When the Person Who Built Your System Walks Out the Door
It happens more often than you might think. A quality manager who spent two years building your ISO 9001 system hands in their notice. Or your WHS coordinator, who knows your ISO 45001 procedures inside out, takes a role elsewhere. Suddenly the business that worked hard to achieve ISO certification is staring at a very real problem: the person who knew everything about your management system is gone.
On this page
This is one of the most common and least talked about challenges in ISO certification. Businesses invest significant time and money getting certified, then find themselves vulnerable the moment a key person leaves. If you are in this situation right now, or you want to prepare before it happens, this guide will walk you through exactly what to do.
Why Staff Turnover Is a Genuine Risk to ISO Certification
ISO standards are built around systems, not individuals. But in practice, especially in small and medium businesses, the system often lives in one person's head. They know why a procedure was written a certain way. They know which records need to be kept and where they are stored. They manage the relationship with the certification body and remember when the surveillance audit is due.
When that person leaves, the system does not automatically transfer. What transfers is a folder of documents and, if you are lucky, a handover note. That gap between what is documented and what is actually known creates real risk for your next audit.
Under most ISO standards, including ISO 9001, ISO 14001, and ISO 45001, the organisation is required to demonstrate competence for roles that affect the performance of the management system. This is covered under Clause 7.2 in the High Level Structure used across modern ISO standards. If you cannot show that someone in your organisation is competent to manage the system, an auditor will raise that as a finding.
The good news is that this risk is entirely manageable if you take the right steps. Let us go through them.
Step One: Do Not Panic, But Do Act Quickly
The first thing to understand is that a staff departure does not automatically put your certification at risk. Certification bodies audit your system, not your org chart. What they care about is whether your management system is functioning, your records are maintained, and someone in the organisation understands their responsibilities.
That said, time matters. If your surveillance audit is coming up in the next few months and you have nobody who can speak to the system, that is a problem. So the moment you know a key person is leaving, start planning.
The most important immediate actions are:
- Identify what knowledge and responsibilities that person holds that are not fully documented
- Ask them to complete a thorough handover before they leave, including process walkthroughs, not just document handovers
- Contact your certification body to let them know about the change if it is significant, particularly if the person was named in your management system documentation
- Identify who will temporarily take on their responsibilities while you find a replacement
You do not need to have everything resolved before the person walks out. But you do need a plan in place.
Step Two: Conduct a Knowledge Gap Assessment
Once the dust settles, take stock of what you actually have versus what you need. A knowledge gap assessment does not need to be a complicated exercise. It can be as simple as going through your management system documentation and asking: does anyone currently in this business understand this well enough to explain it to an auditor?
Go through the core areas of your management system:
- Scope and context of the organisation
- Policies and objectives
- Risk and opportunity register
- Process documentation and procedures
- Internal audit schedule and records
- Corrective action and nonconformance records
- Management review records
- Legal and regulatory compliance obligations
- Supplier and contractor management
For each area, identify who in your current team has enough knowledge to manage it and speak to it during an audit. Where there are gaps, those are your priorities.
If you are managing an integrated management system across multiple standards, this exercise becomes even more important because the interdependencies between systems can be complex.
Step Three: Get the Documentation Right
One of the most common mistakes businesses make is treating ISO documentation as a one-time exercise done during the implementation phase. Good documentation should mean that any competent person can pick up the system and run it. If your procedures only make sense to the person who wrote them, they are not good procedures.
Use the staff departure as an opportunity to review and improve your documentation. Ask the departing employee to review key procedures and flag anything that is unclear, outdated, or missing. This is also a good time to make sure your master document register is current and accessible to the right people.
Specific documentation areas to check:
- Procedure documents: Are they written clearly enough for someone new to follow without guidance?
- Work instructions: Are they linked to the right procedures and stored where workers can find them?
- Forms and templates: Are they current versions and properly controlled?
- Audit records: Are previous internal audit reports and corrective actions filed and accessible?
- Certification body correspondence: Are previous audit reports, nonconformance responses, and contact details stored somewhere accessible?
If you use a digital quality management system or document management platform, make sure login credentials and access permissions are transferred. Losing access to your own system because the admin account belonged to a former employee is a surprisingly common problem.
Step Four: Notify Your Certification Body if Necessary
Most businesses are not sure whether they need to tell their certification body when a key staff member leaves. The answer depends on your specific situation, but as a general rule: if the person was named in your management system as the management representative, quality manager, or similar designated role, you should notify your certification body.
You are not obligated to notify them every time any staff member leaves. But if the change affects the governance of your management system, transparency is the right approach. Certification bodies generally appreciate being kept informed. It also gives you an opportunity to ask whether the change triggers any requirements on their end before the next audit.
Some certification body contracts or audit agreements specify that significant changes to the organisation must be reported. Check your certification agreement to understand your obligations.
Step Five: Assign Clear Interim Responsibility
While you are recruiting or training a replacement, someone needs to be accountable for the management system. This is not optional. ISO standards require that roles, responsibilities, and authorities are assigned and communicated. If nobody is formally responsible, your system is already drifting toward non-compliance.
The interim owner does not need to be an ISO expert. They need to be someone who:
- Has enough seniority to make decisions about the system
- Is willing to learn the basics quickly
- Will maintain the records and schedule that keeps the system running
- Knows when to ask for help
Document the interim appointment formally. Update your management system to reflect who is responsible. If you have an internal audit coming up, make sure the interim owner understands what is expected and is prepared to participate.
If your business does not have anyone internally who can take this on, even temporarily, this is exactly the situation where an external ISO consultant can add real value. A good consultant can step in to manage the system, prepare you for your next audit, and train your team while you recruit a permanent replacement. For guidance on how to select the best ISO consultant, take a look at our detailed guide on what to look for.
Step Six: Train Your Replacement Properly
When you bring someone new into the role, whether they are an internal promotion or an external hire, do not just hand them a folder of documents and wish them luck. ISO standards require that you demonstrate the competence of people in roles that affect the management system, and competence means more than just having a document to read.
A proper onboarding process for an ISO management role should include:
- A structured walkthrough of the management system, including its scope, key processes, and how they connect
- Review of the previous audit reports so they understand what has been raised in the past and what corrective actions were taken
- Familiarisation with the certification body, including who the assigned auditor is, when audits are scheduled, and what the audit process looks like
- Training on internal auditing if they will be responsible for managing or conducting internal audits
- Clear documentation of their role and responsibilities within the management system
Consider having them complete a formal training record that you can present to your next auditor as evidence of competence. This is particularly important if your new person has no prior ISO experience.
ISO 10015 provides useful guidance on quality management in training, and it is worth referencing when you are designing a training plan for someone stepping into a compliance or quality role.
Step Seven: Build Resilience Into Your System Going Forward
The real lesson from a staff departure is not just how to recover. It is how to make sure you are not this vulnerable again. Businesses that handle staff turnover well in the context of ISO certification are those that have distributed knowledge rather than concentrating it in one person.
Here are practical ways to build resilience into your management system:
- Cross-train at least two people in each key function of your management system. This does not mean everyone needs to be an ISO expert, but it does mean the system should not collapse if one person leaves.
- Use your internal audit program as a knowledge-sharing tool. When multiple people participate in internal audits, they build familiarity with the system and its requirements. Our guide on how to run ISO internal audits that actually find problems covers this in detail.
- Document decisions, not just outcomes. When a procedure is changed or a new risk is added to your register, record why. This context is what gets lost when a key person leaves.
- Build an ISO training matrix for your team so you always know who has been trained in what. This is a requirement under most ISO standards and also gives you a clear picture of where your knowledge gaps are. Our article on how to build an ISO training matrix for your team walks through the process step by step.
- Review your succession plan annually as part of your management review. Ask: if our quality manager left tomorrow, who would take over and what would they need?
What Auditors Actually Look For When Staff Have Changed
If you have had a significant staff change before your next audit, your auditor will almost certainly ask about it. They are not trying to catch you out. They want to confirm that the management system is still being actively managed and that the new person understands their responsibilities.
Typical questions or evidence requests might include:
- Who is currently responsible for the management system and what is their background?
- Can you show evidence of training or competence for the new person in this role?
- Have internal audits continued on schedule since the change?
- Has a management review been conducted since the change?
- Are corrective actions and nonconformances being actively managed?
If you can answer these questions with evidence, the staff change becomes a non-issue. If you cannot, you are likely looking at a finding. The formal requirements around competence in ISO are worth understanding in detail so you know exactly what evidence to prepare.
When to Bring in External Support
Not every business has the internal resources to manage an ISO system through a significant staff transition. If you are a small business, if the person who left was your only ISO-knowledgeable employee, or if your next audit is approaching quickly, there is no shame in getting external help.
An experienced ISO consultant can step in to assess the current state of your system, identify gaps, prepare your new person, and make sure you are audit-ready. This is a targeted, time-limited engagement, not a long-term dependency. Think of it as bringing in a specialist to stabilise the system while your internal capability catches up.
When comparing consultants for this kind of work, look for someone with direct auditing experience in your specific standard. They will know exactly what your certification body is looking for and can focus your preparation accordingly.
If you are not sure where to start, CertBetter can connect you with verified ISO consultants who specialise in exactly this kind of situation. You submit one form, receive up to three competing quotes from vetted providers, and can compare your options at no cost. It is a practical way to find the right support quickly when time is not on your side.
