M&A Due Diligence and Portfolio Oversight

Transaction advisory and portfolio company risk management

We provide pre-deal, post-deal, and ongoing diligence to help investors manage the cyber risks of their portfolio companies, negotiate better deals, and preserve their investment value.

Our solutions

Our PortCo Defend program is designed to provide high-level insight into cybersecurity risks across a portfolio and measure the maturity of the cybersecurity approach at each investment entity. The program establishes minimum security requirements, a measurement framework and governance, and provide guidance/ assistance where needed. It is not intended to cause rework or significantly change the direction of a portfolio companies current security initiatives.

Holistic Cybersecurity Risk Assessment and Testing

ACA has developed a customized package of key security risk management services for the portfolio company in order to efficiently identify risks, test the operating state of controls, educate staff on the cyber threats targeting them, and immediately raise the maturity of your security program while taking advantage of natural synergies.

Technology and Data Protection Due Diligence

Pre-deal diligence of prospective portfolio companies


  • Review of the target’s IT, cyber, and privacy posture against the investment thesis via documentation reviews, on-site interviews, direct validation, and testing
  • Provide report with material findings and strategic recommendations.
Transition Planning and Project Management
  • Develop readiness and communication plan
  • Create Transitional Service Agreement (TSA) to ensure continuity and manage costs with carve-outs
  • Develop transition governance plan
  • Develop roadmap for IT integration and identify synergies with add-on acquisitions
Technology Performance Improvement
  • Analyze performance improvement opportunities and recommendations for product development, product management, IT operations, and cybersecurity
  • Establish a Project Management Office (PMO) to manage the implementation of strategic IT projects including set-up and management, plan preparation, tracking and monitoring, and process transition
Cybersecurity and Privacy Risk Management

Holistic review of highest risk portfolio company investments


  • Conduct cybersecurity and technology risk assessments
  • Risk-rank portfolio companies to identify relative strengths and weaknesses for focused remediation
  • Certify against HITRUST CSF standards
  • Perform ongoing vulnerability monitoring
  • Conduct penetration testing
  • Provide training and awareness
  • Assess Microsoft® Office 365 tenant configuration security
  • Perform dark web analysis
  • Assist with security staff augmentation, ranging from analysts to CISOs
1 of

Latest Insights

Compliance Alert

ACA Aponix Named Due Diligence Firm of the Year at the 12th Annual International M&A Awards

ACA is proud to announce that ACA Aponix was named the Due Diligence Firm of the year at the 12th Annual International M&A Awards. The awards were announced at a Virtual Awards Gala celebration on Thursday, January 21st, 2021.

  • ACA News
  • Portfolio Company Risk Management
portco defend Blog - 980x550_5.png

Introducing the PortCo Defend™ Portfolio Risk Management Solution

We’re excited to announce ACA Aponix®'s Portfolio Company Risk Management and Monitoring solution, PortCo Defend™, a cybersecurity program and dashboard designed to help private equity firms assess and centrally monitor security threats and risks for their investment portfolio companies (PortCos).

  • Cybersecurity
  • Portfolio Company Risk Management
telecom case study

Case Study: Portfolio Risk Management for Telecom

Read how ACA Aponix delivered a comprehensive risk management solution to address both public and private networks for large telecom.

Case Study
  • Cybersecurity
  • Portfolio Company Risk Management
Oil and Gas Case Study

Case Study: Portfolio Risk Management for Oil & Gas

Read how a private equity energy investor experiencing increased cyber threats to its portfolio companies worked with ACA Aponix to deploy a comprehensive risk management solution to cover all of the firm’s oil and gas portfolio companies.

Case Study
  • Cybersecurity
  • Portfolio Company Risk Management
LYNX Case Study airplane

Case Study: Holistic Risk Assessment for Lynx FBO Aviation

Read how Lynx FBO Network (Lynx) in the general aviation industry worked with ACA Aponix to execute a Holistic Technology and Cybersecurity Risk Assessment.

Case Study
  • Cybersecurity
  • Portfolio Company Risk Management
PE Firms

Lower IT Costs and Increase Efficiency During the COVID-19 Pandemic: A Guide for Private Equity Firms

How can PE firms reduce costs, enhance efficiency, and shore up their portfolio companies during these troubled times?

  • Cybersecurity
  • Portfolio Company Risk Management
  • BCP
  • COVID-19

Upcoming events

Compliance Induction - 14 April 2021

This course is designed to assist Senior Management to embed a compliance ethos in the individual and a strong compliance culture throughout the firm.

Online Training

Money Laundering Reporting Officer: The Role and Responsibilities - 12 May 2021

The role of the Money Laundering Reporting Officer (MLRO) is a mandatory position in all firms in the Financial Services Industry. This reflects the statutory objective that the Regulator(s) have for ensuring that firms behave with “Integrity”, particularly relating to financial crime prevention. The MLRO therefore plays a significant role in assisting Senior management to ensure that systems and controls relating to anti-money laundering (AML) and countering the risk of terrorist financing (CTF) are appropriate and effective. This course provides practical advice and guidance on the responsibilities of the MLRO, what is expected by the Regulators, both of the Senior Management and the MLRO, and how those responsibilities can be achieved. It should be noted that attendance at this course does assume a good knowledge of the UK’s AML/CTF regulations.

Online Training

Compliance Officer: The Role and Responsibilities - 13 May 2021

The role of the Compliance Officer is a mandatory position in all firms in the Financial Services Industry. They play a major role in assisting Senior Management to ensure that appropriate and effective systems and controls are in place to achieve and maintain compliance with the applicable Rules. While the nature of the Compliance Function is likely to differ from one firm to another, this course provides an easy to follow breakdown of what the Regulator expects of a Compliance Officer and explains, in practical terms how the regulatory expectations and those of Senior Management can be achieved.

Online Training