Blog · Carve-Outs

IT separation is the critical path.

Carve-out IT separation is the longest, most expensive, and most schedule sensitive workstream in any divestiture. It sets the timeline for every other workstream, controls the TSA exit calendar, and produces the largest portion of stranded costs when handled badly. This playbook sits inside the broader carve-out advisory program and lays out the sequence, the dependencies, and the decisions that separate clean separations from the ones that drift into year three.

6
IT Layers
12-18
Months Typical
8 min
Read Time
2026
Last Updated
Section 01

The six layers of IT separation.

IT separation breaks cleanly into six layers, each with its own logic, lead time, and risk profile. Network and connectivity is the first. Identity and access management is the second. Endpoint and device management is the third. Email, collaboration, and productivity is the fourth. Applications, including ERP, CRM, and line of business systems, is the fifth. Data, including data warehouses, lakehouses, and analytics platforms, is the sixth. The layers separate in roughly that order, and each later layer depends on the earlier ones being stable.

Network is the foundation because almost nothing else works without it. Newco needs its own internet egress, its own VPN, its own carrier circuits to data centers, and its own routing. The seller will typically allow Newco to ride on the seller's network during the TSA, but the relationship is fragile and the seller will price extension fees aggressively. Network separation is rarely glamorous and almost always on the critical path.

Identity is the layer that determines whether Newco can operate as a distinct legal entity. Active Directory, Entra ID, Okta, and similar systems anchor every other access decision. The Newco tenant or domain must exist before email, endpoint, and application migration can complete. Identity work that starts late delays everything downstream. Identity work that starts early pays dividends across every other layer.

The remaining layers run in parallel once identity and network exist. Endpoint, email, applications, and data each have their own playbooks. Each one needs its own program lead, its own TSA scope, and its own exit milestone. The full Day One context is in carve-out Day One readiness.

Section 02

The lead time problem few buyers respect.

Carrier circuits take 60 to 120 days to install. Data center colocation contracts take 30 to 90 days to negotiate and provision. Cloud tenant separation, when contract terms allow it, takes weeks of planning and a defined cutover. Software license transfer or new license procurement can take 60 to 90 days. Hardware procurement, including endpoints, has lead times of 30 to 90 days depending on vendor and configuration. Every one of these clocks starts ticking from when the work is authorized, not from signing.

The signing to close window in most carve-outs is 60 to 120 days. The lead times above frequently exceed that window. Programs that begin IT separation at signing have already lost the calendar. The disciplined approach starts pre-signing diligence on the IT footprint, the contracts, and the carrier dependencies. Authorization to begin spending against the carve-out should be in place at signing so the long lead time items can be ordered immediately.

The lead time problem cascades. A network circuit that arrives late delays the data center cutover. The data center cutover delays the application migration. The application migration extends the TSA. The TSA extension produces extension fees that often exceed the entire IT separation budget. Each missed clock at the front of the program magnifies through every subsequent dependency.

The remedy is to map every long lead time item before signing and to start procurement the day signing closes. The buyer who does this well typically saves six to twelve months on the TSA timeline. The buyer who does this badly typically pays extension fees that exceed the original TSA cost. The extension fees article covers the structural cost of getting this wrong.

Section 03

Lift and shift, replace, or rebuild.

For each application and platform, the buyer faces a three way choice. Lift and shift moves the existing system to Newco infrastructure with minimal change. Replace swaps the system for a new platform appropriate to Newco's standalone scale. Rebuild creates a new instance of the same platform under Newco ownership with a fresh configuration. Each option has its own cost, risk, and timeline. The right choice varies by application, by Newco scale, by buyer strategy, and by the seller's willingness to support migration.

Lift and shift is the fastest path. It preserves the existing process, data, and configuration. It carries the highest hidden cost in seller dependencies, since the application often remains coupled to the seller's infrastructure long after the technical lift completes. It works well for line of business applications with low complexity and small user populations. It struggles with shared platforms like ERP, where the seller's instance contains both seller and Newco data.

Replace is the cleanest path. It produces a standalone Newco environment with no residual seller dependency. It carries the highest change cost in user training, process redesign, and data migration. It works well when Newco is materially smaller than the seller and the seller's enterprise systems are oversized for Newco's needs. It is the default choice for many PE backed Newcos where the operating playbook calls for a smaller, simpler technology stack.

Rebuild is the middle path. It preserves the platform but produces a fresh Newco instance. It works well for SaaS applications with clean data export. It struggles when the existing configuration is complex and rebuilding the configuration in a clean instance approaches the cost of replacement. Application by application choices accumulate into the program plan. The ERP specific path is detailed in carve-out ERP strategy.

Section 04

The TSA scope that holds the program.

The IT TSA covers every service Newco cannot stand up by close. Each service needs an explicit description, a pricing structure, a service level commitment, and an exit milestone. The seller's default TSA is usually written at a service catalog level that is too high for the buyer to operate against. The buyer needs application by application detail, environment by environment scope, and user by user counts. The seller will resist this detail. The detail is the leverage.

The pricing structure matters. Cost-plus a defined mark-up is the buyer friendly default. Fixed-fee pricing is acceptable when the buyer has confidence in the scope. Pass-through pricing for third-party costs requires audit rights. The seller's preferred structure, which is sometimes a flat monthly fee with vague scope, is the structure most likely to produce surprise charges and extension fees. The mark-up benchmarks are covered in TSA mark-up benchmarks.

The exit milestone framework drives the program. Each TSA service has a target exit date, a destination, and a Newco owner. The exit ramp is the schedule of service terminations as Newco capability comes online. The seller's program management office tracks the exit ramp. The buyer's TSA manager tracks it from the Newco side. Disagreements about exit readiness need a defined arbitration path. Without exit milestones, the TSA drifts.

Service levels for the IT TSA need to mirror the operating reality the seller delivers internally. The buyer should not accept service levels weaker than the seller's own steady state performance. Service credits should be meaningful enough to drive remediation. Termination rights for sustained breach should be explicit. The seller's standard TSA template usually has weak service levels by default. The buyer's job in negotiation is to fix them before signing.

Section 05

Where the work most often slips.

Identity is the most common slip point. The Newco tenant or domain takes longer to provision than buyers expect, particularly when the seller's identity system is heavily customized. Migration of users, groups, and conditional access policies often surfaces undocumented dependencies in seller scripts and applications. The right pattern is to stand up Newco identity early, run it in parallel with seller identity, and cut over user by user rather than in a single big bang.

Data is the second most common slip point. Newco's data lives across applications, warehouses, lakehouses, file shares, and analytics platforms. Extracting Newco data without contaminating it with seller data requires careful classification, lineage mapping, and reconciliation. The data migration almost always takes longer than the application migration that depends on it. Starting the data inventory in diligence is the only reliable defense.

Third-party software licenses are the third common slip point. Many enterprise agreements are tied to the seller's legal entity and do not transfer with Newco. New licenses require procurement, negotiation, and budget. The buyer who assumes licenses move with the application discovers the problem mid migration. The license inventory is part of the perimeter audit and belongs in diligence.

Cybersecurity controls are the fourth common slip point. The seller's perimeter does not extend to Newco. The buyer needs to build Newco's perimeter, identity boundary, endpoint posture, and monitoring stack on its own schedule. The cyber program runs alongside the IT separation and needs equivalent investment. The full picture is in carve-out cybersecurity for Day One.

Related Reading

More on carve-out IT.

Free Download

Get the buyer-side TSA Exit Playbook.

The 90-day governance, IT, finance, HR and procurement separation plan we run on live carve-outs. Get the playbook plus the bi-weekly Day One Letter — short, signal-heavy, buyer-side.

No spam. Unsubscribe in one click. · Read the overview first →

IT separation is the critical path.
Day One Readiness

IT separation is the schedule.

Fixed-fee proposal in 48 hours. Senior team on day one. The first conversation is always free.

White paper

The TSA Exit Playbook

Seven buyer-side moves to exit a Transition Services Agreement on time and below budget. The mark-up, the extension-fee curve, exit sequencing, and the 11-month calendar.

Read the playbook →
White paper

The IT Separation Playbook

Stand up standalone IT before the TSA meter and the seller's dependencies compound against you.

Read the playbook →
The Day One Letter

Get buyer-side TSA intelligence every two weeks

One tactic, one benchmark, or one pattern from a recent buyer-side engagement. Short. Signal heavy. Free.

Subscribe to The Day One Letter →