Blog · TSA Diligence

What IT diligence finds before the term sheet hardens.

TSA IT diligence is the deep dive into what the carved-out business actually runs on, how much of it depends on the seller, and how long the buyer will need to stand its own stack up. The IT diligence stream is the longest pole in most TSA diligence engagements because the application inventory drives separation cost, the dependency map drives exit timeline, and both feed the TSA cost model. The work sits inside the broader TSA due diligence practice and pairs with the standard QoE and operational diligence streams.

6
Diligence Layers
3 to 6 wk
Typical Window
8 min
Read Time
2026
Last Updated
Section 01

The application inventory. If it is not on the list, it is not in the budget.

The first layer of IT diligence is the application inventory. Every system the carved-out business depends on. ERP, CRM, HRIS, financial planning, data warehouse, BI, ITSM, identity, email, collaboration, file storage, network, security, monitoring. The inventory should run from the obvious flagship systems down to the small departmental tools that nobody documented but somebody depends on.

A working inventory captures more than the system name. Each line should carry the vendor, the version, the hosting model (on premise, cloud, SaaS), the criticality (Tier 1 through Tier 4), the user population, the data classification, the integrations, and the seller's ownership status (sole owner, shared with seller's other businesses, third-party SaaS with the seller as contract holder).

Most management presentations show 40 to 60 systems. The reality is usually 150 to 350 systems once the deep dive completes. The gap is shadow IT, departmental tools, and small SaaS contracts that the central IT function did not track. The buyer side advisor builds the full inventory through structured interviews with the business unit leads and exports from the seller's procurement and identity systems.

The inventory feeds the TSA catalog. Each Tier 1 and Tier 2 system needs an explicit catalog line. Tier 3 and Tier 4 systems can sometimes be grouped but should still be visible. The TSA that references "IT support" without naming systems is unenforceable. The work pairs with application portfolio rationalization.

Section 02

The dependency map. Where the seller's stack runs through the deal.

The second layer is the dependency map. Where each system sits on the seller's infrastructure, how it integrates with other systems the seller will keep, and what data flows cross the carve-out boundary. The dependency map drives both the TSA scope and the eventual exit complexity.

High dependency systems require longer TSAs. Where the carved-out ERP shares the same data warehouse as the seller's other businesses, the warehouse separation alone can drive a 12 to 18 month TSA. Where the carved-out CRM federates against the seller's identity provider, the identity migration becomes a Day One critical path item. Where the carved-out factories use shared MES platforms, the production continuity risk is significant.

The dependency map needs to specify the data flow direction, the volume, the frequency, and the recovery options if the link breaks. The diligence team should also flag dependencies that the seller treats as obvious but the buyer would have to recreate at considerable cost. Master data services, security event aggregation, network monitoring.

Dependencies that survive the TSA are the long-tail problems. Some integrations cannot be cut at TSA exit because the seller and the buyer continue to share customers, vendors, or geographies. The diligence map should flag these as candidates for permanent integration arrangements rather than time bound TSA services. The work pairs with the IT separation playbook.

Section 03

Identity, access, and security posture. Day One identity is the absolute starting point.

The third layer is identity and security posture. Diligence needs to verify how user accounts get authenticated, where access controls live, how privileged access is managed, and what security tooling protects the carved-out perimeter. Identity is the single most common Day One readiness gap.

The diligence team should specifically ask how the buyer's users will authenticate on Day One. Where the carved-out business federates against the seller's Active Directory or identity provider, the buyer needs either an identity migration plan for Day One or a TSA service that maintains identity through the transition. The seller's drafted TSA often includes identity as a line item without specifying the eventual migration path.

Endpoint management, MDM, EDR, and security monitoring also need explicit diligence treatment. The buyer needs to know whether the seller's tools follow the carved-out endpoints into Newco or whether the buyer needs to deploy its own tools at Day One. The cost difference between TSA maintained security tooling and buyer deployed security tooling can be material.

Compliance posture should also be diligenced. Where the carved-out business operates under regulatory regimes (SOX, GDPR, HIPAA, PCI), the diligence should verify how compliance evidence will be maintained during the TSA and how the buyer takes over compliance ownership at exit. The work pairs with the Day One cybersecurity playbook.

Section 04

Data ownership and migration. The hardest separation is data.

The fourth layer is data ownership and migration. Where does the carved-out business's data live? Who owns it contractually? How much of it is commingled with the seller's other business data? What format is it in? What licenses cover its use? These questions determine the data separation strategy and the cost of exit.

Commingled data is the worst case. Where the carved-out business's transactions sit in the seller's general ledger alongside the seller's other businesses, or where customer data sits in the seller's marketing platform without dimensional separation, the data extraction work at exit becomes a major project. Diligence should flag commingled data, estimate the extraction effort, and either negotiate the extraction work into the TSA or budget it as a separation cost.

Data licensing also deserves explicit diligence treatment. Where the seller licensed third-party data for use across multiple businesses, the buyer's right to continue using that data post TSA is not automatic. The diligence team should identify the major data licenses and verify the carved-out business's rights to continue use.

Historical data retention is the long tail. The carved-out business may need access to historical transaction records, customer records, employee records, and audit trails that span periods before Day One. The TSA should specify how the seller preserves and provides access to this data through the TSA period and beyond. The work pairs with the data migration strategy.

Section 05

Stand-up plan and capital cost. What it costs to leave.

The fifth layer is the buyer's stand-up plan. For each Tier 1 and Tier 2 system, the diligence team should produce a stand-up option (continue on seller infrastructure during TSA, migrate to buyer infrastructure during TSA, replace with new platform during TSA, replace post TSA) and an estimated cost.

The stand-up cost goes into the TSA cost model as one time separation cost. Typical ranges for a mid-market carve-out run $5M to $25M of IT separation cost. Larger carve-outs can run into nine figures depending on system complexity and replacement scope. The diligence team should produce the estimate at line item granularity so the deal team can see where the cost concentrates.

The stand-up plan also drives the realistic TSA duration. Where the buyer plans to migrate the carved-out ERP to a new platform, the TSA needs to last at least as long as the ERP project. Where the buyer plans to inherit the seller's existing ERP, the TSA can be shorter. The diligence team should align the TSA duration to the stand-up plan rather than to a generic 12 or 18 month default.

The buyer side advisor produces a recommended stand-up plan during diligence. The plan covers each Tier 1 and Tier 2 system with the recommended option, the estimated cost, the timeline, and the dependencies. The Newco IT leader uses the plan as the year one and year two IT roadmap. The work pairs with the application cutover planning.

Section 06

IT cost modeling. The TSA IT bill versus the standalone IT bill.

The sixth layer is IT cost modeling. The diligence team should produce two parallel cost views. The TSA IT bill, which captures what the buyer pays the seller during transition. The standalone IT bill, which captures what the buyer will pay once it is running its own stack post TSA. The gap between the two drives the budgeting and the value creation plan.

The TSA IT bill is usually higher than the seller's historical IT cost allocation. Cost-plus pricing adds mark-up. The seller often includes setup and exit transition fees that the historical numbers did not carry. Pass-through licenses are billed at the seller's enterprise rate during TSA but step up to standalone rate at exit.

The standalone IT bill is usually higher than the QoE adjusted IT cost. Loss of enterprise discounts on major vendor contracts. Loss of shared service economics. Need for incremental IT headcount that the seller's allocations did not include. The diligence team should explicitly identify where the standalone cost steps up and by how much.

The IT cost model feeds the broader TSA cost model. The buyer side advisor produces both during pre signing. The IT model gets reviewed by the deal team's IT diligence advisor (often a different specialist from the TSA advisor) and by the prospective Newco CIO before being locked in. The work pairs with the TSA cost modeling article.

Section 07

Run IT diligence with a TSA specialist. Pre signing leverage compounds.

TSA IT diligence is most effective when it runs in parallel with the operational and financial diligence streams during pre signing. The IT findings feed the TSA catalog, the cost model, the redline package, and the post close stand-up plan. Without the IT deep dive, the TSA gets signed with vague language and the buyer carries the discovery cost after Day One.

The engagement model is Fixed Fee or Portfolio Retainer. Fixed Fee covers a single deal with a focused 3 to 6 week diligence sprint. Portfolio Retainer covers PE platforms with consistent IT diligence methodology applied across multiple deals. The buyer side advisor scopes the work during deal intake and delivers a fixed-fee proposal within 48 hours of intake.

The team typically pairs a senior TSA specialist with one or two IT subject matter experts who run the system inventory, the dependency mapping, and the cost modeling. The deal team's investment professionals stay close so the IT findings get incorporated into the deal memo in real time rather than at the end of the diligence cycle.

The output is a TSA IT diligence report. Inventory, dependency map, stand-up plan, cost model, redline recommendations, Day One readiness gaps. The report becomes the operating playbook for Newco IT from signing through Day One and into the TSA period. The work pairs with the diligence timeline and team.

Related Reading

More on TSA diligence.

Free Download

Get the buyer-side TSA Exit Playbook.

The 90-day governance, IT, finance, HR and procurement separation plan we run on live carve-outs. Get the playbook plus the bi-weekly Day One Letter — short, signal-heavy, buyer-side.

No spam. Unsubscribe in one click. · Read the overview first →

What IT diligence finds before the term sheet hardens.
TSA Pre-Signing Review

Run IT diligence in parallel with the deal. Specialist work.

Fixed-fee proposal in 48 hours. Senior team on day one. The first conversation is always free.

White paper

The TSA Exit Playbook

Seven buyer-side moves to exit a Transition Services Agreement on time and below budget. The mark-up, the extension-fee curve, exit sequencing, and the 11-month calendar.

Read the playbook →
White paper

The IT Separation Playbook

Stand up standalone IT before the TSA meter and the seller's dependencies compound against you.

Read the playbook →
The Day One Letter

Get buyer-side TSA intelligence every two weeks

One tactic, one benchmark, or one pattern from a recent buyer-side engagement. Short. Signal heavy. Free.

Subscribe to The Day One Letter →