Mergers & Acquisitions
Part 1: Physical Security Considerations
Mergers and acquisitions (M&A) are complex transactions involving numerous financial, legal, and operational factors. The integration of assets, technology, and personnel requires physical security measures to safeguard both people and assets. The following security considerations will support a smooth transaction.
To start, a thorough security audit of the target company will identify vulnerabilities that could pose risks to the employees, assets, and business operations of the merged entity. Assessing the policies in place, employee training programs, guard services, surveillance cameras, alarm systems, access control mechanisms, fire safety systems, and available medical resources will paint a clear picture of the status of the company as well as identify potential business continuity concerns.
The post-merger integration of security infrastructures must be planned for to prevent disruptions that could negatively affect employee welfare and safety. It is imperative to draft common policies and to integrate existing security protocols, such as mass reporting platforms, camera and alarm technology, fire safety measures, and access control systems. Access to data centers, laboratory or fabrication facilities, or other sensitive areas is a function that must seamlessly work at every stage of the transaction. Employees not having access to their workspace will directly affect the bottom line. During the transition period, assets are more vulnerable due to the moving of locations and equipment, changing personnel, multiple security systems, numerous reporting channels, and evolving oversight procedures. The loss or damage of equipment or unauthorized access to sensitive spaces will impact productivity. A temporary surge of security measures should be considered to provide not only protection of assets but complete visibility to all parties. Commonly used measures are additional guards, camera systems, or GPS tags. This increase in security oversight will also mitigate the increased risk of insider threats as proactive security measures and communications with employees will address employee concerns.
Often overlooked are employee training and exercise programs. Changes to security policies, procedures, systems, and response plans must be communicated, understood, and rehearsed. Even though drills and exercises disrupt normal business activities, it is critical to conduct this training in the first 90 days post-merger to ensure collective understanding of the new security procedures.
After the transition is complete, the new security program should be periodically evaluated and adapted to continually evolve with the new organization. The review and revision process is integral to any program. A robust after action review (AAR) program is vital to the consistent improvement of the risk management program.
Physical security measures are often overlooked until there is a problem. With a little planning and preparation, adequate security resources can be allocated to preserve assets, protect value, and support a successful merger or acquisition.