Field notes from M&A programs and cybersecurity GRC engagements: what actually works, written for executives, CIOs and investment funds.
Identities in motion, reorganized teams, hastily interconnected systems: an M&A deal is an ideal exposure window for an attacker. Why, and how to build cyber resilience into the program rather than catching…
Read the articleIn a cyber crisis, the binder does not answer the phone. What keeps an attacked organization standing is a trained crisis cell, clear roles and reflexes acquired through exercises. How to build…
Read the article6 to 18 months: that is the realistic duration of an ISO 27001 certification journey, from gap analysis to audit. The steps, the classic pitfalls (including paper compliance), and what happens after…
Read the articleApplicable since January 2025, the DORA regulation imposes a complete digital operational resilience framework on the financial sector: ICT risk management, incident notification, testing, third-party oversight. The essentials, without the jargon.
Read the articleIn a merger, a carve-out or an integration, the most fragile variable is neither technical nor legal: it is human. How to manage change when uncertainty is at its peak and your…
Read the articleAfter closing, the 100-day window sets the momentum of the whole integration. What to install, deliver and communicate during this period, and what can wait.
Read the articleReference studies have pointed for decades at a 70 to 90% failure rate of M&A deals to deliver the expected value. The cause is rarely the deal itself: it is the integration.…
Read the articleDay 1 is the first Monday morning when nothing is allowed to fail. Identities, email, access, payroll, communication: the control points to verify before, during and after the big day.
Read the articleBIA, BCP, DRP: three acronyms often confused, three distinct building blocks of the same edifice. What each one covers, how ISO 22301 ties them together, and why an untested plan is not…
Read the articleThe NIS2 directive is in force and covers thousands of entities across 18 sectors in the EU. Are you in scope? What are the obligations, the penalties, and where should you start?…
Read the articleA successful IT carve-out rests on a separation plan covering seven interdependent workstreams: identities, workplace, applications, infrastructure, contracts, cybersecurity and TSA governance. A workstream-by-workstream review.
Read the articleThe Transitional Service Agreement is the most underestimated contract of a carve-out. Well negotiated, it buys time. Poorly managed, it becomes an annuity for the seller. How to scope it, monitor it…
Read the article