The Handoff Checklist: What 100% Ownership of an Automation Should Include

Most automation "ownership" claims fall apart the moment you try to test them. Ask your vendor to leave for 30 days and see what breaks. If the answer is "everything," you don't own the automation. You're renting it with extra steps.

Real ownership is a transferable artifact list. Every account, credential, workflow file, and decision should live in a place you control, in a format you can read without the person who built it. Below is the handoff standard we use at Catalyst, and the one you should demand from anyone building automations for your business.

Accounts must be in your name, on your billing#

The first failure mode is silent: your consultant builds your automation on their OpenAI account, their Make.com workspace, their Airtable. It runs fine. Then they get hit by a bus, raise prices, or simply stop responding, and your operations stop with them.

Before anything is built, every SaaS account in the stack should be created under your company email, paid by your company card, with you as the owner-level admin. Your builder gets invited as a collaborator or admin. Not the other way around.

A practical list for a typical small business automation:

• LLM provider (OpenAI, Anthropic, Google): your account, your API keys, your billing
• Workflow platform (n8n, Make, Zapier): your workspace, your seat as owner
• Database or knowledge store (Airtable, Supabase, Notion): your workspace
• Vector database if applicable (Pinecone, Weaviate): your project
• Email, calendar, CRM integrations: your existing accounts, OAuth granted to the workflow
• Hosting if self-hosted (Render, Railway, a VPS): your account, your card

If your builder pushes back on this, that is the entire conversation. Either the accounts are yours from day one, or you do not have ownership.

Credentials live in a vault you control#

API keys, OAuth tokens, webhook secrets, database passwords. These should be stored in a password manager owned by your business: 1Password, Bitwarden, Dashlane, whatever you already use. Not in your builder's personal vault. Not in a shared Google Doc. Not in Slack DMs.

The handoff should include a single vault folder named after the project, containing every credential with these fields filled in: what service, what the key does, when it was created, when it expires (if applicable), and which workflow uses it. Rotate every credential the day the build is finished and again the day the consultant's engagement ends. Both rotations should be your job, with the documentation to do them yourself.

Workflow files exported and version-controlled#

This is where most handoffs quietly fail. The workflow runs in n8n or Make, but the only copy lives inside that platform's cloud. If your account gets locked, your workspace gets corrupted, or you want to move providers, you have nothing to recover from.

Your handoff should include exported JSON or YAML files for every workflow, committed to a Git repository (GitHub, GitLab, your choice) under your organization. Each export should be re-importable into a fresh workspace with documented steps. For each workflow, the repo should contain:

• The exported workflow file
• A README explaining what the workflow does, what triggers it, and what it outputs
• A list of every credential it references (by name, not value)
• A diagram or short loom showing the full path from trigger to result

If you ever need to migrate from n8n to Make, or from Zapier to something self-hosted, the workflow logic is portable. The platform is replaceable. That is what no vendor lock-in actually means.

Documentation written for the next person, not for you#

The person reading the documentation will not be you. It will be your operations lead in 18 months, or a new consultant you bring in, or you on a Tuesday morning when something broke and you have not looked at this system in six months.

Good handoff documentation has four parts:

A system overview of 1-2 pages. What this automation does in business terms. What inputs come in, what outputs go out, what humans are in the loop, and where the seams are.

A runbook for the three or four things that go wrong most often. "The Slack notification stopped firing" → check this, then this, then this. "The model is returning empty responses" → check API key, check rate limit, check prompt template. Written so a non-technical person can resolve 80% of incidents without calling anyone.

A change log of every modification since launch, with date, author, and reason. This is boring and feels like overhead until the first time someone asks why a prompt was changed and you can answer in 30 seconds.

A dependency map. Every external service this automation touches, what would break if it went down, and how much money you are spending on each per month.

If your documentation does not include all four, the engagement is not finished.

Training that ends with you running the system unassisted#

Documentation is not training. Training is the thing where your team operates the system while the builder watches and corrects them, not the other way around.

A proper training handoff has at least three sessions. The first is a walkthrough where the builder demos every workflow and your team takes notes. The second is reverse: your team operates the system, makes a small change, deploys it, and the builder only intervenes if something is about to break. The third happens two weeks later, after your team has lived with the system, and addresses the actual questions that came up in real use.

Record all three. Store the recordings in the same project folder as your documentation. The recordings often become more valuable than the docs because they show the system in motion.

A 30-day independence test#

The final piece of the handoff is a test, not a document. After the official handoff date, your builder goes silent for 30 days. No Slack, no email, no "quick questions." Your team runs the system, modifies it if needed, handles incidents, and pays the bills.

If you make it 30 days without needing the builder, you own the automation. If you don't, the handoff was incomplete and you need to identify exactly which artifact was missing: a credential you couldn't access, documentation that didn't cover the scenario, training that skipped a step. Then close that gap before declaring the engagement done.

This test is the only way to know the difference between ownership and dependency dressed up as ownership.

Common pitfalls#

A few patterns we see repeatedly when reviewing other people's handoffs:

• Credentials stored in the workflow platform's native secrets manager only, with no export. When you lose the platform, you lose the keys.
• Documentation written in the builder's Notion workspace. You can read it. You cannot edit it or take it with you.
• One "super admin" account shared between builder and client. Nobody can be removed without breaking access for both.
• No diagram of the system. Six months later, nobody remembers which workflow calls which.
• Training delivered as a single two-hour Zoom that everyone forgets within a week.

Each of these is fixable, but only if you catch them before the engagement closes out. Once your builder has moved on, getting them to retroactively produce documentation is a negotiation you will lose.

If you're scoping an automation project and want a handoff plan that actually transfers ownership instead of locking you in, see how we structure our engagements. Every Catalyst build ends with the artifact list above, in your accounts, with your team trained to run it.