Carve-outs are rarely simple. They are major business changes completed under tight timelines, with high visibility and little room for errors. The biggest risk in a divestment carve-out is not the legal paperwork—it’s whether the carved-out business can operate on its own on Day One, safely and without disruption.
IT sits at the center of this work.
Below are five critical actions that help reduce risk, protect the deal timeline, and avoid surprise costs during an IT carve-out. Also see Questions in M&A: Common Challenges Explained
1. Define and Negotiate a Strong TSA Strategy
First, both sides of the deal must speak up for their needs—because the Transition Services Agreement (TSA) is often one of the most debated parts of a carve-out.
The key question is simple:
What IT support does the carved-out business need to run while separation work is still happening?
Key items to define early include:
a) End-user applications
These are the systems employees must use right away, such as:
- Point of Sale (POS)
- ERP
- HRIS / Payroll
- Finance systems
- Email and collaboration tools
- Line-of-business tools
- Manufacturing or process systems
Make sure the TSA clearly states system availability, support coverage, and service levels.
b) End-user infrastructure
Once the business is disconnected, access often changes. For example, teams must confirm:
- How will users log in?
- Will identity systems be shared for a short time?
- What network access will remain available?
- How will remote work continue (VPN, SD-WAN, etc.)?
These access details often create Day One issues if not planned early.
c) TSA pricing
Whenever possible, TSA pricing should be:
✅ Fixed fee
❌ Not open-ended (“per ticket,” “per user,” “per server,” etc.)
Carve-outs are already hard—unexpected support bills make them worse.
However, there is one reality: sellers often hold leverage.
- They want fewer services
- For the shortest time
- With the least disruption to their remaining business
Therefore, the buyer must build a strong business case tied to business continuity and risk reduction. A clear TSA protects both sides and prevents arguments later.
2. Ensure Day One IT Readiness (and Write Down the Workarounds)
Day One readiness is not just about systems being “up.” It means employees can do their jobs with minimal disruption the moment ownership transfers.
Key Day One questions include:
- What workarounds exist if systems fail?
- Are clear user instructions written and shared?
- Are support channels ready and staffed?
- Has the support plan been tested with real users?
- Have employees been trained on new tools, logins, and ways of working?
The best carve-outs treat Day One like a product launch—with practice runs, backup plans, and a command center model. All of this can be established through Initial Steps in Due Diligence for an Acquisition
In addition, document every critical Day One process. Carve-outs fail when knowledge is only in someone’s head.
3. Plan Vendor and Customer Access
Carve-outs don’t happen in a vacuum—vendors and customers are part of daily operations. After close, a common problem is that partners still try to use old access methods, old portals, or outdated email addresses.
This step should include:
- confirming how vendors will access systems after close
- updating supplier portals, invoicing, and payment routing
- updating shared mailboxes and approval flows
- confirming new ordering and delivery processes
Most importantly, ensure communication goes out early to vendors, suppliers, and customers explaining the new process. Otherwise, procurement and order processing can slow down immediately after close.
4. Strengthen Cybersecurity During Separation
Carve-outs create temporary gaps—and attackers look for gaps. During separation, access rights and ownership are changing, which increases cybersecurity risk.
Two actions should happen immediately:
a) Active Directory cleanup
Identity separation takes time and effort. Common issues include:
- old or unknown user accounts
- inherited group memberships
- too many admin rights
- access controls that no longer match the business
This is one of the most important steps to prevent future security incidents.
b) Reset administrator passwords
Any applications inherited from the seller should have admin credentials reset right away, including:
- application admin accounts
- service accounts (when possible)
- shared admin access paths
Moreover, control must transfer fully to the buyer. If admin access remains unclear, risk stays high.
5. Execute Infrastructure and Network Separation
Finally, infrastructure and network separation is where many carve-outs run into problems. Even if applications are working, users often struggle with connection issues.
Key actions include:
a) Reset admin credentials for inherited hardware
Reset credentials for any inherited devices, such as:
- firewalls
- switches
- routers
- wireless controllers
- endpoint management tools
This reduces the risk of ongoing seller access and removes confusion about ownership.
b) Test end-to-end connectivity
Connectivity must be tested for:
- office users
- remote users
- plant/site users
- vendor connections
- customer portals and integrations
- Test basic functionality including:
login/authentication
application access
printing/scanning
file shares/cloud storage
VPN and remote access
Even small issues—like DNS routing or certificate errors—can stop operations fast.
Final Thoughts
The best carve-outs treat IT separation as a deal-critical workstream—because it is.
By focusing on TSA strategy, Day One readiness, vendor and customer access, cybersecurity, and network separation, buyers and sellers reduce disruption and avoid costly surprises.
At DealTech Advisors, we view carve-outs as a clear transition from shared services to true independence—built with structure, urgency, and operational discipline.