
	Home Advisory & Audit ESG Advisory BRSR Reporting Sustainability and ESG Solutions ESG Reporting ESG Assurance in Audit Sustainable Supply Chain Management Sustainable Finance ESG Due Diligence Advisory Services Income Tax Notice Tax Litigation Tax Preparation Services Tax Optimization Corporate Tax Corporate Tax and Regulatory Compliance Corporate Tax Advisory Services Transfer Pricing in India TP Planning Documentation and assistance in Compliances Domestic Transfer Pricing Indian Accounting Standards International Tax Advisory Services International Tax Planning Audit Insurance broker audit Income Tax Audit Secretarial Audit in India NBFC Audit Internal Control Audit Internal Audit Co-Sourcing Internal Audit Insurance Audit Human Resource Audit Public Limited Audit Private Limited Audit Financial Statement Audit NGO Audit Advertising Audit Media Audit Cinema Audit Management Audit Virtual Audit Audit Services Global Audit Stock Audit Audit and Assurance Consulting Sustainability and ESG Solutions Manufacturing Consulting BFSI Consulting Employee Benefit Plans System and Organizational control reporting Accounting Advisory and Financial Reporting Dispute Advisory Global Expansion Advisory GST Advisory Services Investment Banking Advisory IPO Readiness Advisory Regulatory FEMA Advisory Foreign Exchange Regulations Inbound Investment under FEMA Outbound Investment under FEMA Establishment of Foreign Office in India Foreign Direct Investment under the Approval Route FEMA Compliance for Insurance Companies Compliance under FEMA ECB Compliance Advisory Compliances Insurance Broker Compliances Insurance Web Aggregator Compliances Payment Aggregator and Payment Gateway Compliances NBFC Account Aggregator Compliances NBFC Annual Compliance Funding in NBFC Appeal Against NBFC Registration Cancellation Financial Intelligence Unit India Central KYC Registry in India Money Changer Compliance MCA Compliance for Insurance Company IRDA Compliance for Insurance Company IBC Services Corporate Insolvency RBI Registration NBFC Business Plan RBI Regulatory Sandbox NBFC Due Diligence NBFC Debt Recovery Advisory NBFC Legal Support NBFC Registration NBFC Takeover NBFC Marketing NBFC Account Aggregator (AA) License Conversion Of NBFC Into Bank Peer to Peer Lending License Full Fledged Money Changers Prepaid Wallet License Payment Aggregator License Payment Bank License Microfinance Company Registration Small Finance Bank License Core Investment Company Asset Reconstruction Company Registration MTSS (Money Transfer Service Scheme) Credit Co-operative society Housing Finance Company Registration Housing Cooperative Society Registration SEBI Registration Registration of Mutual Fund with SEBI Alternative Investment Fund Registration Collective Investment Schemes Credit Rating Agency SEBI Registration Depository Participant SEBI Registration Foreign Portfolio Investor Registration Asset Management Company Registration Investment Advisors registration with SEBI Portfolio Manager Registration With SEBI Registrar and Share Transfer Agent Registration Registration of Underwriters with SEBI Venture Capital Company Registration Merchant Bankers License in India IRDA Registration Insurance Web Aggregator Legal Support ISNP Certification IRDAI Regulatory Sandbox Insurance Web Aggregator License Insurance Broker License Insurance Marketing Firm Licence Insurance Surveyors and Loss Assessors Licence Internal Control and Organisation SOPs Third Party Administrator Licence Corporate Agency Licence IRDA Insurance License Outsourcing VFCO Services Estate Planning Enterprise and Strategic Risk Management Services Wealth Management Services For Non Executive Directors Leadership Management Revenue Recognition Cash Flow Management Compensation and Benefits Virtual CFO for NBFC CFO Support Services Virtual CFO Services Financial Process Outsourcing Finance And Accounting Outsourcing Legal Process Outsourcing Human Resource Outsourcing Financial Reporting IFRS Reporting Strategic Planning Services Company About Us Our Team Career Contact Us Knowledge Bank Calculators GST Calculator Tax Calculator TDS Calculator Calculate Net Profit Calculate Net Worth Effective Capital HRA NSC EMI Auto Loan Calculator Home Loan Calculator Get No. Of Installment RERA Calculator Developers Calculator Home Buyer Delay Interest Home Buyer Refund Bulletins RBI SEBI Notification Circular Income Tax Service Tax Central Sales Tax Excise Matters Customs Company Law Labour Laws FEMA The LLP Act 2008 Accounting Standard (INDAS) Others GST VAT Delhi VAT Maharastra VAT Gujarat VAT Telangana VAT Tamil Nadu VAT IGST UTGST Compensation Cess IBC Regulation Utilities Rates of TDS TDS Rates for N.R.I us 195 Rates of Income Tax Depreciation Rates Companies Act Depreciation Rates Income Tax Act ROC Filing Fees (Cos Act, 2013) ROC Fee Structure (Cos Act, 2013) Cost Inflation Index IFSC Codes MICR Codes Rates of NSC Interest Gold and Silver Rates Rates of Stamp Duty LLP Fees National Industries Classification HSN Rate List Deduction u/s 80TTA Vs 80TTB Links Quick Links Important Links GST/VAT Links Ease Of Doing Business Acts Direct Tax Income Tax Act Wealth Tax Act Income Declaration Scheme 2016 Direct Tax Vivad Se Vishwas Scheme Indirect Tax Service Tax(Finance Act, 1994) Central Sales Tax Act, 1956 The Central Excise Act, 1944 Customs Act, 1962 Entry Tax Act Corporate Laws Companies Act, 2013 Companies Act, 1956 LLP ACT SEBI Act, 1992 Company Secretaries Act, 1980 VAT Laws Delhi Value Added Tax Act, 2004 MVAT Act, 2002 West Bengal VAT Act, 2003 Tamilnadu VAT ACT, 2006 Karnataka Value Added Tax Act, 2003 Gujarat Value Added Tax Act, 2003 UP VAT Act, 2008 Rajasthan Value Added Tax Act, 2003 Punjab Value Added Tax Act Haryana Value Added Tax Act Telangana VAT Act 2005 Andhra Pradesh VAT Act, 2005 Bihar Value Added Tax Act, 2005 Other Statutes ESI Act, 1948 PF Act, 1952 Profession Tax Act The Indian Partnership Act, 1932 Societies Registration Act, 1860 Competition Act, 2002 Reserve Bank of India Act, 1934 MRTP Act, 1969 Equalisation Levy Act, 2016 Right To Information Act, 2005 FEMA, 1999 Maharashtra RERA RERA, 2016 Insolvency & Bankruptcy Code, 2016 Benami Property Act 1988 GST Laws IGST Act , 2017 CGST Tax Act, 2017 UTGST Act, 2017 GST (Compensation to States) Act Rules Direct Tax Rules Income Tax Rules Wealth Tax Rules 1957 Income Declaration Scheme Rules 2016 Indirect Tax Rules GST Valuation Rules , 2016 Service Tax Rules CST (Delhi) Rules, 2005 CST (Maharashtra) Rules Customs Valuation Rules Cenvat Credit Rules, 2017 Entry Tax Rules Corporate Laws Rules Companies Rules, 2014 LLP Rules, 2009 LLP Winding up Rules, 2012 Cos Unpaid Dividend Rules, 1978 VAT Laws Rules Delhi VAT Rules, 2005 Maharashtra VAT Rules, 2005 West Bengal VAT Rules, 2005 Tamilnadu VAT Rules, 2007 Karnataka VAT Rules, 2005 Gujarat VAT Rules, 2006 Uttar Pradesh VAT Rules, 2008 Rajasthan VAT Rules, 2006 Punjab VAT Rules Haryana VAT Rules, 2003 Telangana VAT Rules 2005 Andhra Pradesh VAT Rules, 2005 Bihar Value Added Tax Rules, 2005 Other Statutes Profession Tax Rules NBFC Deposits Directions, 1998 NBFC & Misc NBC (Advt) Rules, 1977 NBFC Auditor Report Directions, 2008 Delhi Labour Welfare Fund Rules, 1997 Cost records and audit Rules, 2014 Baggage Rules, 2016 Equalisation Levy Rules, 2016 NCLT And NCLAT Rules Insolvency & Bankruptcy Rules Benami Property Rules, 2016 GST Rules CGST Rules, 2017 IGST Rules 2017 Forms Income Tax Forms ROC Forms (Cos Act, 2013) ROC Forms (Cos Act, 1956) Income Declaration Forms Wealth Tax Forms Service Tax Forms Companies Unpaid Dividend Forms NBFCs Forms LLP Winding up FEMA Forms LLP Forms CGST Forms GST Forms Accounts and Records Advance Ruling Appeals and Revision Assessment and Audit Composition Demands and Recovery Input Tax Credit Inspection, Search and Seizure Offences and Penalties Payment of Tax Refund Registration Returns Transitional Provisions Value of Supply Careers

Cybersecurity Due Diligence

In a merger and acquisition process, one of the crucial steps to carry out is the due diligence exercise. A private acquisition is a transaction where a company acquires another company. The acquiring company is called the buyer. The company that is acquired is called the target company. The target company will typically be a subsidiary of the seller company. The buyer needs to conduct Cybersecurity-Due-Diligence on the target company. This will also include carrying of due diligence on the data privacy of the target company.

Cybersecurity-Due-Diligence is a subset of the due diligence that has to be carried out by the buyer. It is crucial to carry out Cybersecurity-due-diligence to avoid any form of mishaps in the organization.

Package inclusions:

Cybersecurity-Due-Diligence Services.
Procedure for carrying out due diligence services.
Legal framework for the above services.
Complete report on due diligence services.
Monitoring Future performance and framework related to IT systems in a company.

What is Cybersecurity-Due-Diligence?

Cybersecurity-Due-Diligence is considered as a process of investigating a target company for any cybersecurity and data privacy concerns. This process is conducted to find out if there are any form of cybersecurity related threats in an organization.

Why is Cybersecurity-Due-Diligence carried out?

Cybersecurity-Due-Diligence services are carried out for the following reasons:

This is carried out to analyze vulnerable cybersecurity-related threats by using mechanisms such as penetration testing methods.
Due diligence would save time and expense for the buyer.
Due diligence is carried out to understand the complexities of the target company. If there are any potential threats present in a target company, this can only be understood by carrying out a due diligence exercise.
The due diligence process for an organization is crucial, as it determines whether the purchase is viable or not.
Due diligence is required to be conducted for the target company to understand information and security protocols followed by the company.
The buyer would get a clear picture of the data privacy policies followed by the target company.
Overall the due diligence exercise is carried out as an investigation process to determine the prevailing situation in the target company.

Importance of carrying out Cybersecurity-Due-Diligence

A Cybersecurity framework within an organization is crucial to access the risks present in an organization. Hence, from a buyer's perspective in a private acquisition transaction, carrying out cybersecurity-due-diligence is a priority. This due diligence encompasses cyber-related threats, data breaches, confidential, and secret information that is present with the target company. Reputational loss is severe when compared to other forms of loss.

Apart from this, carrying out due diligence would help in the seamless closing of the transaction. Investigating the target company would provide a clear picture to the buyer on the complexities present in the target company.

Relevant Authority for Cybersecurity-Due Diligence

In India, the Information Technology Act, 2000, regulates information technology and cybersecurity.

The Government of India (GOI) has implemented the following regulations:

The Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013.
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011.
The Information Technology (Intermediaries guidelines) Rules, 2011.
The Personal Data Protection Bill 2018.
GDPR - General Data Protection Rules 2018.

Procedure for Cybersecurity-Due-Diligence

In a private acquisition transaction, there are two or more parties. The parties are the buyer, the seller, and the target. It is the buyer's primary responsibility to carry out the due diligence process on the target company. By carrying out the above process, the buyer would know about the inconsistencies present in the company.

The following process is carried out for due diligence:

The buyer and the seller (target) have to agree for the acquisition of the target company. During this step, the buyer will negotiate terms with the seller on the price of the transaction, contracts of exclusivity, confidentiality, and other clauses that affect the transaction.
Once the terms have been agreed between the parties, the buyer has to approach a third-party consultant. The third-party consultant can be an external consulting firm with expertise in carrying out typical due diligence exercises.
TAP GLOBAL cybersecurity-due-diligence and data privacy services would provide a complete investigation into the target company. Apart from this, our experts will classify information based on the amount of risk involved. Due diligence services provided by TAP GLOBAL will make sure your organization does not have any problems to look back on.
Once the terms have been decided between the buyer and the third party, an agreement will be drafted between the buyer and the third party. In this agreement, the services provided by the third party will be mentioned. This will include the forms of due diligence carried out by the third-party.
When the Due diligence procedure begins, the buyer, the target, and the third party will be involved. During this process, a Due Diligence Questionnaire (DDQ) would be put forth to the seller or target. A Due Diligence questionnaire is a set of questions asked by the buyer. The seller or target has to provide information on the questionnaire.
After this is completed, the buyer must research the target. For cybersecurity-due-diligence, the information in the DDQ would be solely based on the cybersecurity protocols followed by the target.
Due diligence is required, apart from other forms of due diligence if the target company has some form of online and data presence. Through this, the buyer will come to know if the target company has taken reasonable and prudent steps to protect its data and assets properly.
Even if the target company does not have any crucial information on customers or clients, still conducting data privacy due diligence is important. Breach of trade secrets and Intellectual property is devastating to the reputation of the company.
An assessment has to be conducted by the buyer on the target if there are cyber-related incidents. In the evaluation, the threats caused because of cyber-related issues must be categorized. All protocols related to security and information control has to be present in the target.
In the due diligence exercise, different software would also be tested. The use of penetration systems will be addressed to carry out testing on software. However, this forms part of IT due diligence.
The due diligence provider will also check if proper audits are conducted on the company. Informational audits conducted on the company have to be according to the standards prescribed internationally. Hence audits would be according to standards of PCI and ISO 27001.
Once the due diligence exercise is completed, potential flaws will come to light . The due diligence exercise would find out issues if the target or the seller company has breached the contract of exclusivity with the buyer. When this occurs, the parties (buyer) can walk out of the due diligence transaction without going ahead any further.
The buyer will also have an added advantage of using the Material Adverse Change (MAC) if this has been negotiated between the parties in a due diligence exercise. If the parties during the negotiation phase have agreed on any form of MAC clause, then the buyer can use this as a benefit and walk out of the agreement. Apart from this, the buyer can sue the seller and the target for breach of contract. However, the buyer's MAC clause can only be utilized if cybersecurity-due-diligence has been included as a possibility.

TAP GLOBAL Approach for Due Diligence

Being an expert in providing due diligence services to organizations, we have implemented our approach for cybersecurity-due-diligence and data privacy services. Our approach includes the following:

Carrying out Phased Evaluation and Risk Assessment

We understand that no organization can be devoid of any threats. These threats may be internal threats and external threats. Internal threats can be in any form, such as software threats and employee information breaches. External threats will include cyber hacking, ransom wares, and criminal threats. Therefore any organization is exposed to a variety of threats. Hence it is essential to devise a full proof method to understand the risks associated with the organization. Once the risks are identified, solutions must be implemented to reduce the amount of risk. This risk assessment process is a crucial step to reduce the amount of informational loss in an organization.

Calculate the Risk

Once the assessment is carried out, we classify the risks and calculate the damage caused by the risk. Each risk is classified based on a particular category. Risks that are quantified as a causing higher loss would be placed in a separate category compared to lesser risks. After classification, we will assess the probability of each risk. If a particular threat comes in an organization, what would be the solution to the problem? Our approach is based on the above.

Develop a Risk Handling Mechanism

Once risks are classified and predicted, we implement a risk handling mechanism that will address all the present and future problems that pose a threat to an organization's cybersecurity framework. By following this approach, your organization can avoid the maximum amount of risks.

Apart from the above approach followed, we constantly strive to update and implement new procedures to handle risks appropriately.

TAP GLOBAL Benefits

TAP GLOBAL is a recognized management consultant in providing due diligence services.
We have experience in the IT due diligence process, which will help your organization.
Experts at TAP GLOBAL have conducted due diligence exercises with the primary objective of adding value to your organization.
We have Multifaceted teams of professionals comprising Chartered Accountants, IT professionals, lawyers, and company secretaries.
We have extensive experience in handling matters related to mergers, taxation, and accounting matters in India.

How to reach TAP GLOBAL for Cybersecurity-Due-Diligence and Data Privacy Services

Fill The Form

Get a Callback

Submit Document

Track Progress

Get Deliverables

Frequently Asked Questions

What is cybersecurity and data privacy due diligence? How is it different from IT due diligence?

Cybersecurity Due diligence would cover aspects related to cybersecurity threats such as information breaches, data hacks, viruses in an organization. This due diligence would emphasize if the target company has any form of cyber-related threats. IT due diligence is a vast area of due diligence and covers IT security threats and the general IT infrastructure of the company.

Give an example of a real-life M and A information breach related to lack of proper due diligence?

An example of an information breach due to lack of proper due diligence is the acquisition of Starwood Hotels by Marriot Group. Marriot's due diligence provider did not carry out proper due diligence, which lead to information breaches of 400 million customers of Starwood Hotels. This breach included tourists from the European Union as well as the UK. The Information Commissioners Office (ICO), the United Kingdom's data privacy authority, had imposed a heavy fine on the Marriot group.

are qualified to conduct due diligence for an organization?

The following personnel is qualified to conduct due diligence in an organization:

• Investment Banks;

• Consulting Firms;

• Accounting Firms;

• Law Firms; and

• IT Consulting Firms.

Are there any form of compliances that have to be followed for cyber due diligence?

A company established in India would have to carry out the compliances as per the law in India. However, if an Indian company is situated in the EU, and then compliance must be adhered to as per the GDPR policy. This is applicable if the Indian company has EU customers and processes information on their behalf.

What is the difference between sensitive data and non-sensitive data?

following educational qualifications are required to enroll as a valuer:

• Sensitive Data

Includes personal information such as name, age, and address, health-related data, or any form of biometric data.

• Non-Sensitive Data

Non-Sensitive data is information that is not classified as sensitive data. A company, while processing sensitive data, has to be more cautious. Consent from the respective customers is required while processing sensitive data. This is not required when processing non-sensitive data.

is the difference between due diligence and due care process in a company?

Due care is the process in which sufficient security and IT measures are present. Due diligence identifies the measures used by an organization to avoid threats related to cybersecurity.

What is Cybersecurity-Due-Diligence?

Why is Cybersecurity-Due-Diligence carried out?

Importance of carrying out Cybersecurity-Due-Diligence

Relevant Authority for Cybersecurity-Due Diligence

Procedure for Cybersecurity-Due-Diligence

TAP GLOBAL Approach for Due Diligence

Carrying out Phased Evaluation and Risk Assessment

Calculate the Risk

Develop a Risk Handling Mechanism

TAP GLOBAL Benefits

How to reach TAP GLOBAL for Cybersecurity-Due-Diligence and Data Privacy Services

Fill The Form

Get a Callback

Submit Document

Track Progress

Get Deliverables

Frequently Asked Questions

What is cybersecurity and data privacy due diligence? How is it different from IT due diligence?

Give an example of a real-life M and A information breach related to lack of proper due diligence?

are qualified to conduct due diligence for an organization?

Are there any form of compliances that have to be followed for cyber due diligence?

What is the difference between sensitive data and non-sensitive data?

is the difference between due diligence and due care process in a company?

Get In Touch