NIS2 is now in force: thousands of EU entities are in scope. If your M&A deal involves a regulated entity, compliance is part of the deal. Check your exposure
PMI Program Direction · Cyber Resilience & GRC for Executive Committees

Carve-outs, carve-ins, critical IT transformations: delivered without disruption.

Because a failed IT separation doesn't cost days of delay: it costs millions, extended TSAs and sometimes customers. I run the program, from signing to TSA exit, for executives, CIOs and investment funds.

Fouad Benjoudar, PMI Program Director
Fouad Benjoudar PMI Program Director | Carve-In/Out & Critical IT Transformations | Cyber Resilience & GRC for Executive Committees
SIGNING
IT and cyber due diligence
SCOPING
Separation plan, TSA
DAY 1
Continuity guaranteed
MIGRATION
IT, data, contracts
TSA EXIT
Autonomy and compliance
What I run

Program direction, from signing to TSA exit.

A single point of accountability who arbitrates between the fund, the target and the IT teams. Cybersecurity, business continuity and compliance are workstreams built into the program, not afterthoughts.

Carve-Out

Entity separation and divestiture

End-to-end IT separation: systems, data, contracts, identities and teams. Transitional Service Agreement (TSA), Day 1 milestones, documented reversibility. Reference: a 12,000-user carve-out across 30+ countries.

Carve-In · PMI

Post-merger integration

Integration of the acquired entity into your ecosystem: IT convergence, process harmonization, team synergies, program governance and board-level reporting.

Cybersecurity GRC

NIS2, DORA, ISO 27001 compliance

Governance, risk and compliance embedded in the program: NIS2 and DORA readiness, ISO 27001 certification support, Microsoft 365 security audits and corrective action plans.

Continuity · Crisis

Business continuity and crisis management

ISO 22301 continuity plans, cyber crisis exercises, operational resilience throughout the transition. Because an M&A deal is precisely when an attack costs the most.

Technical scope of the programs

What an IT separation actually involves.

Each workstream below is a full chapter of the separation or integration plan, with its own milestones, risks and dependencies.

Active Directory and identity separation

Directory split, identity migration, access and privilege management throughout the transition. The most sensitive workstream of any Day 1.

Microsoft 365 tenant-to-tenant migration

Email, Teams, SharePoint, OneDrive: tenant-to-tenant migration with no service interruption for users, and a hardened target environment.

TSA: Transitional Service Agreement

Scoping, perimeter negotiation, transition service monitoring and exit management. Every month of TSA avoided is a direct gain for the buyer.

IT and cyber due diligence

Before signing: mapping the target's systems, contracts and cyber risks, so that nothing that should have weighed on the price is discovered after closing.

Business applications and data

Separation or convergence of ERPs and business applications, data split, supplier contracts and licenses: the foundation of post-TSA autonomy.

Infrastructure, network and cloud

Network, datacenter and cloud environment split, with service continuity guaranteed for the full duration of the separation program.

Sound familiar?

If you're here, one of these scenarios speaks to you.

Or you dread the day it becomes yours.

The deal is signed, but no one is running the IT separation.

The lawyers did their job, so did the bankers. That leaves 200 applications, 40 supplier contracts and thousands of identities to separate. And no one whose actual job this is.

Your TSA clock is running, and every month of delay has a price.

The seller bills for transition services. The more the migration slips, the higher the invoice, and the further away your autonomy gets.

The integrator executes, but no one arbitrates.

Between the fund pushing for speed, the target resisting and IT raising flags, what's missing is a program director who decides, sequences and reports.

Compliance finds out about the deal after the fact.

NIS2, DORA, ISO 27001: if the acquired or divested entity is in scope, non-compliance becomes your problem on Day 1. Not six months later.

If you nodded at least once, we speak the same language.

What you're buying isn't project management. It's visibility on every milestone, control over every trade-off, and a board that never discovers a problem mid-meeting.


Let's talk about your deal
How I work

Four steps, zero surprises.

You always know where the program stands, what it costs and what comes next.

1

Qualification call (free, 30 min)

We qualify your deal: scope, timeline, TSA constraints, regulatory exposure. By the end of the call, you know whether I can help. So do I. No pitch, no pressure.

2

Scoping and IT/cyber due diligence

Mapping of systems, dependencies and risks. A costed, milestone-based separation or integration plan you can execute, even if you decide to hand it to someone else. A standalone engagement, quoted separately.

3

Milestone-driven delivery

Weekly governance, a single dashboard, documented trade-offs, controlled escalation. You track progress in real time: Day 1, migrations, TSA exit, compliance.

4

Handover and reversibility

Full documentation, knowledge transfer to your teams, reversibility plan. The program ends; your autonomy remains.

Your deliverables, your documentation, your dashboards: 100% your property, from day one. Transferable, with no hidden dependency.
Results

Programs that hit their milestones.

Anonymized references: my clients are under NDA, my results are not.

12,000
users migrated in a carve-out

IT separation for an international industrial group: 30+ countries, service continuity on Day 1, TSA exit on schedule.

30+
countries covered in a single program

Multi-timezone, multi-entity, multi-regulator coordination, with a single governance structure and weekly board reporting.

ISO 27001
engagements delivered through certification audit

Guiding SMEs and mid-caps to certification: gap analysis, corrective action plans, audit preparation and follow-up.

15+
years of program direction

Large groups, investment funds, listed real estate companies and software vendors, in France and worldwide. Always reporting directly to the board.

Free resource

Day 1 Checklist: the control points of an IT separation that holds.

Identities, email, access, contracts, communication: the checks to run before the first Monday morning when nothing is allowed to fail. PDF format, ready to use by your CIO or integration manager.

No spam. Your email is used only to send you the requested resource, and our communications if you ticked the box above.

What you may be thinking

The questions I get asked before signing.

The real ones. With real answers.

"We already have a major consulting firm on the deal."

Good: they produce the strategy and the slides. I run the execution. A senior program director working directly costs a fraction of a consulting team, and stays until TSA exit, not until the budget runs out.

"Our CIO can handle the separation internally."

Your CIO already has a job: keeping the IT running. A carve-out is a second full-time job, with political arbitration between seller, buyer and teams. I take on that second job so your CIO can keep the first.

"It's too early, the deal isn't signed yet."

This is exactly the right moment. IT and cyber due diligence before signing prevents discovering after closing what should have weighed on the price. The earlier I'm involved, the cheaper Day 1 gets.

"Cybersecurity can wait until after the transition."

An M&A deal is attackers' favorite moment: identities in motion, disorganized teams, blurred responsibilities. And if the entity is in NIS2 or DORA scope, compliance applies on Day 1, not after.

"What if things don't go as planned?"

A milestone-driven program makes slippage visible in weeks, not months. Every milestone is measurable, every trade-off documented, and you keep control: every deliverable is yours the moment it's produced.

"We'll end up dependent on an external consultant."

Knowledge transfer is a program milestone, not an option. Documentation, training for your teams, reversibility plan: the engagement succeeds when you no longer need me.

Your deal deserves program direction that measures up.

One 30-minute call and you know what's feasible, in what timeframe and under what conditions. In full transparency.

Book a qualification call

First call free, no commitment.

Not ready to talk yet? Download the Day 1 checklist