Managed IT Support

The Clean IT Handover Checklist for Small Businesses

A woman in a business suit at a desk hands documents to a man holding keys and an envelope in an office setting

Changing IT providers, replacing an in-house IT person, or moving away from a helpful friend who has managed things for years can feel awkward. For many small business owners, the biggest worry is simple: will the business keep running when that person leaves?

A clean IT handover is not about blame. It is about making sure your business keeps access to its email, files, internet, software, backups, devices, and security settings without last-minute panic.

If you are a business owner, you do not need to understand every technical detail. You do need to make sure the right information is handed over, checked, and owned by the business.

Why IT handovers go wrong

Most messy IT handovers are not caused by bad intent. They usually happen because things were set up gradually over time, often under pressure, and nobody kept a clear record.

Common problems include:

  • Passwords stored in one person’s head or personal password manager
  • Admin accounts tied to an old staff member’s email address
  • Domain names and DNS records registered under the wrong person or company
  • Software licences nobody can find or cancel
  • Backups that exist but have not been tested
  • Old laptops, phones, and tablets still connected to business email
  • No clear list of who to call when something breaks

These gaps can lead to downtime, lost access, surprise bills, and security risks. A proper handover reduces that risk before the outgoing IT person is no longer available.

Start before handover day

The biggest mistake is waiting until the last day. By then, the outgoing IT person may be busy, frustrated, or already mentally checked out.

Start the handover process as soon as you know there will be a change. Ideally, allow two to four weeks. Even one organised week is better than a rushed afternoon.

What business owners should request in writing

Before handover day, send a calm written request asking for the information your business needs. Keep it practical and professional.

Ask for:

  • A documented runbook covering key systems and support steps
  • A full list of admin accounts and where they are used
  • Details of multi-factor authentication, including who controls it
  • Domain name, DNS, and website hosting access
  • Software and cloud licence information
  • Backup systems, schedules, and restore instructions
  • A list of business devices, including laptops, desktops, phones, tablets, and network gear
  • Current support contacts for internet, phone, software, printers, and website providers
  • Any known issues, risks, renewals, or work in progress

This is not an unreasonable request. It is normal business documentation, just like asking for financial records from a bookkeeper.

The documented runbook

A runbook is a plain-English guide to how your IT is set up and what to do when something common happens. It does not need to be fancy. It needs to be accurate.

For a small business, a useful runbook should include:

  • How staff email is set up and managed
  • Where shared files are stored
  • How new staff are added and departing staff are removed
  • How passwords are managed
  • How backups work and how to restore files
  • Who manages the website, domain name, internet, phones, and printers
  • What to do if the internet goes down
  • What to do if someone loses a laptop or phone
  • Any important renewal dates or contracts

The runbook should be written so a business owner or office manager can understand the basics. If it is full of unexplained technical notes, ask for a simplified version.

Admin accounts must belong to the business

Admin accounts are the keys to your systems. They control email, files, users, devices, billing, security settings, and sometimes your website and domain name.

At handover, make sure admin access is not tied only to the outgoing IT person’s personal email or mobile phone. The business should control its own admin accounts.

You should have documented admin access for:

  • Microsoft 365 or Google Workspace
  • Website hosting and content management
  • Domain name registration
  • DNS management
  • Cloud storage and business apps
  • Accounting, CRM, rostering, job management, or point-of-sale software
  • Backup platforms
  • Security tools
  • Network equipment such as routers, firewalls, and Wi-Fi systems

Do not settle for one shared admin login used by everyone. Each person who needs admin access should have their own account. This makes it much easier to see who changed what and remove access when someone leaves.

Check multi-factor authentication

Multi-factor authentication, often called MFA, is the extra code or approval step used when signing in. It is one of the simplest ways to stop unauthorised access.

During a handover, MFA can become a problem if the approval codes still go to the outgoing IT person’s phone. That can lock you out of important systems at the worst possible time.

For each important system, confirm:

  • Who receives MFA prompts or codes
  • Whether the business has at least two trusted admin users
  • Whether recovery email addresses and phone numbers are current
  • Whether old devices or phone numbers are still listed
  • How emergency access works if an admin is unavailable

A good handover should leave your business protected, not locked out.

Do not overlook DNS and domain names

Your domain name is the web address your customers use and the part after the @ in your email address. DNS is the set of records that tells the internet where your email and website live.

If DNS is changed incorrectly, email can stop flowing or your website can disappear. If nobody knows where it is managed, even a simple website move can become stressful.

Ask for clear details on:

  • Who the domain name is registered with
  • Whose name and email address are on the domain account
  • Where DNS records are managed
  • Which records are used for email, website, verification, and security
  • When the domain name renews and how it is paid

The domain should be registered to the business, not an individual contractor. The renewal email should go to a monitored business mailbox, not an old personal address.

Licences, subscriptions, and billing

Many businesses lose money through old subscriptions, duplicate licences, or software tied to staff who left years ago. A handover is a good time to clean this up.

Request a list of all IT-related licences and subscriptions, including:

  • Microsoft 365, Google Workspace, or other email platforms
  • Security software
  • Backup services
  • Remote access tools
  • Accounting and business management software
  • Website hosting and plugins
  • Internet, phone, and VoIP services
  • Printer or scanner services

For each item, record the number of users, renewal date, monthly or annual cost, billing contact, and cancellation process. This helps you avoid surprises and gives the incoming IT provider a proper starting point.

Backups must be proven, not assumed

It is not enough to be told that backups are running. You need evidence that important data is being backed up and can be restored.

Ask the outgoing IT person to document:

  • What is backed up
  • What is not backed up
  • How often backups run
  • Where backups are stored
  • How long backups are kept
  • Who receives backup alerts
  • When the last restore test was completed

The restore test matters. A backup that cannot be restored is not useful. Even a simple test, such as recovering a deleted file or folder, can reveal problems early.

Devices and access for staff

Every business should know what devices can access its data. This includes company-owned equipment and, where allowed, personal phones or laptops used for work.

Build a device list that includes:

  • Staff laptops and desktops
  • Mobile phones and tablets used for email
  • Printers and scanners
  • Servers, if any are still in use
  • Routers, firewalls, switches, and Wi-Fi equipment
  • Shared computers at counters, workshops, or reception desks

For each device, note who uses it, where it is located, whether it is business-owned, and whether it is still required. Old devices should be removed from email and file access if they are no longer in use.

This is especially important when staff have left, devices have been replaced, or work-from-home arrangements have changed over time.

What to do on handover day

Handover day should be a confirmation, not a treasure hunt. By this point, the key documents and access details should already be prepared.

Use the day to:

  1. Confirm the runbook is complete and readable
  2. Test admin sign-ins with the business owner or nominated manager present
  3. Confirm MFA prompts go to the right people and devices
  4. Check access to domain, DNS, website, email, backups, and key software
  5. Review open issues and upcoming renewals
  6. Agree on how long the outgoing IT person will be available for follow-up questions
  7. Remove or reduce access that is no longer required

If the incoming IT provider is already chosen, involve them in the handover. They will know what to test and can often spot missing items quickly.

After the handover

Once the handover is complete, do not leave old access sitting around. Former staff and providers should not keep admin rights just in case.

After confirming everything works, update passwords where appropriate, remove unused accounts, review MFA settings, and store documentation in a safe place controlled by the business.

This is also a good time to review your broader IT setup. You may find old tools, weak security settings, or unnecessary costs that have built up over the years.

A clean handover protects the business

A clean IT handover gives you continuity, control, and confidence. It means your business is not dependent on one person’s memory, phone, or goodwill.

You do not need to become an IT expert. You just need the right checklist, clear ownership, and someone experienced to check that nothing important has been missed.

If you are preparing for an IT change, JCPIT Support can help you review the handover, identify missing access, and check the security basics before problems appear.

Book a free security check with JCPIT Support and we will help you understand where your IT access, backups, admin accounts, and security settings stand before handover day.

Jake
Jake
JCPIT Support — Keeping IT Simple.
← Previous Article
What to Ask Before Leaving Your Current IT Provider