The "Hit By A Bus" Test: How to Build an IT Department That Survives Without You

In many mid-sized companies, the IT department isn't a department—it's a person. Let's call him John.

John is a hero. He knows every password, he knows which server needs a "special kick" to restart, and he personally has the cell phone number of the internet provider. John is the "Hub," and the rest of your company are the "Spokes."

This is the Hub & Spoke Trap.

While having a hero feels safe, it is actually a massive liability. If John gets sick, quits, or (heaven forbid) gets hit by a bus, the wheel collapses. The business stops.

To turn IT from a liability into an asset, you need to move from "Hero Mode" to "System Mode." You do this by measuring and mitigating risk using the IT Independence Scorecard.

The Model: Hub & Spoke vs. The Independent System

The Hub & Spoke Model (High Risk): All knowledge, access, and authority flow through one individual. If the Hub is removed, the spokes (employees, systems, vendors) disconnect.

The Independent System (Low Risk): Processes, documentation, and access are distributed. The system runs the business; the people run the system.

The Tool: The IT Independence Scorecard

To fix the problem, we first have to measure it. We audit your organization across four critical dimensions: Employee, System, Location, and Vendor.

• A score of 1 means "Total Reliance on One Person" (Danger).
• A score of 5 means "Fully Documented & Redundant" (Safe).

1. The Employee Risk (Who has the keys?)

The Risk: "John has the only Global Admin account for Office 365. If he is locked out, we are all locked out."

The Mitigation:

• "Break Glass" Accounts: Create a master admin account with a complex password stored in a physical or digital safe that the owner/CEO can access in an emergency.
• Role-Based Access: Ensure at least two people have administrative privileges, or use a Managed Service Provider (MSP) as a backup admin.

2. The System Risk (Where is the knowledge?)

The Risk: "Only Sarah knows how to reboot the ERP system when it freezes. It's not written down; it's 'muscle memory.'"

The Mitigation:

• Standard Operating Procedures (SOPs): Every critical task (backups, onboarding, restarts) must be documented in a central knowledge base.
• The "Stranger Test": Could a qualified stranger read the SOP and perform the task without calling Sarah?

3. The Location Risk (Physical Dependencies)

The Risk: "The server room key is on Mike's keychain, and he's in the Bahamas." Or, "The backups are on a drive sitting on top of the server."

The Mitigation:

• Physical Access Control: Use keypad locks or lockboxes rather than individual keys.
• Cloud Redundancy: Ensure data is accessible securely from outside the physical office (Cloud migration strategy).

4. The Vendor Risk (Relationship Dependencies)

The Risk: "The ISP contract is in Dave's personal email, and the rep only talks to Dave."

The Mitigation:

• Institutional Accounts: All vendor accounts should be registered to generic emails (e.g., [email protected]), not personal ones.
• Vendor Inventory: Maintain a master list of all vendors, account numbers, and support contacts.

Step-by-Step: How to Build Your Independence

If you are an Owner, this protects your investment. If you are an IT Pro, this protects your sanity (and lets you take a real vacation).

Step 1: The "Bus Factor" Audit

Sit down and ask: "If I disappeared tomorrow for 30 days with zero contact, what would break?" List every system, password, and vendor relationship that relies solely on you.

Step 2: Implement a Password Manager

Stop storing passwords in browsers or spreadsheets. Move to an enterprise password manager (like 1Password or Keeper). This allows you to securely share access with owners or other team members without revealing the actual passwords.

Step 3: Write the "Golden Book" (SOPs)

Start with the top 5 most critical/frequent tasks. Document them step-by-step with screenshots.

• Example: "How to Onboard a New Employee"
• Example: "How to Restore a Deleted File"

Step 4: The "Buddy System" Cross-Training

If you have a team, assign a primary and secondary owner for every system.

• Primary: Manages the system day-to-day.
• Secondary: Is trained to handle emergencies and covers vacations.

Step 5: The "Unplugged Vacation" Test

This is the ultimate exam. The IT lead takes a week off without their laptop or work phone. If the business runs smoothly, you have achieved Independence. If the phone rings, you have identified a gap in your scorecard that needs fixing.

The Payoff

For the Business Owner: A business that isn't dependent on one person is a business that is more valuable and sellable. You have removed a massive liability from your balance sheet.

For the IT Professional: You stop being a firefighter and start being an architect. You gain the freedom to focus on high-value strategic work (and get promoted) because you aren't stuck resetting passwords.

Want to assess your risk right now? Join the Academy to get the assessment.