Case Studies
US 503B sterile outsourcing company seeks add-on acquisition
Our client was a US 503B sterile outsourcing company based in the Midwest seeking an add-on acquisition to expand manufacturing capacity and gain geographic advantages. The target was a global healthcare company seeking to divest from the 503B sterile outsourcing market.
IT & Cyber Diligence
After reviewing the target’s responses to our diligence requests and interviewing their operations and IT teams, it was clear that existing applications, infrastructure, and services would remain with the target’s parent company post-close. This meant that our client would have to immediately begin an integration project and would need a strong and clear TSA to give them the time and support needed from the target’s parent company.
We provided three deliverables:
A comprehensive IT Due Diligence report
An integration estimate that included opex changes and capex requirements with timelines
Detailed TSA recommendations to inform our client’s legal team
On an update call with our client’s deal team, we noticed inaccurate assumptions in the post-close commercial plan to immediately ship to customers. There were no shipping capabilities in the target’s ERP as they only delivered to local hospitals via courier. We provided an estimate for how long it would take to setup a shipping carrier, purchase shipping stations and materials, and for the target’s parent company to add shipping capability to their ERP for our client’s temporary use post-close. This postponement of profitability changed our client’s financial model, allowing them to negotiate a more favorable purchase price.
Leading US pharmaceuticals supplier acquires genetic biomarker testing laboratory
Our client was a pharmaceuticals supplier seeking acquisition of complementary businesses. The target was a small genetic testing laboratory that would become a sales channel for our client’s personalized medicine business.
IT & Cyber Diligence
The target only had ten employees and no internal IT staff. Given that our client could quickly mitigate security issues post-acquisition by replacing devices and migrating the target to their own IT services, we scaled our questionnaire down and focused on processes. This led us to an important discovery that wasn’t captured by others on the deal team: Their value proposition was largely based on a custom web application that builds treatment recommendations after genetic testing. This intellectual property was not legally owned by the target, so they were required to get a letter from the developer transferring ownership prior to deal close.
Digital Transformation
Post-acquisition, we secured the environment by replacing all devices and migrating to the parent’s IT services such as Microsoft 365 E5 and related security capabilities. We also ensured that our relationship with the developer of the custom web application remained strong to support changes and future integrations. Finally, we implemented our client’s ITSM and helpdesk processes to provide support and service levels they could not have afforded previously.
Second and third largest US suppliers of pharmaceutical raw materials and equipment merge
Our client was a US pharmaceuticals supplier seeking expanded market share through acquisition.
IT & Cyber Diligence
In our comprehensive report, we identified issues such as a lack of standard security controls and the risk of operating the business on a 90% customized ERP system maintained by a single internal developer. But we also discovered that within 12 months the combined companies could realize nearly $1.4M in annual IT budget savings due to application and service synergies. This potential savings far outweighed the estimated cost of remediating issues.
Digital Transformation
After the deal closed, the client engaged us to lead the first 100 days of integration activities including:
Performed detailed systems inventory and secured admin access
Engaged a security firm to perform a threat hunting exercise (assumed compromise)
Implemented standard security controls such as MFA for VPN and cloud services
Performed a risk assessment and created a security improvement roadmap
Migrated mailboxes and other data to the parent’s cloud services
Planned the migration of their ERP system to the parent’s ERP
Global leader in personalized medicine acquires US sterile compounding pharmacy
Our initial client was a US-based sterile compounding pharmacy whose founders were nearing retirement and seeking an exit. We later worked on behalf of the acquiring company to secure, integrate, and transform the business they had acquired.
Exit Readiness
With the goal of putting the seller’s best foot forward in the private equity marketplace, we helped prepare an IT overview for the investor presentation, responded to buyer due diligence requests, and represented our client on diligence calls. This led to the successful sale of the business and a secure retirement for its founders.
Digital Transformation
Working on behalf of the acquiring company, a global leader in personalized medicine, our mandate was to secure the newly acquired assets, integrate the business with parent to realize estimated synergies, and lead digital transformation projects. Expand these topics below to see the initiatives we successfully lead utilizing local IT, parent company IT, and various partners.
-
After a high-level risk assessment, we led the following security initiatives:
► Replaced aging firewalls with redundant NGFWs
► Implemented conditional access policies with MFA to protect identities
► Implemented the security controls available in Microsoft 365 E5 to prevent phishing, malicious links, and data loss
► Automated security awareness training, phishing simulations, and remediation
► Implemented a cloud recovery solution enabling full recovery of mission critical applications in the cloud within 24 hours
-
We successfully led the following integration projects:
► Connected local ERP databases to the parent company’s data warehouse and integrated Power BI reports for performance and KPI visibility by regional and global leadership
► Migrated HR processes like org chart, joiner, leaver, and performance management to parent’s HRIS
► Implemented ITSM and helpdesk processes
► Migrated Outlook, Teams, SharePoint, OneDrive, and Office data to parent company Microsoft 365 tenant to enable the full collaboration between companies
-
► Migrated locally hosted websites to SaaS CMS solutions reducing downtime and empowering the marketing team
► Migrated EOL CRM data to modern SaaS CRM and created reports so sales leaders could track activity
► Implemented marketing automation of the entire customer journey
► Migrated documents to OneDrive, Teams, and SharePoint resulting in increased availability and protection from data loss
Leading US pharmaceuticals supplier acquires branded pharmaceuticals manufacturer
Our client was a pharmaceuticals supplier seeking acquisition of complementary businesses. The target was a similarly sized manufacturer of branded pharmaceutical products.
Digital Transformation
Soon after their two-year earnout period ended, the acquired company faced a ransomware attack, and our client brought us in to manage the incident and improve the security posture of the company. Then we performed standard integration projects. Finally, we supported the combination of the two commercial teams by developing new order-to-cash processes and adding data integrations between the two ERP systems.
-
These services were performed as part of incident response to a ransomware attack (data exfiltration and encryption of data). Throughout the IR process we provided a nightly report to senior leaders and joined regular calls with the board of directors. Despite extensive data loss, the warehouse was shipping again within one week:
► Hired a security firm to advise during our IR effort and perform forensics
► Restored servers from off-site backup, analyzing each for IOC prior to bringing online
► Wiped all user devices and installed latest version of Windows plus patches
► Wiped configurations on security appliances, configured from scratch after latest firmware update
► Force-expired all user and service accounts and reset the Kerberos golden ticket
► Emergency migration of mailboxes and domain to our client’s email services because local Exchange server was unrecoverable
► Recovery of ERP data to an auditable level of GAAP integrity
► Search for PII in exfiltrated data
► Hired legal firm with cybersecurity expertise to craft notification of breach to relevant authorities, customers, and employees
► Developed comprehensive Incident Report, Lessons Learned document, and Security Improvement Roadmap
-
We created a security improvement roadmap and executed the top projects based on risk assessment:
► Implemented M365 E5 security protections such as conditional access (MFA), ATP anti-phishing, safe links, safe attachments, DLP, etc.
► Deployed EDR to all devices and servers
► Added daily air-gapped backup process for mission critical applications and data (this was last resort and in addition to their existing cloud-based backup service)
► Configured cloud-based backup device and service using security best practices recommended by the manufacturer
► Spread IT responsibilities from the single IT manager (overworked, stressed) to the multiple IT groups of the parent company
-
We successfully led the following standard integration projects:
► Connected local ERP databases to the parent company’s data warehouse and integrated Power BI reports for performance and KPI visibility by regional and global leadership
► Migrated HR processes like org chart, joiner, leaver, and performance management to parent’s HRIS
► Implemented ITSM and helpdesk processes
► Migrated Outlook, Teams, SharePoint, OneDrive, and Office data to parent company Microsoft 365 tenant to enable the full collaboration between companies
-
Client wanted to combine the two sales teams into one and offer customers a single point of contact and unified catalog of products. To support this, we performed the following services:
► Copied master data (customers, items) between ERP systems and created processes to keep records up to date using unified IDs
► Setup parent company ERP as the order flow starting point and automated the drop-ship process to the acquired company ERP with feedback for tracking information
► Created reconciliation processes and reports to ensure integrity
► Created unified inventory reports so sales team could see combined stock counts from both companies
Global leader in personalized medicine completes divestiture of contract manufacturing business in US
Our client was a global leader in personalized medicine seeking divestiture from their non-core contract manufacturing business in the US. The principal buyer was a PE firm seeking an add-on for one of their platform companies.
Exit Readiness
Because we previously worked with this client providing CIO services to the business being sold, we were a natural choice to respond to their buyer’s IT due diligence requests, represent the business on diligence interviews, and negotiate a clearly defined and reasonable transition services agreement.
The two biggest challenges for which we provided the most value for our client were: 1) Demonstrating to the buyer that a previous ransomware incident had been properly managed and that new security controls were implemented. 2) Ensuring our client wasn’t committing to an unending transition period and were only responsible for reasonable and specific carveout activities.
Digital Transformation
Post-acquisition, we lead the execution of the TSA on behalf of our client which included many carveout activities:
Splitting up ERP data and documents following strict definitions outlined in the agreement
Automating new order-to-cash workflows between our client and the carveout company
Setting up processes to provide stock visibility for inventory still owned by our client
Duplication of EDI services and modification of the ecommerce website
Migration of email mailboxes and other cloud data and documents
Duplicating and/or renegotiating IT contracts