GlossaryPlain definitions for owners and acquirers

Key-person IT risk.

Key-person IT risk is when the knowledge to run, change, or fix a company's critical software lives in one person's head, whether a founder, a lone developer, or an outside contractor. If that person leaves, gets sick, or falls out with you, the business is exposed. Nobody else can deploy a fix, explain how it works, or safely change it.

01 / What key-person IT risk is

It is a single point of failure made of a person, not a server.

The software your revenue, delivery, or compliance depends on has to be understood by someone. Key-person risk is when that someone is exactly one person, and it is not written down anywhere. They hold the passwords, the deployment steps, the reasons a thing was built a certain way, and the map of what breaks if you touch it. Roughly a third of lower-middle-market companies carry this risk, with critical system knowledge sitting in one person's head.

It hides in plain sight while things run smoothly. It becomes a crisis the day that person hands in notice, goes on leave, doubles their rate, or stops answering. The business does not stop needing the software. It stops being able to safely change it. That is technical debt in human form, and it is one of the first things a careful buyer looks for.

02 / Why acquirers price it into the deal

A business that only one person can run is worth less than one a team can run.

When someone buys a company, they are buying the ability to keep it running and to grow it. If the software only works because one irreplaceable person keeps it alive, the buyer is inheriting a risk they cannot easily transfer or insure, so they discount for it. Technology findings routinely adjust valuations by 3 to 12 percent of enterprise value in deals with 2 to 20 million dollars of revenue, and concentrated system knowledge is a frequent reason. It can also delay a close while the buyer builds a retention plan around the one person.

In diligenceHigh key-person riskReduced key-person risk
Who can deploy a fixOne named person, no backup.A documented process any competent engineer can follow.
How the system worksIn someone's head, undocumented.Written down in current, readable docs.
Access and ownershipHeld by a contractor or founder.Owned by the company: repo, infrastructure, and credentials.
Effect on the dealPrice cut or delayed close.Cleaner diligence and a faster path to signing.

03 / How to reduce it

Move the knowledge out of one head and into documents, ownership, and a team.

  1. 01

    Write it down.

    • Document how the system runs, deploys, and recovers, in language a new engineer can follow.
    • Capture the why behind key decisions, not only the how.
  2. 02

    Take real ownership.

    • Hold the repo, source code, infrastructure, and credentials in the company's name, not a contractor's.
    • Day-one ownership means anyone you hire can pick the work up.
  3. 03

    Put an accountable team behind it.

    • Have more than one person who understands and can change the software.
    • An accountable team, or a full handover from the current owner, removes the single point of failure.

If one person is the only one who understands your software, a software rescue maps it and hands it back documented, or tech due diligence quantifies the risk before a deal. See also how to take over software from a previous developer and start a conversation.

04 / What lower key-person risk looks like

  • More than one person can run, change, and fix the software
  • Current docs explain how it works and how to deploy it
  • The company, not a contractor, owns the repo and infrastructure
  • A departure is a handover, not a crisis

05 / Common questions

What is key-person IT risk in simple terms?

It is when the knowledge to run, change, or fix your critical software lives in one person's head, whether a founder, a lone developer, or a contractor. If they leave, get sick, or fall out with you, nobody else can safely deploy a fix or explain how the system works. The business keeps needing the software but loses the ability to change it. Writing things down and spreading the knowledge is what removes the risk.

How common is key-person IT risk?

It is very common in smaller companies. Roughly a third of lower-middle-market companies carry key-person IT risk, meaning critical system knowledge sits in one person's head with no backup and nothing written down. It often stays invisible while everything runs smoothly, then becomes a crisis the day that person hands in their notice or stops answering. Small teams are especially exposed because one hire or one contractor built everything.

Why do acquirers care about key-person risk?

A buyer is purchasing the ability to keep the business running and grow it. If the software only works because one irreplaceable person keeps it alive, that risk cannot be easily transferred or insured, so they discount for it. Technology findings routinely adjust valuations by 3 to 12 percent of enterprise value in deals with 2 to 20 million dollars of revenue, and concentrated knowledge is a frequent reason. It can also delay a close.

How do I reduce key-person IT risk before a sale?

Move the knowledge out of one head. Document how the system runs, deploys, and recovers in language a new engineer can follow. Put the repo, source code, and infrastructure in the company's name, not a contractor's. Then make sure more than one person can change the software. A software rescue maps an undocumented system and hands it back documented, and tech due diligence shows a buyer the risk is contained.

Is key-person risk the same as technical debt?

They are close relatives. Technical debt is the accumulated cost of shortcuts in the code itself. Key-person risk is the same problem in human form, knowledge that was never captured, so only one person can work with the system. Both make the software harder and riskier to change, and both show up as discounts or delays in a deal. Documentation and ownership reduce both at once.

Last updated June 2026 · Talk with Felipe

Your build

Taking on new builds

Have something in mind?

Tell us what you're making. We reply within a day with a fixed price and a date.