If everything lives in one person’s head, you’re one PTO day away from stuck. This isn’t about you personally holding admin passwords or MFA reset codes—that isn’t safe practice. It’s about continuity on the provider’s side: shared, current documentation so work doesn’t hinge on one person.
1) One person = bottleneck
If the fix is “ask Chris,” you don’t have documentation—you have a single point of failure. Vacations, turnover, illness—real life happens. Vendor portals, domain/DNS info, cloud tenant details, firewall/backup configurations, and “how we do it here” should be captured so the provider’s team can act without waiting on one brain. You don’t need raw admin keys—but you do need to know there’s a documented access path and an agreed way to request changes fast.
2) The map doesn’t match reality (and it’s shared)
Old diagrams, stale inventories, missing app lists—when the map is wrong, troubleshooting takes twice as long and risks hide in the gaps. This is a shared-responsibility problem: your provider should ask and update, and your team needs to tell them when tools, vendors, or workflows change. If no one keeps the map current, you find “surprise” systems during an outage.
3) Changes without a trail
Systems get tweaked, settings flipped, new vendors added—and there’s no record of what changed or why. Next incident, you’re reconstructing the story from memory and email threads. Change details should live in the ticket: what changed, when, by whom, and why. If there’s no changelog, there’s no accountability, no rollback path, and longer downtime.
Quick self-check: do you actually have continuity?
- One person is your only path to answers about your setup
- Work stalls when that person is out
- There’s no up-to-date inventory or diagram you trust
- You learn about changes from outages—not change notes
- There’s no clear changelog tied to tickets (what changed, when, by whom, and why)
- Your provider learns about new tools/systems from your staff after the fact
If two or more hit, you don’t lack passwords—you lack documented continuity.
Want the full checklist of red flags (and how to avoid them)? Grab the white paper:
The IT Provider Trap – How to Spot Danger Signs Before Your Business Pays the Price