top of page

Due Diligence

Due diligence covers many areas of your business and it's often uncharted territory. Let us be your guide and we will provide you an insightful perspective on your business, as well as your industry, business partners, vendor / service providers, and prospective acquisitions and mergers. Armed with knowledge you can make informed decisions and plot your course to overcome challenges and reach the summit. 

Understanding your business and industry better: 

Don't most companies understand their own business? their strengths and weaknesses? and how they stack-up against competitors and the industry in general? Unfortunately, no. However, performing due diligence can give you the insight into your business and gain a competitive edge to become a leader in your industry. Leaders understand that compliance is the minimum so they aim for defense-in-depth security, measurable IT service management, and commit to continual process improvement. Leaders know how to prioritize their efforts and limited resources with innovative vision but with a strategic road map. CLEAR can help you with that. 

Understanding your business partners, vendors, and service providers better: 

How well do you know your partners and vendors who provide your business with products and services? Would it alarm you that they barely meet their compliance and contractual obligations? Would you even know if they were meeting their SLAs with you, without having an incident or issue to bring that to your attention? Do you know what security and contingency services your cloud provider actually includes? or did you assume they were already included with the basic package? We know firsthand as former CIOs and CISOs that, unfortunately, our trusted partners, vendors, and service providers often do not live up to their contractual and regulatory obligations and this usually goes unnoticed until an incident sheds light on it. Proactively reviewing and negotiating service agreements and conducting risk and compliance assessments on a regular basis provide the insight you need. Armed with knowledge, you will have the leverage to ensure that your business actually gets what it pays for and be able to compare & evaluate vendors and service providers accurately. 

Understanding the company you are acquiring or merging with better: 

As former CIOs and CISOs, we have seen the unfortunate outcome far too often when companies buy other companies without having all of the information they needed before sealing the deal. They engage lawyers and accountants to pour over the financial statements and contracts but fail to engage IT experts who know how to evaluate the target company's IT organization in terms of their IT Operations, IT management and staff, security posture, compliance status, and service management and business process management capabilities. Even if the purchasing company is strong in these areas, it becomes an unexpected and costly problem when it discovers the issues their acquisition was hiding. Financial statements, alone, don't reveal these issues.

In one example, we discovered that the acquired company was failing their PCI DSS compliance and validation requirements despite being a Level 2 merchant with over $500 Million in annual credit card revenue. They had not taken their PCI DSS obligations seriously for years, as their CFO completed the Self Assessment Questionnaire (SAQ) annually with "compliant" on each line although he did not know, with any certainty, whether the PCI DSS controls were actually being met. Unfortunately, we were engaged after the acquisition was completed so the acquiring company had to spend over $2 Million to remediate their compliance gaps. They had to segment the flat network and isolate the cardholder data environment (CDE), migrate the billing system from non-compliant systems, and implement the technical and logical controls in order for the acquired company to finally achieve PCI DSS compliance. That was an unexpected $2 Million project that the purchaser had to finance and ultimately explain to their investors.  

Avoid the unexpected and costly expenditure: 

Let CLEAR evaluate the company you are considering to buy or merge with before the sale is completed. We will evaluate their IT organization and operations and enumerate the risks for you. Armed with our reports, your lawyers and accountants can negotiate the sale price to accurately reflect the target company's true value or advise you when you should pass on the deal.

bottom of page