Information Technology Acquisition and Merger Policy for Oreal Corporation.
Student Name.
University of Affiliation
Date.
Overview
Acquisition Assessment Policy arrangements are personalized by organizations to provide the organizations with a cost-efficient, top security review during the merger or acquisition process with another company or organization (Breinlich et al., 2017). The acquisition assessment policy deployed by Oreal Corporation is to ensure the safety of the Corporation from any impact that another company can inflict during the information technology acquisition process. With the idea that entities have a different level of security and network culpability and a varying philosophy among the workforce between the companies, the acquisition assessment policy will enable Oreal corporation to assess any gap that, if left unmanaged, will put the entire Oreal corporations’ information technology at a greater risk.
The basis of setting these policies by Oreal corporation is to ensure smooth incorporation of the newly acquired information technology; both Oreal Corporation and the acquired company are protected from any form of security risks. The policies must ensure that the newly acquired company accept and implement the company name, the security policies of Oreal Corporation and the corporations work ethical standards, to educate the newly acquired company on the policies and procedure relating to information technology of the Oreal Corporation, and lastly to ensure that there is continuous monitoring of the progress of the newly acquired technology.
Purpose.
The Oreal Corporation recognizes its obligation to safeguard its information technology resources and atmosphere whether data is on-site, in-transit, or hosted off-site. The Acquisition Assessment policy provides the predominant procedure to safety measures of the Oreal Corporation information technology acquisition processes. The predominant procedure is to prevent a situation where when the data breaches are revealed during the acquisition process; then the takeover deal may be cut short. These policies are there to protect Oreal Corporation from any lawsuit that may require the Corporation to pay any penalty relating to fraud charges brought by the acquired company. Moreover, below are some of the grounds that Oreal Corporation will consider before the acquisition/merger of any information technology system.
Firstly, Oreal Corporation will have knowledge based on the geography partners, services offered, products the type of cybersecurity risk the targeted company has faced in its industry. Secondly, to have a good understanding of all sorts of data handling measures, data privacy, and all security control of the targeted company, i.e., how the targeted company uses and dispose customers data and based on contractual obligation the company may have with other companies the Oreal Corporation will have to do a review on the same contracts. Thirdly, Oreal Corporation must review the company’s security program to ensure that the company meets the industry’s required standards as per the regulatory requirements and investigate any previous charges, complaints, or litigation and extortion that is relating to the company. Lastly, Oreal Corporation must study network and system architecture, including known hardware and software vulnerability, patching schedules, digital assets management, cloud service, mobile policies applications vulnerabilities, and data flow.
Scope.
Acquisition Assessment Policy applies to all Oreal Corporation’s workforces, i.e., partners, associate partners, permanent, momentary workforce, and contractual workforce who use Oreal Corporation information technology resources to conduct the company business.
The safety of information technology is a collective corporation responsibility at Oreal Corporation. Therefore, the assigned responsibility my deferrer from that of the worker’s normal and job title responsibility. Subsequently, workers at some point can be assigned various responsibilities provided that the assigned role indicates a clear separation of roles and does not lead to a conflict of interest (Mermelstein, et al., 2020).
Responsibility.
Firstly, Chief Information Officer (CIO) will ensure that the technology team is directed in the right direction with appropriate methodology to protect the Oreal Corporation information system during the acquisition or merger process from any unanticipated risk. Secondly, Information Security Officer (ISO), the ISO main responsibility is to maintain data and system integrity, ISO will ensure that all the information technology processes designed to protect the system are identified and marked appropriately. Thirdly, the Enterprise Manager is tasked with the responsibility of ensuring that the enterprise management team is well trained on the dealings relating to environmental and physical protection policy and procedure (Kreisle, 2015).
Finally, Project Management Team, the Project Management Team will ensure that there is maximum safety for the acquisition process and is aligned with the system and services acquisition policy and that of the Oreal Corporation project management policy and procedure.
Policy Adherence.
All information assets must meet the required security control as defined by Oreal Corporation information security and privacy control. Any system and acquisition processes must safeguard the Oreal Corporation at large by not posing any security risk to the corporate network, internal system, and confidential information (Chang and Cho, 2017). All members of both the Oreal Corporation and the other company shall work together to identify all possible security risks and develop a viable plan on how to solve the identified security risk before any attempt is made to merge any other technology (Fuad and Gaur, 2017) into the Oreal Corporation network.
Oreal Corporation’s policy implementation team will ensure that these policies are complied with by all groups mentioned above. Any individual exempted from these policies will have to get approval from the policy implementation team. The policy implementation team will ensure Close supervision is conducted on the exempted team from the policies. Nonetheless, those employees that will be found to have bridged these policies will be subjected to the Oreal Corporation disciplinary committee. The necessary action will be taken against such person, including termination of their contract from Oreal Corporation, civil litigations, and or criminal prosecution.
Allocation of Resources.
Oreal Corporation’s capital and investment control processes through its ISO will determine and allocate resources required to protect and safeguard the information system. To provide supervised and rapid allocation, the Corporation must ensure that the system is modernized and protected against emerging technological threats. Therefore, the funding must include the allocation of the initial system purchase and capital that will enable the system’s sustainability (Bourreau and de Streel, 2018).
System Development Life Cycle.
This process will be conducted by the project management team, i.e., they will ensure that the information system is managed by the lifecycle methodology that integrates data security consideration by the Oreal Corporation. The Project Management team will ensure that the documentation of safety duties through the development of the lifecycle system (Foros et al., 2018). The team will also ensure that they identify the individuals with information security roles and integrate the Oreal Corporation risk management process into the system development life cycle.
Lastly, the team will ensure that there is a plan in place to tackle the end-of-life and end-of-support dates for both the system and the services (Breinlich, 2017), this will ensure that through the entire life cycle, the system will be able to receive security patches and updates through the system development life cycle and the Oreal Corporation is prepared to discontinue the system once no longer support or when the information technology system cannot ensure the security.
Related Standards.
The Team.
The Chief Information Officer and the application team will be tasked with the responsibility of ensuring that the documentation development process is followed by the developer of the information system, system component, and the information system service. i.e., The documentation development process will ensure that all the security requirements by Oreal Corporation are addressed to the maximum level, documentation of specific tools options and confirmations are used in the advancement procedure (Hovenkamp, 2018), and finally, the developer will ensure that the document, manage and ensure that there is maximum integrity of the process and used in the development.
The CIO and the application manager will ensure that there is an annual review process to the development process, standard, tools, and configurations to address any environmental change to help in determining if the procedure, tools, and configuration designated and deployed for the development process can ensure the safety of the Oreal Corporation defined security requirements (Fuad and Gaur, 2019).
Internal Training.
Oreal Corporation will require that the designer of the data system and information services provided according to the set Corporation rules to provide the workers’ required training on the correct usage of the implemented security system, controls, and mechanisms to its smooth application and maintenance.
Developer Security Architecture and Design.
Oreal Corporation’s responsibility is to ensure that the developer produces a design and specifications and security architecture that will be consistent with that of the Oreal Corporation safety planning, which is built and unified with Oreal Corporation. The developer must provide Oreal Corporation with a complete and accurate description of the required safety workability and safety control distribution amongst physical and logical components.
Definitions.
Acquisition; is when a company purchases most/all of another company’s shares to gain control of that company (Bonaime et al., 2018).
Merger; this is where two firms join forces to move forward as a single new entity rather than remaining separate owned and operate (Kreisle, 2015), i.e., an agreement that unites two existing companies into a new company.
Terms.
Identity; Identity is who someone or what something is, for example, the name by which something is known.
Safety; Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm
Security; A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
References.
Acquisition assessment policy. (n.d.). Retrieve from https://www.sans.org/security resources/policies/general/pdf/acquisition-assessment-policy.
Bonaime, A., Gulen, H., & Ion, M. (2018). Does policy uncertainty affect mergers and acquisitions?. Journal of Financial Economics, 129(3), 531-558.
Bourreau, M., & de Streel, A. (2018). Big tech acquisitions, competition & innovation effects, and EU merger control. The Economist, 26, 10.
Breinlich, H., Nocke, V., & Schutz, N. (2017). International aspects of merger policy: A survey. International Journal of Industrial Organization, 50, 415-429.
Chang, Y. B., & Cho, W. (2017). The risk implications of mergers and acquisitions with information technology firms. Journal of Management Information Systems, 34(1), 232-267.
Foros, Ø., Kind, H. J., & Sørgard, L. (2015). Merger policy and regulation in media industries. In Handbook of media economics (Vol. 1, pp. 225-264). North-Holland.
Fuad, M., & Gaur, A. S. (2019). Merger waves, entry-timing, and cross-border acquisition completion: A frictional lens perspective. Journal of World Business, 54(2), 107-118.
Hovenkamp, H. (2018). Prophylactic merger policy. Hastings LJ, 70, 45.
Hovenkamp, H. (2018). Prophylactic merger policy. Hastings LJ, 70, 45.
Kreisle, N. (2015). Merger Policy at the Margin: Western Refining’s Acquisition of Giant Industries. Review of Industrial Organization, 47(1), 71-89.
Mermelstein, B., Nocke, V., Satterthwaite, M. A., & Whinston, M. D. (2020). Internal versus external growth in industries with scale economies: A computational model of optimal merger policy. Journal of Political Economy, 128(1), 301-341.
