Post-Close Playbook

100-Day IT Integration Playbook

A week-by-week action plan for securing, stabilizing, and transforming the technology stack after acquiring an SMB. Built from real post-close engagements across dozens of acquisitions.

100 Days

Full integration timeline

30+ Actions

Specific tasks with owners

$28,000-$98,500

Estimated total investment

Why the First 14 Days Matter Most

70-90% of acquisitions that fail to meet expectations cite poor integration as the primary cause (McKinsey). Technology is often the first system to break and the last to get attention. This playbook front-loads security to protect your investment from Day 1.

Phase 1: Secure & Stabilize

Days 1-14

Day 1: Security Lockdown

Est. $0-$500

Change all admin passwords (domain, firewall, cloud accounts)
Disable terminated employee accounts
Verify backup systems are running and test a restore
Document who has physical keys, alarm codes, and server room access
Confirm cyber insurance policy is active and covers new ownership

Risk if skipped: Disgruntled ex-employees retain access. Ransomware hits an unpatched system before you even start.

Days 2-7: Discovery & Documentation

Est. $1,000-$3,000

Complete hardware inventory (servers, workstations, switches, firewalls, printers)
Map network topology and internet connections
Inventory all software licenses and verify transfer rights
Document all vendor relationships and contract renewal dates
Identify any shadow IT (personal devices, unauthorized cloud apps)

Risk if skipped: You can't protect what you don't know exists. Undocumented systems are the #1 source of post-close surprises.

Days 8-14: Critical Security Deployments

Est. $5,000-$15,000

Deploy EDR/MDR on all endpoints (replace consumer antivirus)
Enable MFA on all admin and cloud accounts
Configure email threat protection (anti-phishing, DMARC)
Review and update firewall rules
Set up security monitoring and alerting

Risk if skipped: The average time-to-breach is 16 hours after initial compromise. Every day without EDR is a gamble.

Phase 2: Optimize & Train

Days 15-60

Days 15-21: User Onboarding & Access

Est. $1,000-$3,000

Set up new owner/management accounts with proper permissions
Implement role-based access control (RBAC)
Configure single sign-on (SSO) where possible
Standardize password policy across the organization
Create IT onboarding/offboarding checklists for future hires

Risk if skipped: Over-provisioned accounts are the top identity threat. Principle of least privilege prevents lateral movement.

Days 22-35: Infrastructure Optimization

Est. $10,000-$40,000

Replace end-of-life hardware (servers older than 5 years, PCs older than 4)
Migrate from on-prem email to Microsoft 365 or Google Workspace if needed
Implement proper backup strategy (3-2-1 rule: 3 copies, 2 media types, 1 offsite)
Address technical debt: outdated operating systems, unsupported software
Optimize network performance (bandwidth, Wi-Fi coverage, VPN)

Risk if skipped: Every month of delay increases remediation cost by 15-25% as hardware ages and vulnerabilities compound.

Days 36-60: Training & Process

Est. $2,000-$5,000

Launch security awareness training for all employees
Conduct first phishing simulation (establish baseline click rate)
Create IT policies: acceptable use, data handling, incident response
Document standard operating procedures for common IT tasks
Set up help desk / ticketing system for IT support requests

Risk if skipped: 82% of breaches involve the human element (Verizon DBIR 2024). Training is the highest-ROI security investment.

Phase 3: Transform & Scale

Days 61-100

Days 61-75: Strategic Technology

Est. $5,000-$20,000

Evaluate ERP/LOB applications for scalability and integration
Assess cloud migration opportunities (cost vs. on-prem)
Implement business continuity / disaster recovery plan
Set up compliance framework if required (HIPAA, PCI, CMMC)
Review and renegotiate vendor contracts with new ownership leverage

Risk if skipped: Technology that worked for a lifestyle business may collapse under growth. Scalability gaps cap your exit multiple.

Days 76-90: Automation & Efficiency

Est. $3,000-$10,000

Identify manual processes that can be automated
Implement monitoring dashboards for key business systems
Set up automated patching for servers and workstations
Create reporting on IT health metrics (uptime, ticket volume, security events)
Evaluate AI/automation opportunities for operational efficiency

Risk if skipped: Manual processes don't scale. Automation in Year 1 creates compound efficiency gains through your hold period.

Days 91-100: Review & Roadmap

Est. $1,000-$2,000

Conduct 100-day IT assessment: compare current state vs. Day 1
Calculate total IT investment and ROI to date
Present findings and 12-month technology roadmap to stakeholders
Set up quarterly technology review cadence
Plan Year 1 budget for ongoing managed IT services

Risk if skipped: Without a roadmap, IT reverts to reactive break-fix. Proactive management costs 40% less than emergency response.

Total First-Year IT Investment Summary

Phase	Timeline	Est. Range
Secure & Stabilize	Days 1-14	$6,000-$18,500
Optimize & Train	Days 15-60	$13,000-$48,000
Transform & Scale	Days 61-100	$9,000-$32,000
Total	100 Days	$28,000-$98,500

Costs vary based on company size, existing infrastructure, and industry compliance requirements. These ranges reflect typical SMB acquisitions ($1M-$10M revenue).

Need Help Executing This Playbook?

PDC manages the full 100-day IT integration for SMB acquirers. From Day 1 security lockdown through Year 1 roadmap, we handle the technology so you can focus on running the business.

Schedule a Consultation (336) 886-3282

Based in High Point, NC - Serving SMB Acquirers Nationwide

Related Resources

QoT Due Diligence Checklist

Pre-close technology assessment organized by the 5 QoT pillars.

Technology DD Cost Estimator

Estimate first-year remediation costs by category with low/mid/high ranges.