When the announcement of a company takeover hits the headlines, most of the attention focuses on the financial You forgot to provide an Email Address. This email address is already registered. You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address. By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent. By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. For the acquiring company to maximise the potential of the merger, it is essential that ownership and responsibility of the acquired company's data and systems are transferred securely.

Without careful planning and execution of the merger, customer dissatisfaction and loss of reputation are just one incorrectly addressed invoice away. Worse still, compliance and legal obligations can be breached.

A merger integration checklist can help both companies maintain the security of their information assets during and after the merger. Planning for security during the merger Planning for the transfer of personal and sensitive data should begin as soon as possible, with an individual at board level taking overall responsibility. If the acquired company has already mapped its assets, the acquiring company should still review and validate the findings, as the two organisations' risk ratings paradigms may be quite different.

The acquirer must also conduct a continuity impact assessment so any problems can be handled with the least amount of disruption possible. Learn how the Freedom of Information Act regulates data storage. Avoid fines related to the Data Protection Act while improving security posture. Information asset owners from both organisations can then work together to decide how best to manage the transferand how and when responsibility and accountability for the risks are to be formally transferred.

It may help if some staff from the acquired company are transferred early to the acquiring company to help with integration planning, as they will be familiar with their own in-house systems. This will help the organisation making the purchase better understand any particular technical risks that need to be addressed. A formal knowledge capture exercise to document specialised knowledge of departing employees of the acquired company is also helpful. When deciding which hardware to transfer, legacy and proprietary systems must be given special consideration.

Security tasks during the merger The acquiring company must ensure its infrastructure has the capacity and security controls to store and handle the newly acquired data before the transfer of any such data takes place.

corporate actions, list of events, types, stock split, tender offer

Data aggregation or accumulation issues may raise the level of risk, requiring additional protection. Data should be backed up prior to being moved and security markings such as asset tags and classification labels should be used during transfer so information and equipment are handled appropriately.

See the Corporate Mergers and Acquisitions Security Learning Guide for more expert advice on handling security during all stages of a merger or acquisition. The transfer process may create additional threats, which will require additional physical security measures. Wherever possible, try to avoid the use of removable media, particularly when transferring personal information. If it is necessary to use removable media, then ensure all records are encrypted.

The individual responsible for the data should handle it personally and not delegate the task of transferring it, keeping in mind the data transferred should be the minimum necessary to achieve the business purpose. Of course, business continuity and disaster recovery plans will need to be in place for all services being transferred.

Once the transfer is complete, there will be quite a task to integrate all the new assets into existing business continuity and disaster recovery plans.

The transfer of assets and services will likely lead to changes in the risk profile of the departments taking over responsibility, in which case a new risk assessment will be necessary. Most standards require a new risk assessment on accredited systems whenever there is a significant change, as new security measures may be required. Make sure there is time to make systems compliant if standards need to be met, keeping in mind there may be a need for reaccreditation.

If transferring personal information a Privacy Impact Assessment may also be required.

options - What typically happens to unvested stock during an acquisition? - Personal Finance & Money Stack Exchange

Attempting to move everything at once could result in some critical services failing altogether. It may be feasible that some less essential services can be temporarily discontinued or reduced until the transfer is completed. Another option is to run a parallel service until the transfer is complete.

Contracts and service-level agreements SLAs with third parties should be reviewed and transferred where they relate to equipment or software support. Policies covering remote working and external connections by third parties will also need to be checked to see if they are still appropriate. As a result of the acquisition, departments within the acquiring company, such as human resources, finance and customer support, may grow or shrink, and employees from both organisations will need support in dealing with changes to processes and working practices.

IT administration and support teams will need help coping with the increase in network users, and there could be a risk to data and equipment from disaffected staff.

Employee background checks on employees of the acquired company who are being given high-level privileges may be necessary. If the new data is more sensitive than the acquiring company is accustomed to handling, its overall security culture will need to be improved, with employees made aware of the need to adapt to potential new or different threats. Effective communication is crucial and key roles and responsibilities should be quickly established and communicated to staff.

Identify training requirements as soon as possible, such as learning new systems or procedures. Data transfer is not just about preventing and managing a compromise or interruption to services. You need to identify customers and stakeholders and understand their concerns. Michael Cobb, CISSP-ISSAP is a renowned security author with more than 15 years of experience in the IT industry. He is the founder and managing director of Stock option conversion merger acquisition Applications, a consultancy that provides data security services delivering ISO solutions.

He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Cobb serves as SearchSecurity. Tips for buying hyper-converged systems. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. GE CEO Jeffrey Immelt is stepping down after boldly paving the company's digital path. He stuck to his guns and CIOs should too. The digital workplace, including the CIO shop, is moving toward cross-functional collaboration, greater openness to outside For all the intense interest in AI investments, the ROI for AI is not well-understood.

Rather than make bad guesses, CIOs should At the Cloud Identity Summit, former covert CIA officer Valerie Plame discussed the increasing risks of nation-state Alvaka Networks' Kevin McDonald looks at the real-world damage caused by data leaks at the CIA and NSA, which have put dangerous The latest WikiLeaks release on CIA hacking tools includes the CherryBlossom project, which highlights router security issues, Arista has upgraded its spine-leaf architecture for service providers and huge data centers.

The update includes a new spine Ruckus Wireless expects to become a part of ARRIS in the first week of August. The new ARRIS-Ruckus will remain autonomous and This week, bloggers look into operational insight from network analytics, vulnerabilities in the wake of WannaCry and slow 25 GbE Buyers must know how to evaluate DCIM software to ensure it meets their requirements for asset tracking and management, power and There's an innovative concept behind the buzzword 'serverless.

Network, storage and server management can be overwhelming and time-consuming tasks. Evaluate automation techniques currency currency currency forex knowforex.info trade trade trading simplify IBM pulled the plug on its distribution of Hadoop in favor of reselling Hortonworks' bundle of big data technologies, a decision Moving relational data into Hadoop is not how to make money tibia slam dunk.

To avert programming complexities, a major Texas school turned to As companies collect customer data hero honda stock market other types of information from more and more sources, the master data management process All Rights Reserved, Copyright -TechTarget. News In Depth Blogs Opinion Videos Photo Stories Premium Content GUIDE TO GDPR. Enterprise software View All. IT in Europe and Middle East View All.

Information Management View All. IT in Asia-Pacific View All. IT skills View All. IT security View All. IT services View All. Please select a category. Managing security during acquisition: A merger integration checklist GPT.

Mergers and acquisitions - Wikipedia

This Article Covers Risk management RELATED TOPICS Antivirus Secure Coding and Application Programming Continuity Cloud security Data Breach Incident Management and Recovery Endpoint and NAC Protection. Share this item with your network: Sign in for existing members. Continue Reading This Article Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

Step 2 of Planning for the transfer of personal and sensitive data should begin as soon as possible, with an individual at board level taking overall responsibility. More on data regulations Learn how the Freedom of Information Act regulates data storage. Corporate Mergers and Acquisitions Security Learning Guide See the Corporate Mergers and Acquisitions Security Learning Guide for more expert advice on handling security during all stages of a merger or acquisition.

This was last published in November Read more on IT risk management All News In Depth Blog Posts Opinion Photo Stories Videos.

How information security professionals can help business understand cyber risk How to avoid being caught out by ransomware How to reduce the risk of social engineering attacks The rush to secure IT Load More View All In Depth. Putting the SEC into DEVOPS Forecasts for In praise of the Digital Catapult What's new in Cyber security?

Load More View All Blog Post. Rethink risk through the lens of antifragility Five steps for business after WannaCry cyber attack Security Think Tank: Business input will help keep security usable and cost effective Security Think Tank: Governance framework key to best security at lowest cost Load More View All Opinion.

An Indian perspective Survey roundup: Trends in IT security topics Load More View All Photo Stories.

Error (Forbidden)

Dai Davis discusses the significance of GDPR to CIOs IT Priority Study: Trends in APAC security Lancaster and Newcastle researchers tackle Met Police email challenge InfoSec Europe A look at IT security skills in the current climate Load More View All Videos. Add My Comment Register. Login Forgot your password? Submit your e-mail address below. We'll send you an email containing your password. Your password has been sent to: Please create a username to comment.

Latest TechTarget resources CIO Security Networking Data Center Data Management Search CIO Will GE stay on digital path following CEO's departure? The future of workplace structure: Cross-functional teams, AI impact The digital workplace, including the CIO shop, is moving toward cross-functional collaboration, greater openness to outside Measuring ROI for AI investments?

Put on your venture capitalist hat For all the intense interest in AI investments, the ROI for AI is not well-understood.

Search Security Valerie Plame warns of increased nation-state cyberattacks At the Cloud Identity Summit, former covert CIA officer Valerie Plame discussed the increasing risks of nation-state How intelligence data leaks caused collateral damage for infosec Alvaka Networks' Kevin McDonald looks at the real-world damage caused by data leaks at the CIA and NSA, which have put dangerous Router security issues highlighted by CIA's CherryBlossom project The latest WikiLeaks release on CIA hacking tools includes the CherryBlossom project, which highlights router security issues, Search Networking Arista pumps up its spine-leaf architecture for huge data centers Arista has upgraded its spine-leaf architecture for service providers and huge data centers.

ARRIS-Ruckus to 'double down' on service provider market Ruckus Wireless expects to become a part of ARRIS in the first week of August. Enterprises seek operational insight from network analytics This week, bloggers look into operational insight from network analytics, vulnerabilities in the wake of WannaCry and slow 25 GbE Search Data Center Evaluate DCIM software and its impact on the data center Buyers must know how to evaluate DCIM software to ensure it meets their requirements for asset tracking and management, power and Serverless architectures offer more than a catchy buzzword There's an innovative concept behind the buzzword 'serverless.

IT infrastructure automation lessens the load for data center teams Network, storage and server management can be overwhelming and time-consuming tasks. Search Data Management IBM bets on Hortonworks Hadoop platform as its big data engine IBM pulled the plug on its distribution of Hadoop in favor of reselling Hortonworks' bundle of big data technologies, a decision High-level tools help Hadoop data lake go to school Moving relational data into Hadoop is not a slam dunk.

Blooming of master data sources complicates customer MDM efforts As companies collect customer data and other types of information from more and more sources, the master data management process About Us Meet The Editors Contact Us Privacy Policy Our Use of Cookies Advertisers Business Partners Media Kit Corporate Site Contributors Reprints Archive Site Map Answers E-Products Events In Depth Guides Opinions Quizzes Photo Stories Tips Tutorials Videos Computer Weekly Topics.