Acquisition Information Security Assessment Policy

Acquisition IT security assessment policy to define the responsibilities and pre-conditions before migration

Free Download
bizzlibrary template file type image
.docx (0.02 MB)


The purpose of this example policy in Word, is to show you how to establish information security (IS) responsibilities regarding corporate acquisitions and define the minimum security requirements of an information security acquisition assessment. Feel free to download this document and edit it to your own situation.

Acquisition Information Security Assessment Policy acquisition assessments are conducted to reduce IT security risk to corporate networks, internal systems, and/or confidential information during and after acquisition. This kind of assessments take place to ensure that a company being acquired by another company does not only pose a security risk to corporate networks, internal systems, but also any confidential/sensitive information.

The example policy consists out of:

  1. Overview:  comprehensive view of the document
  2. Purpose:  goal of the document and policy
  3. Scope: what in includes and excludes
  4. Policy:  the details of the policy be implemented for each area of IT
    1. Requirements
      1. Hosts
      2. Networks
      3. Internet
      4. Remote Access
      5. Labs
  5. Policy Compliance: how the policy will be implemented and compliance is enforced.

Sample extract:
The process of integrating a newly acquired company can have a drastic impact on the security poster of either the parent company or the child company. The network and security infrastructure of both entities may vary greatly and the workforce of the new company may have a drastically different culture and tolerance to openness. The goal of the security acquisition assessment and integration process should include:

  • Assess the company’s security landscape, posture, and policies
  • Protect both {{company name}} and the acquired company from increased security risks
  • Educate acquired company about {{company name}} policies and standard
  • Adopt and implement {{company name}} Security Policies and Standards
  • Integrate acquired company
  • Continuous monitoring and auditing of the acquisition

The content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained this site constitutes a solicitation, recommendation, endorsement, or offer by Bizzlibrary or any third party service provider to buy or sell any securities or other financial instruments in this or in any other jurisdiction in which such solicitation or offer would be unlawful under the securities laws of such jurisdiction.


Catherin Obrien - DEU

Can I donate somewhere, it's very helpful what you did

Last modified

Our Latest Blog

Related keywords

Need help?

We are standing by to assist you. Please keep in mind we are not licensed attorneys and cannot address any legal related questions.