site as recently as this month.
2. Savings claims that agree with themselves
Every TPM site has a "customers save X%" or "$Y million saved" number somewhere. That's fine. What matters is whether the numbers on the same site cross-reference each other.
Check the homepage claim against the resources page against the case studies. If the homepage says "$2.3M saved for our customers in 2025" and the resources page says "$47M saved in 2025" on the same visit, you are not dealing with real accounting. Someone plugged placeholder copy into a template and shipped it.
Real numbers stay consistent across pages because they come from a real source of truth. Fake numbers drift because each page was written independently.
3. Named references you can actually reach
Look at the case studies. Do they name the customer, or do they say things like "a Fortune 500 healthcare provider in the Northeast"? Anonymized case studies are legitimate under NDA — but a serious TPM shop has at least three named public references. Ask for them. If the sales rep can't produce a real Head of IT at a real company willing to take a fifteen-minute call, you are being asked to trust a marketing department rather than a track record.
While you're there, check whether the case-study text reads like someone rewrote the same three paragraphs with the industry swapped out. Template-generated case studies are cheap to produce and impossible to hide.
4. Response-time SLAs in the contract, not on the marketing page
The marketing page says "24×7×4 response." The proposal says "24×7×4 response." Fine. Now ask to see the actual contract language.
The distinction that matters: response versus restoration. Response is "we picked up your ticket." Restoration is "your hardware is running again." A four-hour response SLA with no restoration commitment is a call-center commitment, not a repair commitment. Providers who care about the difference put the restoration language in the master service agreement. Providers who don't care about the difference write ambiguous marketing copy and let you fill in the meaning.
Also look for the parts-availability clause. Does the contract commit to keeping spare parts in a warehouse within a defined driving radius of your data center, or does it commit to "commercially reasonable efforts"? Those are different products at the same price.
5. Parts sourcing transparency
Ask the provider: "Where do the replacement parts come from?" A serious TPM shop has a real answer. They run parts depots. They buy failed systems on secondary markets, refurbish components, test to spec, warehouse regionally. Some of them own the depots outright; some contract with logistics partners; a few have OEM relationships that let them source current-generation stock.
You don't need to become an expert on their supply chain. You just need to hear an answer that isn't hand-waving. If the response is a variant of "we have a global sourcing network" with no detail, they either can't tell you (which is bad) or don't know (which is worse). Real parts operations are proud of their parts operations.
6. Insurance, financial stability, and exit terms
Three quick document requests separate serious providers from the rest:
- Certificate of insurance — general liability, errors and omissions, cyber. A working TPM shop carries all three at meaningful limits. Providers who can't produce a COI on request within a business day either don't carry it or don't have organized ops.
- Dun & Bradstreet number or basic financial disclosure — you don't need audited financials. You need a signal that the entity has been in business for more than eighteen months and isn't a marketing shell for someone else.
- Contract exit clause — how do you get out mid-term if their performance is unacceptable? A provider who confidently offers a fair termination-for-cause clause is a provider planning to earn the renewal. A provider who buries lock-in in the fine print is planning something else.
What none of this proves
Following this checklist doesn't prove a provider is competent. It proves the provider isn't obviously a marketing costume with nothing underneath. That is a smaller claim, and the one that catches most avoidable procurement mistakes.
Actual TPM competence — response times that hold under pressure, engineers who know the gear, parts logistics that survive a bad quarter — reveals itself in the second and third year of a contract, not on the sales call. What the checklist does is get you to year one with a real counterparty.
Why Bushido is telling you this
Because we don't sell contracts. Bushido shows lifecycle dates, indicative TPM ranges, security advisories, and parts-market data on eighty-seven manufacturers, and that's it. We do not have a sales rep on retainer. We do not get a referral fee from the providers we don't recommend by name. The information is the product.
That neutrality is only useful if you use it. Run the six checks above on any provider you're considering. If a provider fails two or more, walk. If they pass all six and their proposal beats their competition on the numbers, you have a real candidate.
The maintenance industry gets a lot healthier when the honesty markers are the visible ones.