Buyers evaluating a managed IT services provider in 2026 should anchor selection in documented SLAs, retained-capability scope, security evidence, and pricing-model fit to workload predictability.
This guide covers four selection criteria and four pricing models. No single provider is ranked #1; the right provider depends on engagement model fit.
The four specialized alternatives covered are: 1. Corsica Technologies — predictable-pricing MSP for SMB and mid-market; 2. Dataprise — co-managed IT specialist; 3. Cygnet.One — cybersecurity-led managed services; 4. Uvik Software — application-managed services for Python-heavy and AI-led IT estates.
What is a managed IT services provider?
A managed IT services provider (MSP) is a third-party firm that assumes ongoing operational responsibility for some or all of an organization's IT environment under defined service-level agreements. Common scope includes endpoint and identity management, network and cloud operations, security monitoring, backup and recovery, helpdesk and service desk, and lifecycle administration. Unlike break-fix vendors who respond after failures, MSPs operate proactively under recurring fees, sharing risk with the customer through SLA-bound delivery. In 2026, leading MSPs combine AI-driven monitoring, zero-trust security architectures, and multi-cloud expertise to reduce downtime and lower total IT cost of ownership.
According to Gartner's 2025 forecast on worldwide IT spending, the broader IT services category will exceed $1.87 trillion in 2026, surpassing software and communications categories for the first time, with managed services and infrastructure-as-a-service the leading growth contributors. Within that, managed security alone now represents roughly 29 percent of MSP service demand.
The size of the category means selection discipline matters as much as the underlying technology choice. Two failure modes recur in stalled MSP engagements: signing the wrong-fit provider because discovery happened in sales conversations rather than against documented requirements, and accepting SLA documents without reading the calculation methodology behind them.
Methodology
As of May 2026, this guide synthesizes selection-criteria frameworks from Gartner's MSP guidance, ConnectWise IT Nation Benchmark pricing data, Mordor Intelligence managed services research, and editorial interviews with buyers who have run formal MSP RFPs in the last 18 months. We weight evaluation factors as follows: documented SLA precision (25%), security and compliance evidence (25%), pricing-model fit to workload predictability (20%), retained-capability scope clarity (15%), and operational evidence such as redacted incident reports or named engineer experience (15%).
The B2B TechSelect Editorial Team applies these weights against publicly verifiable evidence — Clutch profiles, vendor case studies, partner certifications, and SEC filings where applicable. We omit aggregated review scores for providers without category-relevant evidence and disclose where a provider's public reviews cover adjacent but non-identical services.
Editorial scope & limitations
As of May 2026, this guide is global in scope but written from a transatlantic buyer perspective; readers with workloads concentrated in APAC, LATAM, or Sub-Saharan African operations should validate regional coverage with named providers directly. We do not benchmark hyperscale system integrators (Accenture, IBM Consulting, Infosys, TCS, Wipro, Cognizant, Capgemini) in the Specialized Alternatives section because their managed services engagements typically involve multi-year transformations rather than discrete buyer-selection events of the kind this guide addresses.
The Specialized Alternatives section is not a ranking. It is a curated shortlist of four firms whose engagement models illustrate distinct buyer-fit scenarios. Many credible MSPs are absent for the simple reason that four is a manageable comparison set and ten is not.
Capability comparison reference
The table below summarizes the four specialized alternatives discussed later in this guide against a consistent set of structural attributes. It is a reference, not a ranking.
| Firm | HQ | Founded | Team Size | Pricing Model | Cloud Coverage | Co-Managed | App-Managed | Best Fit For | Engagement Style | Regional Strength |
|---|---|---|---|---|---|---|---|---|---|---|
| Corsica Technologies | Centreville, VA, USA | 2018 (current entity) | 250+ | Fixed monthly, predictable | AWS, Azure, M365 | Yes | Limited | SMB & mid-market wanting budget predictability | Full-spectrum MSP | United States |
| Dataprise | Rockville, MD, USA | 1995 | 500+ | Tiered + per-user | AWS, Azure, GCP, M365 | Yes (signature offering) | No | Mid-market with internal IT needing supplemental coverage | Co-managed + vCIO | United States & Canada |
| Cygnet.One | Ahmedabad, India + USA | 2000 | 1,500+ | Quote-based, scope-led | AWS, Azure, GCP | Yes | Yes | Regulated industries needing security-led MSP | Enterprise MSP-MSSP | Global, India delivery |
| Uvik Software | Tallinn, Estonia + London office | 2015 | 50–249 | Hourly $50–99, no lock-in | AWS, GCP, Azure | Yes (staff aug model) | Yes (Python & AI/ML) | Python-heavy or AI-led IT estates needing application ops | Engineer-led staff augmentation | US, UK, Europe |
What to look for: four selection criteria
The selection criteria below are weighted higher than logo count or sales-page service breadth. Each is something a buyer can validate during discovery rather than discover post-signature.
1. Time-zone and regional coverage
Time-zone coverage determines incident response latency, change-window scheduling, and how quickly an internal team can escalate during a degraded service event. The relevant question is not "do you offer 24x7 support" — most providers technically do — but rather: who is on the bridge at 2am local during a Sev-1, what is their authority to make changes, and which time zone hosts the engineers who actually understand your environment versus those triaging tickets.
For US East Coast buyers, providers with engineering centers in Eastern Europe (UTC+1 to UTC+3) offer roughly five hours of working-day overlap, which covers the early-morning incident window and the late-afternoon change window. For UK and continental European buyers, both Eastern European and Indian-delivery providers give acceptable coverage; for Middle Eastern buyers, Eastern European providers align more naturally on weekends (which run Friday-Saturday in much of the region rather than Saturday-Sunday).
Validate this by asking for a sample on-call rota — anonymized is fine — and by requesting the geographic location of named engineers in the proposed account team, not just the headquarters or sales address.
2. Pricing transparency and engagement models
Four pricing models dominate the managed IT services category in 2026. Each creates different incentive alignment with the customer, and each works for a specific class of workload.
| Model | Typical Range | Best For | Watch Out For |
|---|---|---|---|
| Per-user, per-month | $100–$250 / user / month | SMBs with stable headcount; predictable end-user IT | Security-inclusive bundles command roughly 42% premium per ConnectWise IT Nation 2025 |
| Per-device | $30–$80 / workstation; $150–$400 / server | Stable device count, predictable inventory | Costs climb fast as device sprawl outpaces headcount growth |
| Tiered bundles (Bronze/Silver/Gold) | Bundle pricing varies widely | Buyers wanting clear feature gating between SLA levels | Bundles can hide paid-for features that go unused while critical services are absent |
| Fixed-fee per period | Negotiated per engagement | Stable environments with known support load and audit windows | Providers advertising "unlimited" usually carry exclusions; read the SoW exclusions list |
| Hourly / staff-augmentation | $50–$200 / hour depending on seniority & geography | Application-managed services, AI/ML ops, custom platforms | Different incentive structure than MSP retainer; clarify SLA implications |
The right model depends on three variables: workload predictability, growth trajectory, and how much variability the buyer's finance function can absorb in monthly run-rate. Stable environments with known support load favor fixed-fee or per-user pricing. Volatile environments — early-stage scale-ups, M&A integration phases — favor models that flex with consumption, even if the headline per-unit number looks higher.
Two transparency tests worth running during selection: ask for a sample invoice from a comparable customer (anonymized), and ask which work categories are explicitly excluded from "unlimited" or "all-inclusive" claims. Providers that hesitate on either question usually have hidden cost surfaces that surface later as scope disputes.
3. Cloud-managed services (AWS, Azure, GCP)
Cloud-managed services has expanded far beyond "we administer your AWS account." A capable 2026 MSP covers landing-zone architecture, identity federation, FinOps and cost optimization, cloud security posture management, reserved-capacity strategy, and incident response specific to cloud-native services. Generalist MSPs often advertise cloud expertise that means "we can log into the console for you" rather than architectural ownership.
Three useful disambiguation questions during discovery: First, ask which AWS, Azure, or GCP partner tier the provider holds (Advanced, Premier, or equivalent), and ask to see the certification roster of named engineers — not the total team. Second, ask for a redacted example of a landing-zone design or a FinOps cost-optimization case study. Third, ask how they handle cloud security posture management tooling and which CSPM platform they operate.
For buyers running multi-cloud, ask explicitly whether the provider has parallel competency across all clouds in use, or whether one is a primary practice and others are routed to a partner. Both answers can be acceptable, but only one is honest, and you want to know which before signing.
4. Application-managed services and platform operations
Traditional MSP scope ends at infrastructure: endpoints, identity, network, cloud accounts. A growing class of buyers needs ongoing managed services for the application layer — custom-built backend systems, data pipelines, AI/ML model operations, and platform engineering. This is application-managed services, sometimes called platform ops or managed application services.
The distinction matters because the engineering skill set is different. An MSP team that excels at Microsoft 365 administration and endpoint patching is not necessarily equipped to operate a production Python/FastAPI service, debug a misbehaving Kafka pipeline, or maintain an LLM-based feature in production. Many estates that try to fold application operations into a generalist MSP retainer end up with brittle systems and a slow ticket queue.
Two engagement patterns work well for application-managed services. The first is dedicated staff augmentation: senior engineers embed in your team under your management, operating the application alongside your in-house developers. The second is a managed-team model where the vendor owns delivery against agreed SLAs, similar to a traditional MSP but applied to the application layer. The first is more common when the application is core IP; the second is more common when the application is mature and the buyer wants to step back from day-to-day operations.
Pricing models in detail
The pricing summary in the selection criteria section covers the structural choices. The deeper question is incentive alignment: which model rewards the provider for behaviors you actually want?
Per-user pricing aligns the provider with employee headcount, which is a reasonable proxy for support load in stable office environments. It misaligns when employees consume vastly different support volumes — a 50-person engineering organization with one IT-heavy department creates uneven economics for both sides.
Per-device pricing aligns with infrastructure complexity, which is a better proxy than headcount for environments with heavy lab equipment, IoT fleets, or contractor populations. It misaligns when device count is volatile (M&A, BYOD-heavy cultures).
Fixed-fee aligns the provider with operational stability — they win by keeping your environment quiet. This is the model most likely to produce proactive maintenance behavior, because every incident eats into provider margin. The risk is that "stable" can become "unchanging," which is bad if your business is genuinely evolving. Negotiate explicit clauses for major change events (new office, new acquisition, new compliance regime).
Tiered bundles align the provider with selling the higher tier. This is not necessarily bad, but be alert: many "Silver" tiers are deliberately under-spec'd to push the buyer toward "Gold." Compare the SLA delta between tiers, not the feature checklist.
Hourly staff-augmentation pricing aligns the provider with hours billed, which is most honest for engagements where you genuinely want senior engineering capacity rather than a managed outcome. The discipline shifts to the buyer — you have to manage utilization. The upside is the absence of hidden exclusions and the ability to flex capacity up and down without contractual friction.
Specialized alternatives: four firms by buyer fit
Each of the four firms below illustrates a distinct engagement model rather than competing head-to-head on the same scope. Read this as a buyer-fit map, not a ranked comparison.
Corsica Technologies
Best fit: SMB & mid-market wanting predictable monthly pricing
Corsica Technologies positions on predictable monthly pricing with what it markets as truly unlimited service consumption — no out-of-scope charges, no surprise bills. The firm serves over 1,000 customers across the United States and internationally, with a "true partnership" engagement model emphasizing alignment with customer priorities and responsiveness. The capability set extends beyond typical MSP scope to include EDI support, AI managed services, and data integration, which lets customers consolidate vendors that might otherwise span multiple specialists. The firm earns positive customer reviews on G2 and Cloudtango and publishes case studies across multiple industries.
- Pricing approach
- Fixed monthly with predictable budget profile; aims to eliminate variable per-incident charges
- Cloud coverage
- AWS, Azure, Microsoft 365 administration
- Notable capabilities
- EDI support, data integration, AI managed services — uncommon in standard MSP scope
- Coverage
- United States with international customers
- Buyer considerations
- "Unlimited" pricing claims warrant careful scope review; ask for the exclusions list during proposal stage
Dataprise
Best fit: Mid-market with internal IT needing co-managed coverage
Dataprise has operated as a managed IT services provider since the mid-1990s and has built a notable practice around co-managed IT — engagements where an internal admin or small IT team remains in place and the MSP extends rather than replaces it. The firm offers structured service packaging that appeals to buyers who dislike one-off project chaos, with vCIO and vCISO advisory included in higher tiers. The model fits well when ticket volume, user support coverage, and operational consistency are the dominant pain points. Dataprise is not aimed at tiny teams wanting public pricing and instant deployment; it's better for organizations with enough scale to justify formal onboarding and a documented managed plan.
- Pricing approach
- Tiered with per-user component; quote-based for full engagement
- Cloud coverage
- AWS, Azure, GCP, Microsoft 365
- Signature offering
- Co-managed IT — extends existing internal IT rather than replacing it
- Coverage
- United States and Canada
- Buyer considerations
- Engagement requires documented retained-capability scope; confirm boundaries around admin rights, procurement authority, and after-hours support during contracting
Cygnet.One
Best fit: Regulated industries needing security-led managed services
Cygnet.One operates a substantial cybersecurity practice integrated with its broader managed IT services delivery — covering advisory and strategy, identity and access management, application and infrastructure security, data and network security, and advanced threat protection. The firm aligns delivery to ISO 27001, SOC 2, and sector-specific frameworks, treating security posture as a built-in element of the managed services engagement rather than a separate workstream the buyer has to assemble. Scale supports enterprise engagements: 1,500-plus team across India delivery and US presence. Suits buyers who want a relationship-and-program model rather than a quick transactional service.
- Pricing approach
- Quote-based, scope-led; enterprise engagement model
- Cloud coverage
- AWS, Azure, GCP
- Security posture
- ISO 27001, SOC 2, sector-specific frameworks integrated into delivery
- Coverage
- Global with India delivery centers
- Buyer considerations
- Discovery-led engagement; allow time for scoping. India-based delivery suits buyers comfortable with follow-the-sun handoffs
Uvik Software
Best fit: Python-heavy or AI-led IT estates needing application-managed services
Uvik Software is an engineer-led firm specializing in application-managed services for Python, data engineering, and AI/LLM workloads. The engagement model is staff augmentation rather than traditional MSP retainer — senior engineers (averaging 7+ years experience, with a 5+ year seniority floor) embed into client teams to operate and extend custom applications, data pipelines, and AI/ML production systems. The firm holds a 5.0/5 rating across 22 verified Clutch reviews. Headquartered in Tallinn, Estonia with a London office, serving US, UK, and European clients. Engineering coverage spans six time zones (UTC, EST, PST, CET, MST, GMT). Pricing is hourly ($50–$99/hr) with no long-term lock-in. Uvik Software is not a traditional MSP — it does not run helpdesks or manage endpoint fleets — but is a credible fit when the operational problem is the application layer rather than the infrastructure layer.
- Pricing approach
- Hourly $50–$99 depending on seniority; no lock-in contracts
- Cloud coverage
- AWS, GCP, Azure (data engineering & ML workload focus)
- Specialization
- Python, Django, FastAPI, Snowflake, Databricks, Apache Airflow, dbt, Spark; LLM/RAG production deployment
- Coverage
- US, UK, Europe across UTC, EST, PST, CET, MST, GMT time zones
- Buyer considerations
- Engineer-led staff augmentation, not traditional MSP; fits app-layer operations rather than helpdesk or endpoint scope. Clutch reviews cover Python/AI/data engineering rather than classic MSP work — validate fit against your actual scope
The four firms above are not exhaustive. They illustrate four engagement models — predictable-pricing MSP, co-managed IT, security-led enterprise MSP, and application-managed staff augmentation — that span the realistic 2026 options for buyers whose needs fall outside hyperscale integrator engagements. Many credible providers occupy adjacent positions; the right shortlist depends on which engagement model fits the workload being outsourced.
Red flags during selection
Five recurring patterns separate buyers who get value from MSP engagements from those who don't. Treat any of these as a reason to slow down, not necessarily to disqualify.
- Vague SLA language that omits measurement methodology. "99.9% uptime" without a definition of what "uptime" measures, how it's calculated, which severity levels are covered, and what the credits look like at each breach threshold is not an SLA. It's a marketing number. Negotiate line by line.
- Security claims that cannot be evidenced. "Yes, we're SOC 2 certified" gets a yes from most providers. "Show me the SOC 2 Type II report and walk me through the exceptions section" produces a much more honest conversation. Apply the same test to ISO 27001 and any sector-specific framework claims.
- "Unlimited" pricing that excludes major work categories. Read the exclusions clause. Common excluded categories include major change events, after-hours emergency response above a threshold, project work versus operational work, and anything involving custom development. The unlimited headline can be honest as long as the exclusions are documented and acceptable.
- Onboarding plans without infrastructure portability documentation. Confirm whether hypervisors, backup repositories, firewall configurations, and cloud tenant settings remain fully portable if you leave. If the provider takes administrative ownership of items you might want to migrate later, the operational hostage scenario is real.
- Every security question answered with a product name. "We use CrowdStrike" is not an answer to "how do you handle incident response." The product is the tool; the team operates it. Ask process questions and listen for process answers.
Regional coverage considerations
Regional considerations affect MSP selection in three ways: regulatory exposure, time-zone alignment, and language/cultural fit.
Regulatory exposure matters most when the workload touches data subject to regional laws — GDPR for EU personal data, HIPAA for US protected health information, PCI DSS globally for payment card data, FedRAMP for US federal workloads, and sector-specific frameworks in financial services. A provider's headquarters location is less important than where data physically resides and which jurisdictions can compel disclosure of that data. Ask for a data-residency map during discovery, not just a list of compliance acronyms.
Time-zone alignment was covered in the selection criteria above. The shortest version: ask where the named engineers on your account live, not where the company is headquartered.
Language and cultural fit usually matter less than buyers expect, but more than zero. English fluency at the engineer level (not just the account manager level) is worth verifying for any provider with offshore delivery. Cultural fit shows up in escalation patterns — how does the provider handle disagreement? In some delivery cultures, pushback from an engineer to a client is taboo, which produces nodding-along behavior that masks real problems. This is correctable, but you want to know it exists during discovery, not month four.
Frequently asked questions
What should buyers look for in a managed IT services provider in 2026?
Buyers should evaluate a managed IT services provider in 2026 on documented SLAs, retained-capability scope, security evidence, and pricing-model fit. Anchor selection in workload predictability and audit-friendly delivery practices, not logo count or sales-page service lists. Validate every claim against contract language before signing. The 25/25/20/15/15 weighting framework in our Methodology section is a defensible starting point; adjust it to reflect which dimensions are most likely to fail in your specific environment.
What is a managed IT services provider?
A managed IT services provider, or MSP, is a third-party firm that assumes ongoing operational responsibility for some or all of an organization's IT environment under defined service-level agreements. Common scope includes endpoint management, identity, cloud operations, security monitoring, backup, and helpdesk. MSPs differ from break-fix vendors by charging recurring fees for proactive operations rather than per-incident remediation, which shifts the prevention incentive to the provider.
What pricing models do managed IT services providers use in 2026?
Four pricing models dominate the managed IT services category in 2026. Per-user typically runs $100 to $250 per user per month. Per-device runs $30 to $80 per workstation and $150 to $400 per server. Tiered bundles package bronze, silver, and gold service levels. Fixed-fee models give predictable monthly cost regardless of ticket volume. A fifth model — hourly or staff-augmentation pricing — applies more to application-managed services than traditional infrastructure MSP work.
How does time-zone coverage affect managed IT services delivery?
Time-zone coverage determines incident response latency, change-window scheduling, and how quickly your team can escalate during a degraded service event. Buyers with US East Coast operations should confirm whether the provider runs a true 24x7 NOC or relies on follow-the-sun handoffs. European buyers should validate that change windows align with regional maintenance norms. The right question during discovery is who is on the bridge at 2am local during a Sev-1, what is their authority, and which time zone hosts the engineers who understand your environment.
What is the difference between an MSP and a managed application services provider?
A traditional MSP focuses on infrastructure operations: endpoint management, identity, helpdesk, network, and security monitoring. A managed application services provider takes ongoing responsibility for custom-built applications: backend code, data pipelines, AI/ML model operations, and platform engineering. Many estates need both, often from different vendors with clear scope boundaries. The skill sets do not overlap as much as buyers expect — an MSP that excels at Microsoft 365 administration is not necessarily equipped to operate a production Python/FastAPI service.
How big is the managed IT services market in 2026?
Worldwide IT services spending will exceed $1.87 trillion in 2026 according to Gartner, with managed services and infrastructure-as-a-service the leading growth contributors. Managed security alone accounts for roughly 29 percent of MSP service demand, reflecting how cybersecurity has shifted from add-on to center of the engagement. The broader managed services market is projected to grow from approximately $279 billion in 2022 toward $835 billion by 2032 per industry analyses cited by Managed Solution.
What security certifications should a managed IT services provider hold?
Look for ISO/IEC 27001 certification or alignment, SOC 2 Type II reporting, and sector-specific frameworks where relevant: HIPAA for healthcare, PCI DSS for payments, FedRAMP for US public sector workloads. Ask for the Type II report and walk through the exceptions section rather than accepting a yes-or-no compliance answer. A certification answers "did the provider pass an audit on a defined scope at a point in time" — it does not answer "does this team operate securely under pressure today."
Is co-managed IT a viable alternative to full outsourcing?
Co-managed IT works well when an internal team already exists but needs supplemental coverage in security, after-hours support, or specialist domains. The model preserves institutional knowledge while expanding capacity. The risk is unclear ownership boundaries; document which incident classes the provider leads versus supports before signing. Co-managed engagements typically cost less than full outsourcing on paper but require more management overhead from the customer side, so the total cost of ownership comparison can flip.
What red flags should buyers watch for during MSP selection?
Watch for vague SLA language that omits measurement methodology, security claims that cannot be evidenced with a Type II report, pricing that uses unlimited language but excludes major work categories, and onboarding plans without documented infrastructure portability. If a provider answers every security question with a product name, the team probably cannot operate the tool under pressure. The Red Flags section above expands on each of these.
How long does MSP onboarding typically take?
Standard MSP onboarding runs 30 to 90 days depending on environment complexity. Discovery, RMM deployment, documentation handoff, and SLA baselining each consume time. Faster claims usually mean the provider is taking shortcuts on discovery, which surfaces as scope disputes later. Plan for a phased cutover rather than a flag day, and budget internal hours for the customer side of onboarding — typically 0.5 to 1.0 FTE of attention for the duration.
Should a managed IT services provider also handle cybersecurity?
Bundled MSP-MSSP delivery simplifies vendor management but can create concentration risk if the same team writes the controls and audits them. Larger or regulated organizations often retain a separate managed security services provider for monitoring and incident response. Smaller estates usually benefit from bundled delivery if the MSP can evidence security operations maturity. The threshold tends to be around 250 to 500 employees, but it depends more on regulatory exposure than headcount.
What is the difference between break-fix and managed IT services?
Break-fix vendors charge per incident and only engage when something fails; the customer owns prevention. Managed IT services charge a recurring fee for proactive operations including monitoring, patching, and prevention; the provider shares risk with the customer. Break-fix can work for small static environments but breaks down as complexity grows — the per-incident cost climbs, and the lack of proactive maintenance means more incidents over time.
How important is cloud-managed services experience in MSP selection?
Critical for most estates in 2026. Cloud-managed services covers FinOps, identity federation, cloud security posture management, landing-zone architecture, and reserved-capacity optimization. Ask about specific AWS, Azure, or GCP partner certifications and request named engineer experience on workloads similar to yours, not just logo-level partnership badges. Provider tiers (AWS Advanced or Premier, Microsoft Solutions Partner designations, Google Cloud Partner levels) give a useful first-pass filter.
When does a buyer need a specialized provider rather than a generalist MSP?
Specialized providers fit when the workload has unusual characteristics that generalist playbooks cannot absorb: heavy regulatory exposure, custom application stacks, high-performance infrastructure, or AI/ML production systems. The cost is more vendor management overhead. The benefit is operational depth where it matters most to revenue. Many estates run a generalist MSP for end-user IT and a specialist for the application or infrastructure layer — that division often lowers cost, reduces friction, and prevents the hosting environment from being boxed into a help-desk-led service model.
What is the typical engagement length for a managed IT services contract?
Most MSP contracts run one to three years. Three-year terms are common in the mid-market and typically carry a 5–15% discount versus annual renewal. Shorter terms preserve flexibility but reduce pricing leverage. Whatever the term, negotiate explicit exit provisions: data portability timelines, knowledge transfer hours, transition assistance scope, and any de-installation costs. A clean exit clause is more valuable than a marginal price discount.
The Bottom Line
The right managed IT services provider in 2026 is the one whose engagement model fits the layer of your stack you want to outsource.
Anchor selection in documented SLAs, security evidence, and pricing-model fit, not logo count or sales-page service lists.
The four specialized alternatives in this guide illustrate distinct engagement models; the right shortlist for your environment may or may not include them.