When a divestiture is signed, attention goes to the legal and financial sides. Yet it is the IT separation plan that decides the rest. Indeed, it determines whether Day 1 goes well, how long the TSA lasts, and therefore what the deal actually costs. Here are the seven workstreams this separation plan must cover, and how they depend on each other.
1. Identities and directories
This is the most sensitive workstream. First, it splits the directories (Active Directory, Entra ID). Then, it migrates the identities of the people in scope. Finally, it rebuilds access and privilege management in the new environment. Indeed, an identity that fails on Day 1 is an employee who cannot work. Thus, this workstream conditions almost all the others, starting with email and applications.
2. Workplace platform
Email, collaboration, documents: migrating the digital workplace must stay invisible to users. It covers notably Microsoft 365 tenant-to-tenant or Google Workspace. Moreover, it carries the endpoint switch with it: PCs, tablets, smartphones and their MDM re-enrollment. This is the most visible workstream. Thus, its success shapes how the whole deal is perceived internally.
3. Business applications and data
Every application shared with the seller’s group must be separated, replicated or replaced. The accompanying data segregation is precision work. Concretely, you identify what belongs to the divested entity. Then, you extract it without taking what stays with the seller. Finally, you document everything for the auditors.
4. Infrastructure, network and cloud
This workstream separates networks, datacenters and cloud environments. Above all, it guarantees service continuity throughout the transition. The temporary interconnections required by the TSA must stay secured and reversible. Indeed, each one is a door between two now-distinct companies.
5. Contracts and licenses
In a carve-out, one supplier contract in three raises questions. For example, a change-of-control clause or a non-transferable group license. Or again, pricing negotiated on volumes the divested entity will no longer reach. This workstream ideally starts before signing, during IT due diligence. Discovered afterwards, it comes at full price.
6. Cybersecurity and compliance
A carve-out opens a prime exposure window: identities in motion, reorganized teams, temporary environments. Thus, the cyber workstream hardens the new environment as it is built. Moreover, it addresses compliance (NIS2, DORA, ISO 27001) if the entity is in scope. Indeed, this compliance applies on Day 1, not six months later.
7. Governance and TSA exit
This is the workstream that holds all the others. It carries the governance cadence, a single dashboard and documented trade-offs between seller, buyer and teams. Moreover, it drives a service-by-service TSA exit. Indeed, every month of TSA avoided is a direct gain for the buyer.
The separation plan, a system of dependencies
A separation plan is not a task list. It is a system of dependencies. Identities condition the workplace. The workplace conditions the applications. Contracts condition the timeline. Finally, governance arbitrates the whole. That is exactly why a carve-out runs as a program.