From backups to software licenses, here's a checklist for IT leaders at consolidation or acquisition time. Whether you're gaining an internal group or an external company, be prepared and be realistic.n Merger and acquisition activity stands to increase as global markets struggle to stay afloat during the worst economic slowdown in decades. What will you do when you find out you’re about to acquire or consolidate with another firm or division? Are you aware of the risks you may be inheriting? What data is going to demand the highest availability? What IT regulations will you have to address and how do you know if existing controls already address them? Below are 10 “data health” checks a CIO can conduct to answer these questions before giving a green light to a merger, acquisition or consolidation. Step One: Assess your dataFrom a data perspective, the first step needs to be an assessment of the independent data assets of each organization participating in the merger. If you do not know what data exists before the acquisition, gaining this understanding after combining the data, if it can be combined at all, will be extremely difficult. The task at hand will be simpler if both organizations practiced strong data governance. This is rarely the case though. Step Two: Plug the governance gapsAfter completing an honest assessment of where each organization stands in terms of data governance, the next step needs to be plugging the gaps. Work toward creating a definition of data that is not well understood or undocumented. Do not turn this into a long process; define what data you have and where it is stored. Consider using tools like data dictionaries and repositories and consult the subject matter experts (business users, programmers, data architects, etc.) at each organization for this information. Step Three: Leverage the M&A for governance improvementsUse the acquisition as a springboard for instituting new or stronger data governance policies and procedures. Lack of insight into important business data can be a strong motivational tool for implementing improved data management practices. Step Four: Plan for increased workload and capacityThe basic premise behind mergers is that the combined companies can conduct the same, or more, business more efficiently than two separate companies. Will you need more powerful hardware? Will the new combined business require more uptime, which translates to higher data availability? Existing hardware, transactions, applications, databases, and data maintenance processes may need to be overhauled to meet the new requirements. For mainframe shops, perhaps you can better utilize cheaper specialty engines like zIIP, zAAP, and IFL processors. And look into more efficient software and utilities for performance management, change control, and backup and recovery. Step Five: Evaluate backup and recovery plansA simple question, such as “Is everything backed up?” can be a crucial starting point. In the clamor of an acquisition, evaluating recoverability is often forgotten or ignored. The on-going health of those backups must be checked periodically. A systematic method of reviewing recovery health, include examination of backups, evaluation of IT hardware and software specification, and matching objectives to reality is helpful. Step Six: Determine your new exposure to IT regulationsIf the acquisition brings new types of business, even if it is related to your existing business, be sure to allot time and resources to examining and ensuring compliance with required IT regulations, such as PCI DSS, HIPAA and Sarbanes Oxley. Tools are available to help reduce the cost and complexity of compliance programs and processes, such as the Unified Compliance Framework (UCF), which provides spreadsheets broken down by individual areas of compliance.Step Seven: Implement a database auditing solutionBecause of the hectic nature of mergers and acquisitions, many last minute requests and requirements can fall through the cracks. A database auditing solution will routinely monitor data activity and keep an audit trail of users and changes in content. Additionally, database auditing can be used to keep an eye on your privileged users, such as DBAs and system administrators, who have unfettered access to critical data. Some can even track data access patterns to look for anomalous activity and raise alerts when it occurs. Step Eight: Plan personnel to cover combined systemsDuring most acquisitions, dual systems and applications need to be supported. Plan for the proper personnel and support to protect and manage all of the data while redundant systems are required. In other words, don’t pull the switch too soon on systems or personnel. Step Nine: Identify and eliminate the redundantInventory and eliminate redundant system software and utilities to reduce cost post-acquisition. For example, if the majority of your most functional applications use DB2 as the DBMS, but a few use a different DBMS, choosing a less functional application that uses DB2 instead may allow you to eliminate a costly DBMS license. However, such decisions need to be made in an informed, business manner and not simply with an eye toward reducing system software cost. Step Ten: Intelligently automate your data management solutionsThe more you can automate maintenance tasks, the fewer problems that may stall the integration of your systems. Using software to automate and conduct on-going health checks on your data and data management activities can improve the overall responsiveness of IT to business needs. The Bottom LineGetting a handle on all of the data in your post-acquisition organization requires time and effort. But it need not be fraught with risk. With proper planning, tools, and resources, along with realistic expectations, you can reduce the risk to your valuable business data. Craig Mullins works as a corporate technologist for Neon Enterprise Software in Houston, Texas. Read his blog at http://www.neonesoft.com/blog/blogs/cmullins. Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe