How to Switch IT Provider Without Losing Your Data, Credentials or Sanity

Why businesses stay with bad IT providers too long

The fear isn't irrational. IT infrastructure underpins almost everything – email, file storage, line-of-business applications, remote access, security tooling. The prospect of something going wrong during a handover, even briefly, is enough to keep most business owners from making the call. Add to that an IT provider holding admin credentials you've never asked about, and the power dynamic feels uncomfortable even if nothing has actually gone wrong.

Contract exit terms also play a role. Many SME IT contracts are deliberately vague about what happens when you want to leave. Notice periods, termination fees, data return timelines and the question of who actually owns what are often buried in the small print – or absent entirely, which creates a different set of problems. Businesses that don't know their exit terms don't know how hard it will be to leave.

The result is a pattern we see repeatedly: a business that's been unhappy for two or three years, finally forced into action by a significant failure or a key person leaving, trying to run a transition without any of the groundwork done. That's the scenario that creates real disruption. The businesses that manage clean exits are the ones that plan them.

What you own and what you might not

Before you serve notice on your current provider, you need to know what you actually control. This is often a surprise. The answer, for many businesses, is: less than you think.

Your domain name should be registered in your own registrar account – not your IT provider's. If your provider registered your domain on your behalf and never transferred it to you, they are the administrative contact. That's a problem. You need the registrar login and administrative access to be in your hands before anything else happens.

Your DNS records should likewise be accessible to you directly, either through your domain registrar or a DNS provider account you control. DNS governs where your email goes, whether your website resolves and whether services like Microsoft 365 or Google Workspace authenticate correctly. Losing control of DNS during a transition can take down email and web presence simultaneously.

SSL certificates need to be accounted for. If your IT provider manages them, you need to know which certificate authority they use, when they expire and how they'll be handed over or renewed.

The most critical credentials are admin access to your own business systems. That means the global admin account for your Microsoft 365 or Google Workspace tenant – not just a user account, but genuine tenant-level admin access. It means firewall admin credentials, router and switch access and the admin login for your backup system. If your current provider is the only person who knows these credentials, you're dependent on their cooperation to ever access or transfer your own systems. Recover these before you serve notice, not after.

Finally, your backup data. Check that your backups exist, that you know where they're stored, and critically – that they're in a format your new provider can read. Backups in proprietary formats tied to a specific tool or vendor can be useless in a transition if no one has planned for portability.

Reading your contract before you do anything else

Pull out your current IT contract and read it properly – all of it. The sections that matter most are notice periods, termination clauses and data handling obligations.

Notice periods for SME IT contracts typically run from 30 to 90 days, though some roll over annually if you don't serve notice in a specific window. Serving notice at the wrong time can lock you in for another year. Check whether notice must be served in a specific form – some contracts require written notice by recorded post even now.

Termination clauses may include early termination fees if you're in a fixed term. Calculate what leaving costs before you commit to a timeline with a new provider. You don't want to sign with a new provider for a go-live date that you contractually can't hit.

Data return obligations: some contracts specify that your provider will return data on termination. Some don't. If yours does, document what format that data will be returned in and by what deadline. If yours doesn't, negotiate this before you serve notice – after you've served notice, your leverage is considerably reduced.

Equipment ownership is another area of frequent confusion. Hardware procured through your IT provider may be owned by them rather than you. Check before assuming the router in your comms room or the NAS on your network belongs to the business.

How to run the handover without a blackout

The key to a clean transition is overlap. Running both providers simultaneously for two to four weeks – even if that means paying for both briefly – is significantly cheaper than emergency troubleshooting after a hard cutover that goes wrong.

Start with a full asset and credential inventory. List every system your IT provider touches: network equipment, servers, cloud services, SaaS tools, backup systems, security monitoring and anything else they manage on your behalf. For each item, document the vendor, the admin credentials, who holds access and what the renewal or licensing situation is. This inventory becomes the handover document your new provider works from.

Schedule formal knowledge transfer sessions between your outgoing and incoming providers. These don't need to be confrontational – a professional outgoing provider will cooperate if given appropriate notice and a clear scope. Agree a written agenda for what gets transferred in each session and get confirmation in writing once each item is handed over.

Stage the handover by system rather than doing everything at once. Start with lower-risk items – documentation, monitoring access, backup verification – before moving to higher-risk items like firewall management and DNS. Each stage should have a defined success criterion and a rollback plan if something doesn't transfer cleanly.

On day one with the new provider, your staff need to know exactly who to call. A single point of contact, a clearly communicated helpdesk number or email and a list of what's changed all reduce friction in the first week when questions are most likely.

The credential handover checklist

Use this as a working list during transition planning. Every item should have a named owner, a current credential location and a confirmed handover date:

• Microsoft 365 or Google Workspace – global admin account
• Firewall admin access (configuration export and login credentials)
• Router and managed switch admin access
• Backup system admin access and a verified recent restore test
• Domain registrar login and admin contact details
• DNS provider login (if separate from registrar)
• SSL certificates – issuing authority, renewal date and private keys
• Any SaaS platforms managed by the IT provider on your behalf (monitoring tools, RMM software, antivirus management console)
• Any vendor support contracts registered under the IT provider's details

Items that can't be transferred cleanly – accounts registered under your provider's email address rather than yours, for example – need to be re-registered or updated before the transition completes. This takes longer than expected. Start early.

What to look for when choosing your new provider

Due diligence on a new IT provider gets compressed when you're keen to get out of a bad situation. Don't let that happen. Take references from businesses of a similar size and sector to yours – not just the references the provider volunteers, but asking specifically for customers who've been through a migration with them.

Understand the SLA properly. Response time and resolution time are different things. A 1-hour response SLA means someone acknowledges your ticket within an hour. It says nothing about when the problem is fixed. Ask what their average resolution times are for different severity levels, and ask what happens when those targets aren't met.

Get clarity on scope. What's included in the monthly fee and what's billed additionally? Out-of-scope work that gets charged per hour – project work, major changes, anything that falls outside "break-fix" – needs to be understood before you sign, not when the first invoice arrives.

Ask how they handle incidents. What's their major incident process? Who gets notified, at what threshold, and how? A provider who can't answer this clearly hasn't thought about it properly.

Common problems during transitions – and how to avoid them

The most common problem is an incumbent provider becoming unresponsive after notice is served. This isn't universal, but it happens. The protection against it is serving notice with a clear, written handover schedule attached, and having senior contacts at the provider who are named in your contract. Providers who know a formal handover plan exists are less likely to go quiet.

Backup data in proprietary formats is a problem that only becomes visible when you try to restore something with a new provider's tools. Test a restore before the transition completes, not after.

Undocumented systems – servers, devices or configurations that only your outgoing provider knows about – are a risk in any long-standing relationship. The asset inventory process should flush these out. If you find something you can't account for during the inventory, that's a signal to slow down and understand it before proceeding.

On timing: avoid transitions during your peak trading period. A professional services firm shouldn't be switching IT providers in the run-up to year-end. A retailer shouldn't be doing it in October. Allow a minimum of four to six weeks from first contact with a new provider to go-live. And don't sign with a new provider the week before you serve notice – you need to understand your exit terms first.