Due diligence for information security and data protection
What’s the problem?
Why is due diligence for information security and data protection required before an acquisition?
Information is universally accepted as one of the most valuable and important assets of any business. So, when an acquisition is contemplated, or is even already underway, it is essential to understand the way in which information is managed, processed, protected, and used in the company or asset being purchased.
In an M&A setting, this obligation extends beyond the role of the CISO and should be the responsibility of the CEO, COO, CIO and Legal Counsel.
An Oyster IMS M&A Information Risk Assessment will highlight any areas of risk or concern around the approach to data protection, information security and wider information governance.
By incorporating an Assessment into your due diligence regime you reduce the chances of inheriting an actual or possible information issue, such as a data breach, and increase the chances of a successful and accurately-priced transaction.
What areas are covered by an M&A Information Risk Assessment?
- Information Landscape
- Governance
- Policies
- Technology
- Data Privacy
- Training
- Data Backup & Business Continuity Planning
What is involved in the M&A Information Risk Assessment?
M&A Information Risk Assessments are carried out by specialist consultants who will perform the following activities:
- A high-level assessment based on a questionnaire response from the target company
- A business engagement to review the initial assessment and any fact-finding documents requested and provided in advance
- Follow-up on any amber or red flags identified during this process
Oyster IMS really know what they are doing
CHIEF TECHNOLOGY OFFICER
Oyster IMS really know what they are doing and talking about in this area and can get that across to a business audience. The reports are concise and measured and clearly articulate the risk impact of flagged issues.
