IT Transition Playbook · Vancouver, BC

How to Switch IT Providers, Vancouver Business Guide

Thinking about changing IT companies? This is the playbook we actually use when we onboard new clients from a previous provider. It is written to help you, whether or not you end up hiring us. A bad transition is worse than a bad provider, so get this part right first.

When it is time to switch

No provider is perfect, and switching is disruptive, so do not do it on a bad week. Do it when the pattern is undeniable. These seven signals are what we hear from clients on the first call.

• The ticket black hole. You submit tickets and never hear back. Status updates are absent. You learn the ticket is resolved only because someone at your office stopped complaining.
• Billing surprises. The invoice arrives with line items nobody can explain, and requests for itemization go unanswered.
• Security incidents with no postmortem. Something went wrong, email went down, a user was compromised, and nobody wrote down what happened or what changed. The same thing happens again six months later.
• Onboarding was never finished. You signed up two years ago and the documentation of your environment is still "in progress." Nobody actually knows what you have.
• Staff rotate constantly. A different technician every time. Nobody remembers your environment. You repeat the same context every call.
• Contract lock-in tactics. Multi-year auto-renewing agreements, high exit fees, or access restrictions that make leaving painful by design.
• Missed SLAs for 90 days straight. If response times have been outside the agreement for a full quarter, the relationship has already ended, you just have not filed the paperwork.

What you actually own, and should have right now

Before you start shopping for a new provider, audit what you control. If your incumbent disappears tomorrow, what do you need to keep the lights on? You should be able to log into all of the following today, as your own company, without asking them.

• Domain registrar. The account where yourbusiness.com is registered. This controls your email, your website, and your entire online identity. If your provider registered the domain in their own name, that is a red flag.
• DNS control. Either at the registrar or at a separate DNS provider like Cloudflare. You need to be able to change records.
• Microsoft 365 tenant Global Admin. At least two Global Admin accounts under your company's control, with MFA on both, and break-glass documentation in a safe. Not just your provider's account with your domain attached.
• Password vault. Your own 1Password, Bitwarden, or Keeper with all credentials. Not buried in your provider's internal tooling where you cannot see them.
• Network documentation. A network diagram, IP schema, switch and firewall inventory, VLAN layout, Wi-Fi SSIDs, and vendor support contacts.
• Backup and restore access. You should know where the backups live, how to access them, and who holds the credentials. A good question: "If my provider vanished, can I recover my data without them?"
• Administrative accounts for line-of-business software. Accounting, CRM, practice management, trust accounting, shop software. You are the owner of those tenants, not your IT provider.

If you cannot check most of those boxes today, that is not a sign to panic. It is the starting point. A good transition fixes all of it.

30 / 60 / 90 day transition plan

Here is the timeline we run. Adjust for your size and complexity.

• Days 1 to 10, discovery. Confidential call with prospective new provider. NDA signed. Inventory of what you know, what you do not, and what you control. No contact with your incumbent yet.
• Days 10 to 20, scope and sign. New provider produces a scoped onboarding proposal and service agreement. You sign. Still no contact with the incumbent.
• Day 20, notice to incumbent. Written notice per contract terms. Often 30 or 60 days. A polite, professional letter stating effective end date and requesting a handover meeting.
• Days 20 to 50, parallel operation. New provider begins shadowing: documentation review, admin access verification, gap inventory. Incumbent continues day-to-day support.
• Days 50 to 60, cutover. New provider takes primary support responsibility. Monitoring, patching, EDR, backup, and help desk shift to new provider. Incumbent is informed and remains available for questions about legacy decisions.
• Days 60 to 80, stabilization. Remediate gaps identified during shadowing. Fix anything the incumbent left broken or undocumented. Roll out standards the new provider uses across its client base: MFA, EDR, standardized backups, written policies.
• Days 80 to 90, handover close. Final credential handover, final billing reconciliation, final documentation sign-off. Incumbent relationship formally closed. Internal retrospective with new provider.

The offboarding conversation

Hard conversations usually go better than you expect. Here is how to have this one.

• Go in writing. Email, not a phone call. A written record matters if things get difficult.
• State the end date, not a debate. "We are ending our service agreement effective [date] per section X of our contract." That is it. You do not owe a list of grievances.
• Offer a professional handover. Request a handover meeting, a list of administrator credentials, a network diagram, and any documentation on file. Many contracts specify handover obligations.
• Be civil. You may need them to help recover a password, clarify a past decision, or explain a piece of legacy config. Burning the bridge does not help.
• Anticipate sabotage. It is rare but it happens. Before notice, change the Microsoft 365 Global Admin password to a new one only you know, confirm domain registrar access, and snapshot all documentation.

Red flags during transition

Watch for these during the 30-to-60-day window. If you see them, escalate.

• Documentation that existed last month has disappeared from the portal.
• Admin passwords get changed without notice.
• The incumbent delays credential handover past the contractual date.
• New invoices appear with unexpected charges for "offboarding" or "data extraction."
• Promised handover meetings get postponed indefinitely.
• Software licenses that were supposedly yours turn out to be registered under the incumbent's name.
• Monitoring agents stop reporting and reappear only after you escalate.

How Hexafusion handles onboarding from another provider

When we take on a client mid-relationship with another provider, we follow four principles:

• Documentation first. We do not touch production until we have a documented picture of it. That means a network diagram, an asset inventory, an access map, and a risk register.
• Parallel operation, no service gaps. Monitoring and backup do not go dark during the switch. We stand up ours alongside the incumbent's and compare before we cut over.
• We audit what we inherit and flag everything. Expired certificates, unsupported operating systems, local-admin privileges everywhere, backup jobs that have not run in months, MFA exceptions you did not know about. The audit becomes your remediation backlog, prioritized.
• Written onboarding report. At day 90, you get a report that documents what we found, what we fixed, what is still open, and what it will cost to close. That report is often the first real picture of the environment you have ever had.

Frequently Asked Questions

Reviewed by Alex Barari, Founder, former PCI DSS Internal Security Assessor (ISA).