top of page

M&A Due Diligence

Right sizing the security posture of your business

Cyber due diligence is now a key factor in closing a successful merger, investment, divestment or acquisition of a new business. Threats of cyber attack effect every business, however when you’re about to invest significant sums in a business a huge part of its value can be directly tied to it’s security posture, and the associated risk.

Policies and Standards

  • Policy Management

  • Generic Policies

  • Specific Policies


  • Organisation

  • Process

  • Third Parties


  • Risk Management

  • Organisational Process

  • Technology Process


  • Identity and Access

  • Network Security

  • Endpoint Security

  • Perimeter Security

  • Encryption & Key Management

  • Security Organization

  • Data/Information Security

Two sides to the cyber due diligence process:
When you’re buying

The target looks like a great deal, they’ve an innovative service, a successful sales team and a sensible approach to expenses, but when it comes to understanding cyber risk you need to look much deeper than the disclosures made during the initial sales process. You need to ensure that the business you’re investing in has a good level of cyber maturity and competency, without knowing this you could be investing into a business with huge inherent risks

When you’re selling

You need to ensure that your divestment has a right-sized security setup, if you aren’t sure then it’s almost certain that your buyer will find this out and at the last minute demand a significant change in the price.

We offer a front-to-back cyber assessment service – Information Security Maturity Assessment (ISMA), this provides you:
  • An organisation-wide view of your information security and privacy posture

  • Identify the gaps within the current environment that require immediate to long-term remediation efforts

  • A risk mitigation approach including technical, procedural and managed service options

  • Assist management to escalate identified potential risks or issues to the Executive or Board

  • Improve information security awareness across the organisations management

  • Indicative costs to implement recommendations

  • High/Medium/Low risk attributed to each finding

We utilize a guided Self-Assessment which will take around 3 weeks to conduct and involving multiple resources from both the end client and Performanta to gather all the required information. 

The assessment is performed utilizing interviews with key stakeholders and personell

Depending on the maturity of the organization, Performanta can review more than 160 separate security controls. Performanta will present each control, explain the rationale for it and assess the Client’s maturity against the control.

Where necessary, Performanta will request access to the evidence of the controls. This may include policies, contracts, reports, or process flows.

Performanta will utilise the information to provide a report, comprising:

  • An executive overview of the level of compliance and maturity of the company against industry standards

  • A technical section highlighting key areas that need to be actioned

  • A recommended plan to implement a Privacy Programme if required

bottom of page