What Happens When IT Knowledge Lives in One Person’s Head?

It makes a neat story: one brilliant, quiet person who knows every password, every server quirk and how the accounts system really talks to the payroll. It also makes a dangerous business model.

This matters whether you’ve got 10 staff or 200. When essential IT knowledge sits in one head, the business pays in time, money and credibility — usually at exactly the wrong moment. Below are four clear decision criteria you can use to judge your current exposure and decide the next move.

How quickly could you recover if they weren’t available?

This is the bluntest measure of single-point dependence. If that person phoned in sick for a week, or decided to leave tomorrow, how long before systems are back to normal? A sensible target in most SMEs is hours for critical functions, not days.

Think in business-time, not technician time. For example: if order processing stalls for half a day, what income and customer confidence does that cost? If the answer is “a few emails and we’ll get by”, you’re probably fine. If the answer is “we’ll have to call customers and apologise”, you’re in risky territory.

Quick checks

• Ask for a recovery walkthrough — set a timer and see how long it takes to restore a core service.
• Check who can reset passwords, access backups and run restores.
• Simulate short-term absence: ask a deputy to perform a simple task and see what fails.

Can someone outside the team make sense of your systems?

Tacit knowledge — the unwritten tricks and mnemonic shortcuts — is useful but brittle. If only one person understands the wiring diagram of your IT, hiring, outsourcing or even auditing becomes slow and expensive.

Good business IT isn’t built on mystery. It’s built on clear documentation, named roles and accessible credentials. Not encyclopaedic manuals; pragmatic notes that let someone else follow the trail and make safe changes.

Practical markers

• Documentation exists for critical systems and is reviewed at least annually.
• There’s a standard set of logins and an agreed process for granting and revoking access.
• New hires can be given a 2–3 hour onboarding pack to get productive without dragging the expert into every question.

What happens at audit, insurance or compliance time?

Regulators, insurers and some clients don’t accept “we’ll ask Jim” as an answer. If you can’t demonstrate who has access, how data is protected and how backups are tested, the consequences are financial and reputational: higher premiums, failed audits, or even lost contracts.

Consider audits as a stress test for knowledge distribution. If a single person holds the answers, you’re one incident away from scrambling for documentary proof while the inspector’s stopwatch is ticking.

What to expect

• Insurers will ask how recovery works and who has access to backups — be ready with names and tested procedures.
• For regulated data (financial, HR or client confidential), show a chain of custody for sensitive information.
• Prepare short, clear evidence packs: sign-off on backup tests, access logs and a contact list for escalation.

How dependent is your growth on that person’s availability?

If growth plans, new product launches or integrations are all funnelled through one brain, your roadmap becomes hostage to holidays, notice periods and human energy levels. Scaling then isn’t strategic — it’s a gamble.

Ask whether future work will require that person to be present in the room for every meeting. If the answer is “yes”, you should treat that as a growth blocker. True scale requires processes others can follow or a plan to spread the skillset.

Reductions in hidden costs

• Shared knowledge reduces recruitment ramp time when you bring on new staff or contractors.
• Documented processes let you quote and deliver new projects faster because delivery partners aren’t waiting for verbal instructions.
• Less dependency means fewer emergency hires and less premium-paid overtime when things go wrong.

Putting these criteria to work when comparing options

When you’re comparing routes out of single-person dependency, use these criteria as the scoring grid. Rate each option on three practical questions:

1. How fast would recovery be if the primary person were unavailable? (hours/days)
2. How easy is it for an outsider to take over routine tasks? (documented/unexplained)
3. Is the option auditable and insurance-friendly? (yes/no)

Options to score might include: better documentation and routine handovers; hiring a second-in-command; fixed-term knowledge-capture consultancy; or moving to a managed service for specific functions. Give each option a simple score (1–5) against the three questions and multiply by business impact — for example: how much downtime costs you per hour, or how much a delayed project harms revenue.

Don’t be seduced by technical detail. The right choice is the one that reduces measurable business risk fastest for the least cost. Often the cheapest immediate step is a focused knowledge-capture sprint: two weeks of interviews, paired working and a concise, searchable playbook for core systems.

Practical first step

Run a sixty-minute internal review this week. Bring the person who holds the knowledge and one colleague who doesn’t. Ask them to map three things: the top three services only that person can fix, the steps to restore each service and what would take more than a day to recover. You’ll come out with a short list of highest-risk items and a clear prioritised plan.

Do that and you’ve bought time, saved money on emergency fixes and improved your credibility with customers and insurers. If you want speed and certainty, schedule the review and create a two-week follow-up to capture the critical details into one practical pack.

Related reading

• How Much Should Local IT Support Cost (with Pricing Benchmarks)
• How Much Does Local Business IT Support Cost (with Pricing Benchmarks)?