• Mergers and Acquisitions

  • Mergers and Acquisitions present interesting challenges from an information security perspective. The integration of applications, resources, networks, systems, processes and procedure cane be overwhelming. If your organization's growth strategy is expansion by acquisition, we can help manage your information security integration process.

  • Risk Assessments

    Before the integration of networks systems, technologies, and users due to a merger or acquisition, risk assessments are a good place to start. Risk assessments can identify items that need to be addressed immediately, need compensating controls, and identity future problems that could occur before they happen.

    We perform risk assessments of technical controls, administrative controls, and compliance frameworks to provide you a better understanding and identification of any potential risks during the integration process.

  • Network Health Assessment

    Before a network can be merged or integrated as part of the merger and acquisition process, it needs to be assessed to determine what threats exist. This could mean reviewing previous penetration test results, performing a penetration test, and assessing the vulnerabilities that exist on the new network.

  • Contract Review

    Mergers and acquisition can result in contactual issues that might include:

    Duplicate contracts New contractual obligations Unfavorable contract terms Licensing issues New regulatory obligations

    As part of the integration process we aggregate and review all information security related contracts, requirements, and regulations that need to be integrated as part of the merger and acquisition process.

  • Technical Security Controls

    Merging networks also means that firewalls, intrusion prevention devices, endpoint protection, and email filtering. As part of the merger and acquisition process we review settings, rule sets, and configurations to determine an integration plan that provide the same over all protection for the acquired organization's network and systems.

    This could also mean adopting new technologies, additional licensing, tuning, and optimization of technical controls.

  • Account and Permissions Review

    Mergers and acquisitions means onboarding new employees and their associated accounts. This means setting up new account with the appropriate permissions and access. As part of this process we review the accounts on the technical controls, active directory, and external vendor accounts to determine levels of access and how to best integrate these accounts.

    This also helps identify any shadow IT services that might be in use that need to be addressed.

  • Vendor Management

    Acquiring and integrating and organization involves new vendors as part of the process. During the integration process we identify the vendors of the acquired organization and provide them in a form that outlines their services, products, contracts, and contact information so that you can better understand what actions to take from a vendor management perspective.