The Midmarket Faces Unique Challenges with Institutional Knowledge Management

Midmarket companies have unique IT infrastructure challenges that are difficult to overcome with a traditional approach to IT. Midsized companies are too large to use low-cost IT strategies that work for small business, but they don’t have the budget or resources of an enterprise. Careful planning and execution is critical for companies of this size to build and maintain a high-functioning IT environment.

For the purposes of this post, I’ll define the midmarket as organizations with between $10mm-100mm in revenue and/or between 75-500 employees. Organizations of this size often have an internal IT department with one or more full-time staff. The head of IT is usually a director-level technical resource or a non-technical CFO. If the IT head is technical, he usually reports to the CFO. Reporting to the IT head are usually one or more help-desk resource(s), a senior IT generalist, and possibly an ERP expert or DBA to support the line-of-business software used within the organization.

Institutional knowledge is a critical asset for ensuring reliable delivery of IT services. However, it’s often a nebulous thing, with each piece of information contained within the heads one or two individuals. The loss of an individual with a significant amount of institutional knowledge can have a major impact on IT service delivery, so poor management of institutional knowledge is a large risk to the organization.

In this post I’ll highlight challenges in management of institutional IT knowledge faced by midmarket organizations and some ways they can be overcome, through improvement in internal policies and procedures, or by outsourcing management of institutional IT knowledge to a third party.

Defining Institutional Knowledge in IT

Institutional knowledge is a record and understanding of how any why things are done. What is the process for bringing on a new hire? How are access-control-lists managed and audited? How are security rights assigned in network folders? How does the company audit backup jobs and test recovery? How does the company ensure former employees no longer have access to company resources? These are a few of the dozens of standard operating procedures (SOPs) that must be defined by the IT department.

Non-technical business leaders usually don’t give IT SOPs the same level of attention as core-business SOPs.  IT plays a supporting role and is not seen as deserving of the same level of attention as the profit-center. The only exception to this is when there is a critical service interruption and all attention is temporarily directed at IT. Problems uncovered when services are down are fixed in a reactive manner, which doesn’t allow for proper planning and yields mixed results. Companies that take this approach to IT lack a cohesive design, which usually means that some pieces of the IT infrastructure stack are overbuilt, while others are ill-conceived and may even pose a dangerous risk to the organization.

So how can a midsize company enhance its ability to deliver IT services reliably? First, it should improve its internal policies and procedures. Increasing the amount of internal attention given to IT will improve outcomes. Second, if the company is unable to improve IT service delivery internally, whether due to lack of knowledge or lack of time, it should outsource its IT functions, including institutional knowledge management to a third party. I will cover both of these approaches below.

Company Policies and Procedures for Improving Institutional Knowledge

Name an IT Business Leader

With IT becoming more embedded as a critical asset to the organization and the threats from cybercriminals becoming more targeted and sophisticated, business leaders must take responsibility for their IT infrastructure. Gone are the days where the CEO could leave IT to the geeks in the basement. News stories over the last few years have demonstrated that executive careers can be ruined by a highly publicized data breach.

In a midsize business, it’s critical that someone at the C-level know what’s going on in the IT department. If you have the budget to hire a CIO, by all means do so. If not, the CFO or COO should hire an experienced and trustworthy Director of IT whose job duties do not include desktop support. Good IT Directors should not be performing desktop support as part of their daily duties. If you hire one who is willing to do desktop support, you’ve probably hired a technician who will not provide the technology business leadership that a midsized business requires. A good CIO or IT director should be more business-minded than technology minded.

Create a Culture of Documentation

Document everything and create a culture of documentation. One mistake I see repeatedly is companies asking their IT resources to document their work only after they’ve given their 2-week notice. If someone has worked in your organization for 5 years, how much are they going to be able to document in 2 weeks, especially when their stake in the future well-being of the organization is no longer important? Create a company knowledge base and put some thought and effort into the organization of knowledge.

Once the KB is created, reward staff for meaningful contributions to the knowledge base. When repeatable tasks are documented, high-level work can be completed by junior staff, yielding increasingly meaningful returns-on-investment. Documentation also ensures consistency, which reduces the need for the reactive support required when things are done in an ad hoc manner.

Focus on Employee Retention in the IT Department

Because institutional knowledge is contained within the heads of employees, employees who stay longer have more of it and are able to contribute more to the organization. The same task may take five minutes for an experienced employee and two days for an inexperienced one. If the business has processes well documented, it can mitigate the risk of high employee turnover, but there is no substitute for loyal, long-term employees when it comes to productivity.

Make employee retention a priority. Is the IT department at your organization a fun place to work with opportunities to learn and grow or is the team treated as a necessary evil? IT skills are increasingly in demand and skilled professionals will find another place to work if they are treated poorly.

Outsource Subject-Matter-Expertise and Institutional Knowledge

If leadership team lacks the knowledge and ability to manage institutional IT knowledge internally, outsourcing should be considered. Although it may sound counterintuitive to outsource institutional knowledge, there are significant benefits to working with a third party IT provider to ensure long-term consistency in IT support and service delivery.

Managed Service Providers (MSPs) that serve the midmarket must operate like Enterprise IT Departments to be successful. Even a relatively small MSP supporting ten 200-person organizations is supporting 2000 users, the equivalent of a small enterprise organization. An MSP supporting this many users must operate as an enterprise IT department, with staffing, expertise, and process to match. This level of support is only available to midsized companies by outsourcing.

By partnering with an MSP serving the midmarket, firms can leverage the IT expertise of an enterprise IT department at a fraction of the price it would cost to build one internally.

Evaluating MSPs for Capability

So how do you know if the MSP you are hiring has the ability to support your infrastructure and manage institutional knowledge? Here are some questions to ask an MSP you are evaluating for service.

What systems do you use to manage customer institutional knowledge?

A good MSP will have a defined knowledge management system. At CNS, we maintain a Wiki and a database of system configuration information for each client we service.

The Wiki contains both general and client-specific SOPs, vendor-specific documentation and contact info, and descriptions of client infrastructure that any of our technicians or engineers can reference before working on a client network.

Our database contains information such as IP addresses, serial number, warranty status, and an audit trail for each piece of equipment under management. We’ve designed workflows around configuration information such as warranty expiration reminders. The warranty expiration workflow notifies us when a critical piece of equipment is about to lose warranty coverage. This enables us to be proactive about maintaining equipment, rather than being informed of a system’s lack of warranty during an outage.

Who is my primary point of contact?

A mature MSP will have well-define points of contact for different types of communication with customers. These points of contact should be communicated at the beginning of the relationship

At CNS, we have a service desk that intakes all service tickets. The desk is staffed by technicians and engineers dedicated to the role. The service desk is critical to ensuring we meet our service-level-agreements with our customers.

Higher-level strategy and infrastructure are directed to a dedicated Virtual CIO, a business-minded senior strategist who is separate from the day-to-day technical work. This level of separation allows for objectivity in analysis and design of technical solutions.

Our dedicated project manager is key to delivering IT projects on time and within budget. The project manager’s role should not be combined with reactive work or else the project delivery will suffer.

Finally, a non-technical account manager is the point of contact if there are service delivery problems.

It should be a red flag if a service provider has one point of contact for all these roles. One person cannot do a good job at reactive support and project management and will only focus on the challenge immediately in front of him. Make sure job roles are well defined when evaluating service providers.

How is employee retention?

MSPs, like enterprise IT departments, suffer when turnover gets too high. The learning curve for new employees at MSPs is several months, so if an MSP is turning over employees too frequently, it usually indicates poor morale or management. The outcome is lower quality knowledge management and service levels for the MSPs customers. Ask about employee retention during the vetting process to ensure the company is well managed and will be able to support you long-term.

How is your customer retention?

Best-in-class customer retention rates are 90% and above in the MSP industry. Ask about customer turnover and the reasons customers have left. If the customer retention rate is below 80%, you can be sure there are some issues around quality of service delivery. At CNS, our customer retention rate is 95% because we qualify our prospects well, we focus on high-quality service delivery, and we have a culture of trust and integrity.


Institutional knowledge is a critical asset for all organizations, regardless of size. As a company grows in size, the management of that institutional knowledge, especially in non-core areas of the business such as IT, becomes more challenging. By implementing some simple changes in internal policy, the midmarket company can protect itself from the loss of institutional knowledge when an individual leaves the company. If the organization does not have the internal resources to effectively manage institutional knowledge, outsourcing this task to a mature MSP can lead to a positive outcome.

How To Supplement Your Internal IT Team.

In an ideal world, technology would be a consistent source of competitive advantage and benefit for small and midsized businesses. The reality is that many fail to realize that confidence.

Without the right resources and support, even a highly skilled technology team can become overwhelmed by the growing list of technology management duties. When important tasks get neglected, it creates ripple effects throughout an organization that damage productivity and efficiency.

The co-managed IT services model solves these problems by providing your existing IT team with all the support and resources they need to successfully plan, manage, and defend your network technology.

This guide covers:

  • • Aligning technology with business goals
  • • Reducing churn while preserving institutional knowledge
  • • Empowering your staff to maximize productivity
  • • Achieving the highest level of cybersecurity defense

Download it for free by filling out the form here.