A virtual data room (VDR) offers much more than a convenient cloud-based platform to host documents. While the ability to deliver important documents related to an M&A or private equity transaction is important so as not to slow down the due diligence process, it is critical to ensure that the wrong documents do not end up in the wrong hands. As such, one of the more important features of a VDR is its access restrictions.
A VDR’s administrator can control the access and permissions available at the group level (i.e., the investment bankers) and individual level. Not only can specific files or documents be permissioned, but even specific pages within a single document can be made accessible, depending on who needs to review the material.
To take full advantage of the access and permissions capabilities of a VDR, it is helpful to understand how these tools work and how they benefit or even enhance the transaction. When improper access is given, the due diligence process can slow down, impairing the success of the transaction and possibly affecting the value of the deal.
What Is Access Control?
Used broadly in IT, access control is the process of ensuring that the right assets are made available to the right user at the right time. Assets can be documents, data, apps, devices and even entire networks.
Control access is also a term used in physical security situations allowing employees, suppliers and partners to enter a building or certain physical spaces.
Access Control Lists
Access control lists are, as their name implies, groups of individuals who are given access or permission based on particular criteria. Policies might be defined by IT or, in the case of a transaction, senior management of the participating companies. For example, IP specialists, brought in during due diligence to evaluate the target company’s IP assets, will most likely not be given access to the company’s HR and salary records.
Access Control Lists Are Crucial for Document Security Permissions
The main benefit is security: ensuring the documents do not end up in the wrong hands. This can occur when someone outside of the review team is incorrectly provided access to a document. This can also happen if the VDR is somehow hacked, but the right VDR solution will have the strongest security protocols in place, in addition to being compliant with the strictest standards related to data compliance.
Beyond access, a VDR can also restrict permissions related to what the user can actually do with the documents. A user might be able to read a document, but not provide remarks or annotations; other users might even be allowed to download certain documents.
Given this, access control and the associated lists can become quite complex. However, with the right platform, the process can be easily facilitated, especially if there are dashboards showing who is accessing which document, when, and for how long. Such insights inject value into the due diligence process by ensuring that there are no security issues or bottlenecks.
Guide to Creating Access Control Lists
Select a VDR partner that helps you create access control lists with ease and peace of mind, without the need to engage your own internal IT resources. Access control lists can be created with just a few steps, including uploading a list of contacts in CSV format.
Workspace administrators can designate access levels and document permissions based on preferences provided by the company leading the deal. This is most likely the acquiring company in a merger and acquisition (M&A) transaction or the private equity firm in a private equity placement. Oftentimes, the supporting professional services providers, such as the accounting firms and valuation specialists, will make requests for access to particular data and documents.
Establish Your Virtual Data Access Permissions
Executives, bankers, accountants, and their consultants require a solution to manage the flow of document sharing and reviewing in a safe environment. Virtual deal rooms from CapLinked facilitate due diligence and document management for transactions in the areas of M&A, private equity and venture capital, supporting bankers, lawyers, accountants, investors, consultants and company owners with the accessibility and security they need. Start your free 14-day trial of CapLinked today!
Jake Wengroff writes about technology and financial services. A former technology reporter for CBS Radio, Jake covers such topics as security, mobility, e-commerce and IoT.
Imperva – Access Control List (ACL)