Click to show roles using Thermal
Lifecycle of a Deal
How discovery turns into decisions, and decisions turn into action
As a deal progresses, pressure increases, scope narrows, and the cost of getting it wrong rises.
This page is a map of how deal work actually unfolds across buy side and sell side, as responsibilities diverge, timelines compress, and data obligations carry through from first review through deal close.
The lifecycle below highlights two periods where the work becomes most concentrated:
- Post-formation, pre-signing, when sellers prepare a virtual data room (VDR) and buyers and their advisors review it to assess risk, determine value, and negotiate terms.
- Post-signing, pre-close, during the transition services agreement (TSA) period, when services and systems are aligned and decisions are carried through to execution before networks are formally split or combined.
The interactive Lifecycle of a Deal visual shows a representative sequence across formation, signing, and close, with orange markers highlighting the four phases where discovery, diligence, classification, and remediation occur as buy side and sell side work diverge and reconnect.
Click a role at the top of the page to see where that role is commonly involved in these four phases.
Discovery
Find the files that matter
Discovery is about identifying the information that needs to be reviewed for the transaction.
- On the sell side, teams locate and prepare the files that belong in the virtual data room.
- On the buy side, multiple parties search and review those files to understand what exists and where to focus their diligence.
Teams: Finance, Legal & Compliance, Operations, Risk & Privacy, Security & Technology (CISO / IT), Strategy & Corporate Development
Partners: Consultants, Forensic Accountants, Investment Bankers, Legal Counsel, Private Equity, Tax
Diligence
Make defensible decisions
Diligence begins once teams have narrowed the universe of relevant files.
Buy-side teams use AI on curated material to ask targeted questions, surface discrepancies, and complete diligence reports, with every conclusion tied back to reviewed source material. Findings from multiple diligence teams are aggregated to assess risk and inform pricing and terms.
Teams: Legal & Compliance, Strategy & Corporate Development
Partners: Consultants, Forensic Accountants, Investment Bankers, Legal Counsel, Private Equity, Tax
Classification
Identify sensitive information
After signing, before a buyer brings the seller's digital assets into their network, they may request a scan to identify out-of-place sensitive personal, health, or payment information that could introduce future liability.
That scan identifies information such as PII, PHI, PCI, credentials, or regulated data within VDR files and, when needed, across broader sell-side digital assets.
Teams: Legal & Compliance, Risk & Privacy, Security & Technology (CISO / IT)
Partners: Consultants, Legal Counsel
Remediation
Preserve, separate, and mitigate risk
Before any files are moved or deleted, required data is preserved to comply with state and federal law governing electronically stored information.
From there, remediation diverges. The TSA period provides a defined window to carry decisions into durable outcomes.
- On the sell side, data is separated so the right information permanently stays with the right party after the transaction. Learn more →
- On the buy side, data risk is mitigated by moving sensitive information to approved locations and permanently deleting it from impermissible ones to meet regulatory requirements such as CFIUS (Committee on Foreign Investment in the United States), ITAR (International Traffic in Arms Regulations), or antitrust constraints.
Teams: Employees, Legal & Compliance, Operations, Risk & Privacy, Security & Technology (CISO / IT)
Partners: Consultants, eDiscovery, Legal Counsel