Five Keys to Ironclad Security in Your M&A Transactions



Similar documents
How a VDR Can Drive Better Fundraising Results. A Winning Edge: How a Virtual Data Room Can Drive Better Fundraising Results

DataSite: The Virtual Data Room from Merrill Corporation

Introduction to Merrill DataSite

An Introduction to Merrill DataSite

HomeConvenience.com. Creating Trust Online CASE STUDY. Comodo Identity and Trust Assurance Suite. Content Verification Certificate.

The Seven Critical M&A Transaction Mistakes and How to Avoid Them

White Paper. Driving Transaction Efficiency on Virtual Data Room Best Practices

Eliminate the Paper Chase

Secure access provided to sensitive documents - anytime, anywhere. Quick setup and easy administration of data room, documents and users

secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding

Application Security in the Software Development Lifecycle

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

Remote Control in Manufacturing

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Five keys to a more secure data environment

White Paper. Business Sale Series VIRTUAL DATA ROOMS: An Indispensable Due Diligence Tool

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

A European Company with International Spirit

Filestor Digital Asset Management. The way it works

The Information Assurance Process: Charting a Path Towards Compliance

Preemptive security solutions for healthcare

Getting a Secure Intranet

Virtual Data Room. From Deal Making to Due Diligence

INVESTRAN DATA EXCHANGE

10 Ways to Avoid Ethics Dangers in the Cloud

White Paper. Finding the Right Contract Management System. What are my options?

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

SANS Top 20 Critical Controls for Effective Cyber Defense

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

SIX STEPS TO SSL CERTIFICATE LIFECYCLE MANAGEMENT

PCI DSS COMPLIANCE DATA

How To Decide If You Should Move To The Cloud

Information Resources Security Guidelines

SeCUritY. Safeguarding information Within Documents and Devices. imagerunner ADVANCE Solutions. ADVANCE to Canon MFP security solutions.

Built with the leading Investment Banks, Law Firms, and Corporations. Our service is used by tens of thousands of professionals all over the world.

BEST PRACTICES IN WEB CONFERENCING SECURITY. A Spire Research Report April By Pete Lindstrom, Research Director. Sponsored By:

Virtual Data Room Security 2. Service 3. Simplicity 4. Speed 5. Cost Certainty

How To Protect Your Network From Attack From A Network Security Threat

Introduction. PCI DSS Overview

Cloud Computing Security Considerations

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

Box for Virtual Deal Rooms

Security Solutions. Protecting your data.

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Specific observations and recommendations that were discussed with campus management are presented in detail below.

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

HIPAA Privacy & Security White Paper

Comodo HackerGuardian PCI Approved Scanning Vendor Compliancy drives commerce: A reseller's Case Study - Merchant-Accounts.ca

How to Practice Safely in an era of Cybercrime and Privacy Fears

Bellevue University Cybersecurity Programs & Courses

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Hosted Testing and Grading

Proven LANDesk Solutions

ChangeIt Privacy Policy - Canada

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

X Series Application Note 43:

HIPAA HANDBOOK. Keeping your backup HIPAA-compliant

Best Practices for Protecting Laptop Data

White Paper FASTFILE / Page 1

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Windows Phone 8 Security Overview

An Oracle White Paper Dec Oracle Access Management Security Token Service

How-To Guide: Cyber Security. Content Provided by

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Document control for sensitive company information and large complex projects.

Profound Outdoors Privacy Policy

Privacy + Security + Integrity

ATS. The. The Staffing Agency s Guide to Buying an Applicant Tracking System

Secure communications via IdentaDefense

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Estate Agents Authority

BUSINESS ONLINE BANKING AGREEMENT

Adworks Local Area Marketing. The way it works

A Decision Maker s Guide to Securing an IT Infrastructure

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

M&T BANK CANADIAN PRIVACY POLICY

Autodesk Streamline Achieve maximum project visibility.

General Statement and Verification of Standards

WebEx Security Overview Security Documentation

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition

Table of Contents. Page 2/13

Redefining Security for the Modern Facility

How To Protect Your Credit Card Information From Being Stolen

Selecting a Secure Conferencing Solution

Unisys Internet Remote Support

10 Quick Tips to Mobile Security

DreamFactory Security Whitepaper Customer Information about Privacy and Security

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

IT Security. Securing Your Business Investments

Transcription:

White Paper Five Keys to Ironclad Security in Your M&A Transactions Keeping security front and center when using a virtual data room M E R R I L L D A T A S I T E TM

Contents The importance of data security 3 Navigating VDR choices 3 Key 1: Security-based business model 4 Key 2: Multi-layered data security 5 Key 3: Seller-based security controls 5 Key 4: Secure viewer and interface 6 Key 5: Security verification 6 Highest VDR security in the industry 7 A Merrill DataSite TM for your company 7

Ironclad Security in Your M&A Transactions Introduction Of all the critical elements that make up a successful deal, security is the one component that allows no room for error. The importance of data security M&A transactions are characterized by a series of complex, detailed activities that must be carefully orchestrated in order to achieve success. Sellers need to engage as many qualified buyers as possible to drive the best valuation for the deal. At the same time, they must prepare for a due diligence review. Large volumes of strategic information must be gathered and made available in a responsive, collaborative manner. A confidential due diligence environment must be established, and all of these activities need to be handled skillfully, so that the seller is ready to strike when market conditions are favorable. Inadequate levels of security can have disastrous consequences and companies need to ensure that their sensitive business information is well protected. The loss of confidential information can harm a company financially, damage its reputation and result in a lack of trust that disrupts the transaction. Of all the critical elements that make up a successful deal, security is the one component that allows no room for error. For years, the solution to this dilemma has been to set up a physical data room, monitored by a security staff, where investors spend hours, one group at a time, poring over the information. This process, although tedious, was a seller s best bet for addressing the need for document security while allowing potential investors to conduct due diligence. However, even the tightest physical security measures can fail. Documents can be misplaced, damaged or even hidden or stolen by unscrupulous individuals. Recently, technology, in the form of the online virtual data room (VDR), has emerged as a solution. Virtual data rooms or datasites take the concept of the physical data room and make the information available in a secure electronic environment. Professionally installed online security measures have proven more effective than physical measures, and in the past five years, VDR technology has become the norm in the M&A marketplace for transactions of all sizes. However, as with any technology, not all VDR solutions are alike. What is the best way to keep information safe and secure? What factors should be considered? You do not have to be an information technology specialist to make the right choice as long as you keep a few key requirements in mind as you re reviewing your options. Navigating VDR choices Some companies, unfamiliar with VDR or datasite technology, often cite security concerns as a main reason for not adopting a virtual data room. This may be because online security measures are harder to see and touch they are certainly less visible than security measures in the physical world. Virtual security, if professionally installed, is often far more effective than anything available in the physical world. Indeed, it is one of the main reasons for setting up the room in the first place. Just as home security involves looking at door locks, windows and alarm systems, M&A security requires an integrated approach. The following five keys to security must be in place for the highest level of data protection: 1. Security-based business model 2. Multi-layered data security 3. Seller-based security controls 4. Secure viewer and interface 5. Security verification 3

Key 1: Security-based business model Vendors that focus exclusively on M&A activities are security experts. They have security embedded throughout the development, deployment and termination of the datasite. Work with an expert VDR consulting team that knows the industry, its security needs and due diligence requirements. Security considerations must factor into the chain of custody of documents during the datasite set-up to ensure that the chain of custody is intact at all times. The VDR solution must provide a range of security and access choices during set-up, including flexible system tools and a responsive staff who can assist at any time if a security or control issue arises. Project managers should be available 24 hours a day to handle all aspects of setting up the VDR, including onsite deployment with prompt data uploading, applying desired access control and addressing vital security concerns. Data acquisition and setup considerations The documentation residing in the virtual data room must be protected from the start as it is highly sensitive and often strategic in nature. Security considerations must factor into the chain of custody of documents during the datasite setup. Some clients may choose to control the entire chain of custody themselves, using internal staff to scan and upload documents and administer the site. If this is the case, the user should look for the vendor that can provide comprehensive training and adequate levels of security. Other clients may rely on the vendor to scan and upload documents to the datasite. If this is the case, it is important to find out if the vendor outsources any aspects of the process, since doing so introduces a potential break in the chain of custody of information and thus a breach in security. The ideal solution is to choose a vendor that manages the entire process with its own staff and equipment. This is the best way to ensure that the chain of custody is intact at all times. The entire process of capturing paper or electronic documents, from the project management process to the actual server hosting of the client s documents, should all be handled by the vendor s staff, using the vendor s equipment. In addition to choosing how you want to manage the set up process, you can also choose how involved you want to be in managing the datasite once it is live. Some sellers rely on the VDR vendor to administer and maintain the site for them; others take a more hands-on approach in which they are given the necessary tools to handle much of the process themselves. In such cases, a VDR provider should have the flexibility to customize the level of control and administrative access to meet the seller s needs. However, the VDR provider must also be available at a moment s notice to step in and address security issues throughout the life of the datasite. For example, if you accidentally give document access to the wrong person or group of people, the VDR provider must be able to instantly step in, assess and interpret the data, and provide the client with a detailed report of which pages of documents were viewed, by whom, and then swiftly adjust the access controls to correct the situation. 4

Ironclad Security in Your M&A Transactions Key 2: Multi-layered data security Data security is at the heart of ensuring that the due diligence portion of an M&A transaction remains confidential. While the specific terminology can be technical, the two key concepts are simple: Multiple layers multiply the protection. Safeguarding data requires multiple layers of software and hardware protection around sensitive information. No single feature should be relied on as a defense against a breach of security. Page-level security. VDR providers must have the ability to audit users' current document-level rights in order to provide the highest level of protection possible. For the highest security levels possible, virtual data room security features should at least include the following: Strong username and password control to prevent unauthorized users from gaining access End-to-end encryption using Secure Sockets Layer (SSL) protocol Deterrence features, such as watermarking all documents on the computer screen to prevent photographing or printing of sensitive data When it s your data, you know best how it should be viewed and accessed. The best VDR solutions give the seller control over who can view and print information. Key 3: Seller-based security controls When it s your data, you know best how it should be viewed and accessed. That s why the best VDR solutions give the seller control over who can view and print information. Not only does this provide actionable information to help optimize deal-making, but it also ensures that only authorized parties are looking at your documents. Seller-based security controls allow you to set usage permissions based on job title, level or department; so, for example, the accounting team can only access the files they need to see. Even if an individual user has access to view certain documents, he or she may not be given permission to print, allowing for more specific, detailed control. Just as circumstances can change in an instant during the M&A process, usage permissions must have the flexibility to be changed as needed. For example, best-in-class VDRs provide real-time reporting regarding exactly who has viewed documents, when and for how long, as well as which documents have been printed, down to the page level. If it becomes apparent that a supposed suitor is simply trolling for competitive data, a VDR should allow for the swift disablement of that user's access. The VDR provider should allow you to: Control who is allowed to view data Control who is allowed to print data Assign users to groups with common access settings Terminate access for any user or group in real time Report exactly who is viewing what content, when and for how long in real time 5

Key 4: Secure viewer and interface Not all viewers are the same. Some require that you install additional software, some request that you deactivate ActiveX controls as a security measure and some allow users broad ability to download documents beyond the seller s control. The optimal solution: Offers not only the most secure viewer but one that is the most convenient to use. The optimal solution should not require installation or rely on plug-ins on the user s computer. Plug-ins create a security hassle since many companies restrict the download and installation of these types of programs by employees onto their desktops. Instead, choose a solution with a viewer based on a secure, no-installation-required, Java applet. Aggressively manages the downloading of data and prevents it from being stored on a user s computer after he or she logs off the virtual data room. Some VDR solutions recommend or suggest that bidders manually clear their computer cache, but this is unenforceable by the seller. For best security practices, choose a VDR solution that does not use viewer systems that allow the pages to be cached on a Web browser. Is fully encrypted from the Web site to the workstation. Once pages are closed or printed, the VDR viewer should clean up any traces they may have left on the desktop. Retrieves only one page at a time. This is called page-level viewing and limits the amount of data on a desktop at any given time for better security. International transactions demand an international standard. The highest internationally recognized review is the ISO 27001 certification, a stringent security standard. Key 5: Security verification Cross-border transactions demand international verification The growth within M&As is focused on international transactions, which demand the speed of closing the deal, access to more bidders and a streamlined buying experience offered by datasites. VDRs are a more efficient and cost-effective approach to making thousands of pages of data available to viewers over a wide variety of geographic and political borders. Yet, international privacy and security standards are higher, particularly for firms looking to do business in the European market. International transactions demand an international standard. The highest internationally recognized review is the ISO 27001 certification, a stringent security standard. This involves an initial analysis of security protocols and follow-up auditing and testing to ensure practices evolve to meet new threats. ISO 27001 certified VDR providers are also required to have an approved security plan in place that ensures data will be protected, data storage facilities are protected and VDR employees are background checked. Additional security verification measures Ensuring data security also requires that the VDR provider should continually test their system and have it reviewed by outside experts to provide objective verification of the system. Routine tests performed by a VDR provider must include monthly vulnerability scanning and penetration testing, or so-called ethical hacking. How secure are the VDR provider s solution and services? Don t simply take the VDR provider s word on their level of security demand certification by respected third parties to ensure peace of mind, and bear in mind that not all certifications are alike. 6

Ironclad Security in Your M&A Transactions Highest VDR security in the industry Merrill DataSite is the leading global provider of turnkey VDR solutions. We combine the industry s leading technology with highly secure technical and operational environments, and a professional staff dedicated to customer success. Merrill DataSite has hosted virtual data rooms for thousands of clients, representing transactions totaling trillions of dollars in asset value. Merrill DataSite is currently the only VDR provider in the industry to earn ISO 27001 certification, the most highly recognized security certification. Merrill DataSite is currently the only VDR provider in the industry to earn ISO 27001 certification, the most highly recognized security certification. Merrill DataSite ensures the security of client information by: Supplying dedicated project managers 24/7 to assist with security needs Offering turnkey options for complete service or do it yourself options for sellers who need to minimize exposure of sensitive documents Utilizing only in-house staff and equipment to ensure the chain of custody Providing layered security down to the page level for maximum security Tightly controlling access for viewing or printing information based on seller preferences Ensuring sensitive information is accessed one page at a time and leaves no trace on the bidder s computer after log-out Verifying security through ongoing testing and meeting the highest international standards for data security and data privacy A Merrill DataSite for your company With systems capable of getting the datasite up and running within two hours, setting up a Merrill DataSite for your company can be accomplished rapidly. Our team can scan, upload and organize thousands of pages of content from any source in 24 hours or less. We are ready to answer any questions you may have and make your M&A process as secure, efficient and successful as possible. To learn more about how Merrill DataSite can transform your next transaction, call your Merrill representative today or visit us at www.merrillcorp.com/datasite. 7

About Merrill DataSite Merrill DataSite is a comprehensive virtual data room (VDR) solution that accelerates the due diligence process by providing a secure online document repository for confidential time-sensitive documents. Merrill DataSite overcomes the many limitations of a traditional paper data room by enabling companies to maintain and share critical business information in a secure online environment, streamlining all stages of the document and communications process. Accessible via the Internet, Merrill DataSite dramatically reduces transaction time and expense by allowing prospective buyers to participate concurrently in the due diligence process. Merrill DataSite is designed for rapid deployment and can be up and running in two hours or less. Every aspect of the process, from document scanning to VDR hosting and project management is delivered by Merrill s multilingual staff, available 24 hours a day worldwide. Currently, Merrill DataSite is the industry s only ISO 27001 certified VDR solution, providing assurance that the most stringent security standards for business transactions are followed. As a leading provider of VDR solutions worldwide, Merrill DataSite has empowered more than 500,000 unique visitors to perform electronic due diligence on thousands of transactions totaling trillions of dollars in asset value. About Merrill Corporation Founded in 1968 and headquartered in St. Paul, Minn., Merrill Corporation is a leading provider of outsourcing solutions for complex business communication and information management. Merrill s services include document and data management, litigation support, branded communication programs, fulfillment, imaging and printing. Merrill s target markets include the legal, financial services, insurance and real estate industries. With more than 6,300 people in over 70 domestic and 15 international locations, Merrill empowers the communications of the world s leading companies. Merrill Corporation 225 Varick Street New York, NY 10014 866.399.3770 Corporate Headquarters One Merrill Circle St. Paul, MN 55108 800.688.4400 Offices in major cities throughout the world www.merrillcorp.com/datasite Merrill Communications LLC. All rights reserved. MD0108_1 M E R R I L L D A T A S I T E TM

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information