IT Handoff: What Good Looks Like

A Pensacola medical practice switched IT providers after their MSP raised prices 50%. The old provider gave them two weeks' notice and a folder of passwords—but half the passwords were wrong, and the folder didn't include anything about their backup system, their HIPAA compliance tools, or their printer configuration.

The new provider spent three weeks just figuring out what existed. In that time, they had a server failure that took two days to recover from instead of hours. Patient appointments were rescheduled. The backup that should have saved them was actually broken for two months before the switch.

This is what a bad handoff looks like. It happens constantly.

What a good handoff requires

A proper IT handoff isn't just "here are the passwords." It's a structured transfer of knowledge, documentation, and access that leaves the new provider able to operate independently.

From the outgoing provider, a good handoff includes:

• Complete, current documentation of the environment
• Admin credentials for all systems
• Introduction to upstream vendors (domain registrar, hosting, software licenses)
• Explanation of known issues or ongoing problems
• Available time for questions during the transition

From the incoming provider, a good handoff includes:

• Systematic review of all systems before taking ownership
• Verification that credentials actually work
• Confirmation that backups are operational
• Testing of critical functions
• Documented baseline of current state

The handoff checklist

Use this list. Don't let anyone tell you it's not necessary.

Documentation you must receive

• Network diagram (what connects to what)
• Server inventory (names, roles, locations)
• Software license inventory
• Vendor contacts and contract status
• Backup configuration and recent test results
• Security configuration summary
• Monitoring setup and alert contacts
• VPN access if applicable
• Domain registration details

Credentials you must receive

• Admin passwords for all servers
• Cloud portal logins (AWS, Azure, Google Cloud, etc.)
• Domain registrar access
• SSL certificate access
• Backup system credentials
• Monitoring system credentials
• Any service accounts used for integrations

Introductions you should request

• Your domain registrar
• Your hosting provider
• Any software vendors they manage on your behalf
• Their upstream IT support (if they use sub-contractors)

Questions the new provider should answer

• Have you verified that all credentials work?
• Have you confirmed backups are running correctly?
• Have you tested restore from backup?
• Are there any known issues that need immediate attention?
• What's your plan for the first 30 days?

What good handoff looks like: concrete example

A Fort Walton Beach accounting firm switched MSPs last year. Here's what their good handoff included:

Week 1: The old provider gave the new provider read-only access to all systems, shared documentation, and introduced them to their domain registrar and backup vendor.

Week 2: The new provider did a full audit—checked every server, verified every backup, tested every critical function. They found two problems the old provider had been working around for months.

Week 3: The old provider released full credentials, confirmed they'd removed their access, and provided a final handoff call where they answered outstanding questions.

Week 4: The new provider had full control, complete documentation, and two weeks of "shadow mode" where they could watch and learn before anything urgent happened.

Total handoff time: four weeks. Total downtime during transition: zero.

What bad handoff looks like

Bad handoff: "Here's a password dump."

The old provider gives you a file with passwords. Half are wrong. Some are for systems that don't exist anymore. The documentation is a network diagram from three years ago.

You're starting from scratch.

Bad handoff: "We don't share credentials."

Some MSPs claim they can't share credentials for "security reasons." This is usually a negotiating tactic. They want you to stay because leaving is too hard.

A legitimate reason for not sharing credentials: they're in a password manager they can't export from. A bad reason: they want to hold you hostage.

Get it in writing: who has credentials, where are they stored, how can you get them if needed.

Bad handoff: "We can't help with the transition."

The outgoing provider refuses to participate. No calls, no documentation, no introductions. They just stop responding when you cancel.

This is a breach of reasonable expectations. If they won't cooperate, document everything you asked for. You may need it later.

What it costs

Good handoff: Typically included in standard contracts. A quality MSP expects to do handoffs and builds time for them.

Bad handoff costs:

• Lost productivity during downtime: $5,000-$50,000 depending on your business
• Emergency consulting to fix unknown problems: $2,000-$20,000
• Data recovery if backups fail: $5,000-$50,000+
• Business impact from extended outage: varies wildly

The difference between a good handoff and a bad one can easily be $30,000-$100,000 in your pocket.

What can go wrong

The old provider goes dark. They stop responding before credentials are released. You can't manage your own systems.

Solution: Get credentials before the contract ends. This is non-negotiable.

The old provider changed things without telling you. You find out they were running unauthorized software, had expired security certificates, or had disabled backups to save money.

Solution: Verify everything in the first week. If something looks wrong, ask.

The new provider isn't ready. They took the contract but haven't done their homework. They're learning your environment on your dime.

Solution: Set expectations before signing. How will they prepare for the transition? What will they verify before taking ownership?

Credentials don't work. The passwords they gave you are wrong, expired, or for accounts that no longer exist.

Solution: Test everything immediately. Don't assume it's correct.

Vendor questions (copy/paste)

Ask your outgoing provider:

• "What documentation will you provide during the transition?"
• "When will credentials be released, and in what format?"
• "Will you participate in a handoff call with the new provider?"
• "What vendor relationships will you transfer vs. terminate?"
• "What support will you provide during our final 30 days?"

Ask your incoming provider:

• "What's your handoff process? What do you require from the outgoing provider?"
• "How will you verify credentials and documentation before taking ownership?"
• "What will you check in the first week?"
• "What should we expect in the first 30 days?"
• "What happens if we discover problems you didn't anticipate?"

When to hire help

Hire someone to oversee the handoff when:

• Your environment is complex (more than 20 devices, multiple locations, specialized systems)
• The outgoing provider is hostile or uncooperative
• You've had a bad handoff before
• Your team can't oversee the process while running the business

A handoff overseer costs $2,000-$5,000 depending on complexity. They're worth it.

The bottom line

A good handoff is a test of the entire relationship. If an MSP can't do a clean handoff, what else are they not doing properly?

If your current provider makes handoff difficult or expensive, that's information. It tells you something about how they operate.

Get the credentials. Get the documentation. Test everything. Then decide if staying is worth the other problems you're tolerating.