You've Acquired a Company... Now What?
These days, the pace of organizational mergers and acquisitions is rapid. Once the ink has dried on the acquisition agreement, what steps are required to ensure a successful and secure IT transition? How does the acquiring company protect its existing and new assets, while ensuring the benefits of the acquisition are realized? Employees of both organizations will need to work together during the transition, while maintaining separate workflows. Ensuring appropriate separation of proprietary systems and data during the transition is paramount.
One of the first things to consider when developing a tactical IT infrastructure transition plan is understanding how the acquisition is structured. For example, is one company purchasing the other in whole? In part? Are two companies joining forces as equal partners? The acquisition structure will drive the level of planning and security required.
We see M&A deals falling into four broad categories with varying degrees of risk, IT infrastructure, and support requirements -- also depending on whether your perspective is that of the buyer or seller. For the most part, requirements will be driven by the buyer, but the seller will impose challenges to ensure they maintain an acceptable security posture.
- Complete company buyout with the purchased company retaining a standalone IT infrastructure -- doesn't require significant IT infrastructure planning, but comes with a high security risk to the parent company, which has no control of the purchased company's security posture
- Complete company buyout with IT infrastructure integrated into acquiring company's enterprise environment -- necessitates more IT infrastructure planning than a standalone environment, and represents lower security risk to parent company, because the new organization is integrated into the parent company's security posture
- Purchase of business unit (part of a company) with standalone IT infrastructure environment -- necessitates more IT infrastructure planning than a standalone environment and also carries a high security risk to the parent company, which has no control of purchased company's security posture
- Purchase of business unit (part of a company) with IT infrastructure integrated into acquiring company's enterprise environment -- requires extensive IT Infrastructure planning, but nets low security risk to the parent company
Determining how the acquired company's IT Infrastructure will be positioned in relation to the parent company is the first step in developing a transition plan. Once that determination is made, the next step is to identify the specific areas requiring transition plans. Among the most common are:
- Network and desktop security
- Shared locations
- Shared application transition
- Disaster recovery
- Remote access
- External-facing Internet presence
- Data centers
- IP addressing
- Call center
- Active Directory
- Software, licenses, and support services
Asking the Right Questions
To begin the planning process, a high-level overview should be developed for each area. For example, for telephony, will each company retain its DIDs or will staff from the acquired company eventually be given DIDs from the acquiring company's ranges? Will the DIDs be ported from the purchased company's voice platform? This question becomes infinitely more complex if the purchase is a "carve out," rather than a full buyout.
What happens to the main and toll-free numbers related to the purchased division? Presumably, the purchasing company will want rights to any published numbers related to the division it purchased. But if the main and toll-free numbers from the carve out division are part of a larger range belonging to the selling company, will the DID block be divided between the two companies? Is the selling company willing to break up a DID block? How will the losing carrier respond to porting individual numbers within a range? Will there be additional porting charges as a result? Which company is responsible for paying associated porting charges?
For shared geolocations (locations where both companies have existing office space), will both locations remain? If only one of the two locations will remain, what is the criteria for deciding which one? What happens to employees who live close to their current location, but far from the new one? Who is responsible for ensuring all services at the closed location are disconnected? If both companies remain, how do they create physical network, telephony, server room and security boundaries?
If each company has its own Active Directory forest, with connected applications such as Salesforce, decisions regarding how to integrate end users of both systems are required. If a company was acquired in part to obtain their customer base, how will application data be moved from the purchased company to the purchasing company? Or is it more efficient to maintain the data on the purchased company systems while maintaining the appropriate level of security between the data?
Once high-level decisions have been made and documented for each decision point, they must be fleshed out with fully formed project plans, budgets, resource assignments, and timelines, as well as coordinated as a whole, and tracked to completion.
These few examples from among a long list of critical transition items highlight the complexities of merging two organizations. At a minimum, a dedicated transition team must be solely focused on the transition without the distraction of day to day operational tasks. If your organization doesn't have skilled resources available to dedicate to transition planning, consider outsourcing to experts who can ensure a successful merger outcome.
"SCTC Perspectives" is written by members of the Society of Communications Technology Consultants, an international organization of independent information and communications technology professionals serving clients in all business sectors and government worldwide.