Home / Prepare Your Business for Sale / Security Integration Business

How to Prepare Your Security Integration Business for a Sale or Exit (2026)

Updated April 2026 · CT Acquisitions

Most commercial security integrator owners decide to sell, hire a broker, and find out 90 days later that the business is worth 40% less than they thought. The owners who get top-quartile pricing start preparing 24 to 36 months before they ever talk to a buyer. This guide is the 36-month playbook for how to prepare your security integration business for a sale, with every number tied to a source. It covers what private equity actually buys, the 14 levers that move multiples, the documents PE will demand before they send an indication of interest, the deal-killers that re-trade security integration transactions in confirmatory diligence, and the way RMR (Recurring Monthly Revenue) is valued separately from operating EBITDA, which is the single biggest reason owners under-price their own business.

If you are 6 to 36 months from a possible exit, this is the work that turns a 6x EBITDA outcome into a 10x EBITDA outcome on the operating business plus a separate 28x to 40x multiple of monthly RMR added on top. On a $3M EBITDA commercial integrator with $75K of monthly RMR, that is the difference between an $18M sale and a $34M sale. Whether the plan is to prepare your security integration business for a sale to private equity, or to prepare your security integration business for an exit to a strategic acquirer like Convergint, Everon, Pavion, Pye-Barker, or Securitas Technology, the work below applies.

What Private Equity Actually Buys in Security Integration (2026)

At least 18 distinct US private equity platforms are actively buying commercial security integrators in 2026, with PE add-ons running roughly 64% of total deal count and 92 disclosed transactions YTD through Q3 2025 (Capstone Partners, “Security & Alarm Monitoring M&A Update”, November 2025). The sponsor money flowing in is not random. PE buys a specific profile, and the profile you build determines the multiple you get.

The PE-attractive security integration profile

• EBITDA threshold for a platform-quality deal: $1.5M to $3M is the entry band where sponsor-backed platforms run a competitive process. Below that, you are an add-on inside a roll-up. Above $5M, you are an attractive bolt-on for the larger commercial platforms. Above $15M, you are a platform candidate yourself.
• Recurring Monthly Revenue (RMR) base: 30% to 50%+ of revenue from RMR is the line between commodity and premium. Install-only commercial integrators trade at 6x to 8x EBITDA. RMR-rich integrators trade at 10x to 14x with the RMR base separately valued at 28x to 40x monthly RMR added on top of enterprise value (Barnes Buchanan & Co. 2024 Alarm Industry M&A Report; Davis Mergers & Acquisitions Group 2025).
• Commercial vs residential mix: 70%+ commercial with multi-site customers (national chains, healthcare systems, financial services, K-12, higher-ed). Commercial RMR trades 25% to 40% higher than residential RMR because of lower attrition: 4% to 8% annual on commercial vs 10% to 14% on residential (Barnes Buchanan & Co. 2024).
• Manufacturer partner tier: Tier 1 or Platinum or Master partner status with Brivo, Genetec, LenelS2, Avigilon, Axis, Bosch, Honeywell, Verkada, or Eagle Eye Networks. This is the single most security-specific multiple driver and the single most under-prepared diligence item.
• Geography: Sun Belt, Texas, Florida, Carolinas, Mountain West metros are where 2026 sponsor demand concentrates per Capstone Partners 2025 and the stated expansion targets of Convergint and Pavion. Stranded geographies discount.
• Customer concentration: No single customer above 10% of revenue. Top 5 customers below 30%. Concentration above 20% triggers buyer pushback; above 25% triggers 15% to 30% valuation discount or buyer withdrawal (Beancount.io, May 2026; Strategex; Eagle Rock CFO; Morgan & Westfield).
• Technician depth: Tenure above the industry mean (commercial security integrator turnover sits at 22% to 28% per SIA workforce reports 2024). Four or more NICET Level II or III techs across fire alarm, intrusion, and access control disciplines.
• Owner role: Owner is in management, not running install crews or holding the sole state alarm or low-voltage qualifier license. GM in place 12+ months pre-sale. Second qualifier license-holder named in every operating state.

Active security integration PE platforms in 2026

The list below covers the most active sponsor-backed commercial security integration platforms in the 2024-2026 cycle. This is who will see your teaser. Add-on counts are point-in-time. Sources include SDM Magazine “100 Top Systems Integrators” 2024 and 2025 editions, Security Sales & Integration “Acquisitions Round-Up” coverage 2024-2026, PrivSource Security & Alarm Monitoring tracker May 2026 pull, PitchBook, sponsor press releases, and Capstone Partners 2025.

Add to that list the strategic acquirers. Honeywell closed its $4.95B purchase of Carrier Global Access Solutions on December 17, 2024 (Honeywell press release June 24, 2024; Carrier 8-K December 2024), implying roughly 19x to 21x EBITDA on the OEM hardware and software portfolio. Note this is an OEM deal, not an integrator services comparable. ASSA ABLOY remains the most active strategic at the manufacturer level with the $4.3B Spectrum Brands Hardware acquisition closed June 2023 and the Integrated Direct Protection Network add-on closed December 2025 (ASSA ABLOY FY2025 annual report). Motorola Solutions has spent over $4B on video and access acquisitions since 2018 via Avigilon, Openpath, Ava Security, Pelco, and others (Motorola Solutions FY2025 10-K). KKR took a majority stake in cloud access platform Brivo in December 2021. None of those strategics are buying integrator services platforms at the cadence the PE sponsors are; PE remains the dominant exit channel for sub-$25M EBITDA commercial security integration.

Security Integration Valuation Multiples in 2026 (What You Are Actually Worth)

Security integration is unusual because the valuation is the sum of three distinct streams, each with a different multiple: the install or project services book, the service and maintenance contract book, and the RMR (monitoring) base. Each gets valued differently, and missing this distinction is the single most common reason owners under-price their business. Here is the 2026 range, cross-referenced from Mertz Taggart Security Sector Report 2025, Capstone Partners Security M&A November 2025, Davis Mergers & Acquisitions Group 2025, Barnes Buchanan & Co. Alarm Industry M&A Reports, IBBA Q4 2025 Market Pulse, Peak Business Valuation, and Generational Equity.

SDE multiples (smaller, owner-operated)

EBITDA multiples (PE-attractive size)

Source: Mertz Taggart Security Sector Report 2025; Capstone Partners Security & Alarm Monitoring M&A Update November 2025; cross-referenced with the GTCR / Everon precedent at the August 2023 close (estimate ~12x EBITDA on $1.6B EV; GTCR did not disclose the exact multiple).

On top of those EBITDA multiples, the RMR base gets its own separate enterprise value addition. Barnes Buchanan & Co. long-running rules of thumb: 38x to 50x monthly RMR for large monitoring companies with national footprint and $50M+ ARR; 32x to 42x for commercial-focused RMR with lower attrition; 25x to 35x for small to mid-sized dealers with mixed books. Davis M&A Group benchmark: 30x to 40x monthly RMR for high-quality residential or small commercial; 28x to 36x for commercial-only RMR with attrition adjustment. On a $50K monthly RMR base, that adds roughly $1.4M to $2M directly to enterprise value before any EBITDA multiple is applied on the rest of the business. This separate-multiple RMR component is the single biggest reason owners who price their business on a blended EBITDA multiple end up leaving money on the table.

Recent disclosed security integration transactions (2022-2026)

Sources: Honeywell press release June 24, 2024; Carrier 8-K December 2024; GTCR press release August 1, 2023; ADT Inc. 8-K July 2023; Stanley Black & Decker press release December 8, 2021; Securitas AB FY2022 annual report; Wind Point Partners press releases 2024; Trinity Hunt Partners press releases; PitchBook deal histories.

The 14 Value Levers That Move Your Multiple (Ranked by Impact)

These are the levers that move security integration multiples in the 24 months before a sale. Each one has a current state, a target state, and an estimated financial impact. The ordering is by dollar impact per unit of effort, based on cross-source synthesis from Mertz Taggart Security M&A 2025, Capstone Partners 2025, Davis M&A Group, Barnes Buchanan & Co., Brentwood Growth Security Business Sale Guide, ServiceTrade security integrator case studies, and BuildOps integrator case studies.

Lever 1: Grow the RMR base aggressively (the single highest-impact move)

Current: Under 15% revenue from RMR, install-shop economics, no systematic RMR sales motion. Target: 40% to 50%+ revenue from RMR, with annual net-add growth of 12% to 18%, attrition under 8% on commercial accounts. Impact: RMR is the bullseye for security integration valuation. The RMR base gets a separate enterprise-value multiple of 28x to 40x monthly RMR added on top of the EBITDA multiple on the rest of the business (Barnes Buchanan & Co. 2024; Davis M&A Group 2025). High-RMR integrators also get higher EBITDA multiples on their service and install businesses because the recurring base de-risks the deal. On a $5M EBITDA business with $50K monthly RMR, lifting RMR to $100K monthly adds $1.4M to $2M directly to enterprise value, plus expands the EBITDA multiple by an estimated 0.5x to 1.5x worth another $2.5M to $7.5M. How: Tie every install sale to a service and monitoring contract attach. Pricing typically $50 to $150/month residential, $150 to $750/month commercial multi-site. Sales-team comp on RMR added, not just install booked. Migrate legacy T&M service customers onto fixed-price annual service contracts.

Lever 2: Specialize in cloud access control or cloud video surveillance

Current: Generic dealer reselling whatever hardware the customer asks for, mix of low-margin Hikvision, Dahua, or legacy Honeywell access panels. Target: Tier 1 or Platinum or Master partner status with Brivo, Genetec Synergis, LenelS2, Avigilon Alta (formerly Openpath), Verkada, or Eagle Eye Networks. Depth on at least one access control platform and one video platform. Impact: Cloud access control and cloud video carry 35% to 50% gross margins on equipment plus recurring software subscription revenue at 70%+ gross margin (Verkada Channel Partner Program 2025; Brivo dealer program 2025; Eagle Eye Networks Channel Program 2025). Generic IP camera install runs 15% to 25% gross margin. Specialization in cloud access OR cloud video lifts the EBITDA multiple by an estimated 0.5x to 1.5x because the recurring software subscription revenue is essentially RMR-like and the business looks more like a SaaS-enabled service company. How: Pick one cloud platform per category. Send 4 to 8 techs to factory training. Drive Tier 1 or Platinum partner certification (typically $1M to $5M annual sales required). Build a cloud-first sales pitch and sales-engineering capability.

Lever 3: Move owner out of the operational chair (and the qualifier license)

Current: Owner runs sales, runs install crews, signs every check, is on every estimate above $25K, and is the named license-qualifier in every state. Target: GM in place 12+ months before going to market. Owner doing under 30 hours/week of operational work. Sales and field operations have promoted-from-within leadership. A second person qualifies as the master or qualifier license holder in every state of operation. Impact: Owner-dependence is one of the top three multiple haircuts in security integration M&A. On a $1M to $3M EBITDA business, removing key-person risk moves the multiple from the 5x to 6x band into 7x to 9x, worth $2M to $9M of price (estimate from Mertz Taggart 2025 commentary; Capstone Partners DD frameworks). The qualifier-license issue alone can prevent a deal from closing if not solved 12+ months out. How: GM hire 18 to 24 months pre-sale (typical security integration GM/COO comp $175K to $275K plus bonus), document all SOPs, build a leadership scorecard, transition customer relationships to the sales team, take a 2-week vacation as a stress test. Sponsor a senior tech to qualify for master or qualifier status in every state.

Lever 4: Get on ServiceTrade, BuildOps, or equivalent and run a real monthly close

Current: QuickBooks plus spreadsheets, no service-line P&L, no monthly close, technician productivity is anecdotal, RMR tracking in a separate spreadsheet. Target: ServiceTrade, BuildOps, D-Tools (for design and quoting), or equivalent in place 24+ months. Monthly close within 15 days. Real KPI dashboard covering booking rate, conversion, average install ticket, jobs per tech per day, service revenue per truck, RMR adds, RMR attrition, and contract renewal rate. Impact: Estimated +0.5x to 1.0x multiple uplift, driven by the speed and credibility of data-room responses during diligence. ServiceTrade and BuildOps both publish security-integrator case studies showing 8% to 15% revenue lift in year one from better dispatch, billing, and recurring service capture (ServiceTrade case studies 2025; BuildOps case studies 2025). How: Budget $75K to $200K implementation cost plus per-tech license. Force tech adoption with payroll-tied job-completion compliance. Integrate D-Tools or equivalent for design-quote-procure workflow.

Lever 5: Drive average install ticket and service pricing discipline

Current: Average install ticket below $5,000 commercial. T&M service work priced inconsistently. No annual pricing review. Target: Average install ticket $10K to $50K+ commercial. T&M service hourly rate $135 to $175 commercial. Fixed-price annual service contracts on installed base. Annual 4% to 8% list-price increase on hardware and labor. Impact: Direct EBITDA growth. A $5M revenue integrator with 50% service mix that lifts service hourly rate from $110 to $145 adds roughly $350K to $500K to revenue, with most of that dropping to EBITDA at service gross margins of 50% to 65% (SDM Top 100 benchmarks 2024 and 2025). That EBITDA growth is then multiplied at sale. How: Flat-rate pricing on common service tasks. Price book quarterly refresh. Technician training on options-based presentations. Eliminate technician discretion on pricing. Migrate T&M customers to fixed-price annual service contracts (which also lifts RMR-equivalent recurring base).

Lever 6: De-concentrate customer base and convert single-site to multi-site

Current: Top customer above 15% of revenue (or top 5 above 40%). Customer base skewed toward single-site small commercial. Target: Top customer below 10%. Top 5 below 30%. Meaningful percentage of revenue from multi-site enterprise customers including national retail chains, healthcare systems, financial services, K-12, higher-ed. Impact: Concentration above 20% triggers buyer pushback. Above 25% triggers a 15% to 30% valuation discount or buyer withdrawal (Beancount.io 2026; Eagle Rock CFO; Strategex; Morgan & Westfield). Above 40%, multiple reduction of 1.0x to 2.0x is typical. Multi-site customers also lift the multiple by an estimated 0.5x because they are sticky and PE values transferable enterprise relationships highly. How: Diversify into new commercial verticals. Expand multi-site account program. Kill the discount on the biggest account so the relative weighting shrinks naturally. Hire a national accounts BDM.

Lever 7: NICET and state-license depth (not just count, but coverage)

Current: One NICET-certified tech and one master license-qualifier (the owner). Shallow coverage if anyone leaves. Target: Four or more NICET Level II or III techs across fire alarm, intrusion, and access control disciplines. Two or more master or qualifier license holders per operating state, with at least one not being the owner. Impact: NICET depth gates access to commercial fire alarm work and public-sector RFPs (most state fire codes reference NFPA 72 which requires NICET-certified designers and installers). Master or qualifier license redundancy removes the catastrophic risk that the owner walks at close and the buyer cannot maintain the state license. Estimate: prevents a 1.0x to 2.0x multiple haircut at diligence; in worst case prevents deal collapse. How: Send techs to NICET prep coursework (typically $1,500 to $3,500 per cert plus exam fee). Sponsor a senior tech to qualify for master or qualifier status in each state of operation. Track expirations in a license register.

Lever 8: Cybersecurity convergence and cyber-insurance posture

Current: Pure physical security shop. No managed-services revenue stream. Cyber insurance is reactive and the central station has had no recent SOC 2 audit. Target: Network security capability through partnership or in-house (Cisco Meraki MX, Fortinet, Sophos, Ubiquiti). Managed Services or co-managed IT revenue stream where physical and network security are sold together. SOC 2 Type II report on central station. Cyber-insurance $5M+ limit with no prior claims. Impact: Estimate +1.0x to 2.0x multiple uplift on the portion of the business that converts to physical-plus-network convergence, because that revenue trades at MSP or MSSP multiples (8x to 14x EBITDA) rather than pure-physical multiples. The cyber-incident track record is a hard gate: a single ransomware event or significant data breach at the central station can drop the multiple by 1.0x to 2.0x or kill the deal entirely (cross-sourced from SDM Magazine convergence coverage 2024-2025; Allied Universal positioning; Sciens Building Solutions positioning). How: Build or partner for IT and cyber capability. Get the central station SOC 2 Type II certified. Raise cyber liability limits. Build the managed-services revenue line over 24 months.

Lever 9: Manufacturer partner tier protection and contract review

Current: Tier 1 or Platinum partnership with two or three OEMs, but no documented change-of-control conversation with OEM channel managers. Partnership agreements in a binder somewhere. Target: Current Tier 1 or Platinum letter from every key OEM (Avigilon, Axis, Bosch, Brivo, Genetec, Honeywell, LenelS2, Verkada, Eagle Eye Networks). Pre-discussed with the OEM channel manager that a sale is coming and acquirer X (PE platform Y) is acceptable. Written confirmation that the partner tier will transfer. Impact: This is the most under-prepared item in security integration M&A. Loss of Tier 1 or Platinum partner status post-close strips out the protected pricing advantage (5% to 15% on equipment) and the deal-protection on accounts. Estimate: prevents a 0.5x to 1.5x multiple haircut at diligence; in some cases prevents deal collapse if the partner refuses to transfer the tier. How: Pull every OEM partnership agreement. Identify change-of-control language. Have offline conversations with OEM channel managers 6 to 12 months before going to market. Get written pre-clearance where possible.

Lever 10: Technician retention and depth

Current: 25%+ turnover, no internal leveling, training is ad-hoc, OEM factory schools attended sporadically. Target: Under 15% turnover. Technician career ladder (apprentice, junior tech, senior tech, lead tech, project foreman, install supervisor, system designer). Documented training program. OEM factory school attendance budgeted per tech per year. Impact: Replacement cost of a skilled commercial security tech is 100% to 150% of salary (estimate based on SIA workforce reports 2024; cross-referenced with Workyard construction labor research). A 30-person shop with 25% turnover bleeds roughly $400K to $1.2M annually in recruiting, training, and lost productivity. Training investment lifts retention by 30% to 50%. Both numbers feed straight into EBITDA quality and the diligence narrative on whether your tech base is a defensible asset. How: Truck-as-an-office investment. Paid OEM factory training (Avigilon University, Axis Academy, Bosch Certified Installer, Brivo Training, Genetec, LenelS2, Verkada Training, Software House). NICET certification reimbursement. Take-home truck policy. Performance bonus tied to first-time-fix and customer satisfaction scores.

Lever 11: EBITDA add-back hygiene

Current: Owner mixes personal expenses through the business with no documentation. Related-party rent at well-above FMV. No add-back schedule. Target: Every potential add-back is documented as it happens with the underlying invoice. Related-party rent restruck to FMV with appraisal on file. Clean payroll for owner-family members. Impact: Every defensible dollar of adjusted EBITDA is multiplied by the buyer’s multiple. On an 8x multiple, $100K of clean add-backs equals $800K of sale price (Morgan & Westfield QoE guide; Eton Venture Services 2025). How: Adopt a monthly add-back log starting today. Document the business purpose of every charge. Get an FMV rent appraisal if the owner owns the real estate and the business rents it.

Lever 12: Working capital normalization including WIP and deferred monitoring revenue

Current: Wildly seasonal A/R. No inventory discipline. Install WIP not separately tracked. Prepaid monitoring liability buried in general deferred revenue. Target: TTM-average working capital is stable and predictable. WIP isolated by job with percent-complete tracking. Deferred monitoring revenue separately tracked. Truck-stock inventory cycle-counted quarterly. Impact: The working capital peg is set off the trailing 6 to 12 months (most commonly TTM average per BDO and Morgan & Westfield NWC guides). A volatile working capital pattern lets the buyer set a higher peg, which subtracts from purchase price. For security integrators with significant install WIP and prepaid monitoring, sloppy tracking can cost an estimated 3% to 7% of enterprise value at close (cross-sourced from KMCO and Auxo Capital Advisors). How: Tighten A/R collection cycle, especially on government and large commercial customers. Manage truck-stock inventory. Isolate prepaid monitoring liability and WIP on the balance sheet.

Lever 13: Real estate decision (own or lease, and the sale-leaseback option)

Current: Owner-occupied real estate held in the same entity as the operating business, or in an LLC at above-FMV rent. Target: Real estate in a separate LLC at FMV NNN lease to the operating company, with a clear path for the buyer to either assume the lease or buy the real estate. Impact: Separating real estate often lifts the implied EBITDA multiple on the operating business because the buyer is not forced to underwrite real estate exposure (Plante Moran sale-leaseback primer; Northmarq sale-leaseback guide). A sale-leaseback can release up to 100% of property market value as cash, versus 70% to 80% LTV via traditional financing. Estimate: holding real estate separately at FMV typically adds 0.5x to 1.0x to the operating company multiple. How: Get an FMV market rent study now. Restruck rent to FMV. Decide before going to market whether the real estate is part of the deal or held back.

Lever 14: Compliance scrub

Current: State alarm or security licenses tied to the owner. State low-voltage licenses (FL ES, CA C-7, TX TDLR plus DPS, NY DOS, IL IDFPR) with shallow qualifier coverage. FBI and state background check files in a binder. No central station UL audit prep. Sales and use tax compliance uneven. Target: Licensing transferable or with a clear post-close qualifier path. Background check records in a digital system, retention compliant with state rules. UL Listed Central Station (if applicable) audit-current. Sales and use tax compliance verified by outside counsel in every operating state. Impact: Each of these can kill or re-trade the deal at confirmatory diligence. See the deal-killer section below for specifics. How: Cover this in months 24 to 12 of the run-up, before the QoE.

What PE Asks Before They Send an LOI (The Pre-LOI Diligence Stack)

Before a PE firm commits to a letter of intent, they ask for a focused diligence package. The list below is the real ask from a 2026 PE buyer running a competitive process on a commercial security integrator. The “why” and “how to prepare” expand each item to what is typical across the industry per Mertz Taggart sell-side process 2025, Auxo Capital Advisors sell-side process guide 2025, Capstone Partners DD frameworks, Wall Street Prep sell-side primer, and Colonnade Advisors podcast 020.

1. Income Statements 2024, 2025, and LTM with service-line P&L

Why PE asks: They are building the trailing twelve months EBITDA they will multiply. For security integrators they specifically want the split between install or project revenue, service and maintenance contract revenue, RMR (monitoring), and parts or equipment-only sales. Each of these gets valued differently. They also want gross margin by line because install or project margins (typically 25% to 38%) are dramatically different from RMR margins (60% to 80%) per Barnes Buchanan & Co. and SDM Top 100 benchmarks.

How to prepare: Accrual-basis P&L by month, mapped to a chart of accounts that separates the four revenue lines. Tie back to ServiceTrade, BuildOps, WeSuite, D-Tools, or whatever ERP you run. Reconcile to tax returns so there are no surprises in confirmatory diligence.

2. Balance sheet at the latest month with RMR deferred revenue isolation

Why PE asks: Two reasons. First, to start sizing the working capital peg they will set in the purchase agreement. Second, to identify net debt including the critical RMR-specific items: deferred monitoring revenue (prepaid annual contracts), customer-deposit liabilities on uncompleted install projects, unbilled labor on long-cycle install jobs (WIP), and any capital lease balances on truck fleet or test equipment. Deferred monitoring revenue is typically treated as debt-like at close, which directly reduces purchase price.

How to prepare: Tie the balance sheet to the trial balance. Isolate deferred monitoring revenue and customer-deposit liabilities as line items. Have the WIP schedule ready by job.

3. RMR snapshot: counts, churn, ARPU, attrition by segment

Why PE asks: This is the single most diagnostic exhibit for a security integrator. PE will pay a separate multiple on the RMR base (28x to 40x monthly RMR) on top of the EBITDA multiple. They want count of active accounts at month-end last 36 months, ARPU by segment (commercial, residential, multi-site), attrition rate annualized (commercial target under 8%, residential target under 12% per Barnes Buchanan & Co.), net adds per month, and tenure curve (how long the average account has been on the books).

How to prepare: Pull the RMR report from your monitoring central station (Securitas Operations, NMC, Affiliated Monitoring, COPS, Rapid Response, EmergencyOne) plus your billing system. Run it monthly and store the history. Calculate attrition the same way Barnes Buchanan defines it (gross monthly cancellations divided by beginning-of-month RMR, annualized).

4. Add-back estimates

Why PE asks: They want a sneak peek at your adjusted EBITDA story before sinking diligence cost into the file. If your add-backs are aggressive or undocumented, they discount the rest of your numbers.

How to prepare: Build the bridge from book EBITDA to adjusted EBITDA, line by line. Document every add-back with the underlying invoice or payroll record. Common security integrator add-backs that hold up: owner compensation above market (if owner takes $400K but a GM would cost $200K, $200K adds back), one-time legal fees, owner family-member payroll, owner vehicle and personal travel, owner health insurance and country-club, COVID-era ERC, software conversion one-time costs (D-Tools migration, ServiceTrade implementation), one-time central station migration costs, related-party rent at above-FMV (added back to the FMV delta), expired litigation accruals, and one-time bid bond costs on lost public-sector RFPs.

5. Anonymized employee roster with NICET certifications and qualifier license holders

Why PE asks: They are stress-testing four risks. Tech tenure vs industry churn (commercial security integrator turnover sits at 22% to 28% per SIA workforce reports). Owner dependence: if the senior estimators or sales staff are owner-family, that is a key-person risk that hits the multiple. NICET certification depth: NICET Level II or III is required for fire alarm design in most jurisdictions, and without depth you cannot bid certain work. State low-voltage license holders: the qualifying license for the business is often tied to a single individual, and if that person is the owner the license does not auto-transfer.

How to prepare: Roster columns should include role, hire date, full-time vs part-time, W-2 vs 1099 (with classification rationale), comp structure, NICET level and discipline, state low-voltage license number and class, manufacturer factory certifications (Avigilon, Axis, Bosch, Brivo, LenelS2, Verkada, Genetec), and any active non-compete or non-solicit. Calculate and disclose 12-month and 24-month rolling tech retention.

6. Customer concentration and segment mix

Why PE asks: Concentration above 15% on a single customer is a red flag. Government customers (federal, state, K-12, higher-ed) carry different risk than commercial enterprise. Multi-site customers (national chains, healthcare systems, financial services) are sticky and PE pays a premium for them.

How to prepare: Top 10 customer report by revenue last 3 years, with segment, multi-site flag, contract type (T&M, fixed-price, master service agreement), and contract end dates. Flag any change-of-control consent clauses (these will be diligenced separately).

7. Manufacturer partner tier documentation and equipment partner mix

Why PE asks: This is the most security-specific diligence ask and the one most owners under-prepare for. Tier 1 or Platinum or Master partner status with Avigilon (Motorola Solutions), Axis Communications, Bosch Security, Brivo, Genetec, Honeywell, LenelS2 (Carrier), Software House (Tyco / JCI), Verkada, Eagle Eye Networks, and others is the gating factor for protected accounts, pricing advantages, and warranty support. Many of these partnerships have change-of-control clauses: a sale of the business can trigger a partner-tier review or termination. Losing Tier 1 or Platinum status post-close is catastrophic to deal value because the buyer was paying for the protected pricing.

How to prepare: Pull the current letter or partner-tier certificate from every OEM you sell. Pull the partner agreement and identify change-of-control language. Discuss with key OEM channel managers BEFORE going to market so they understand a transition is coming. Some OEMs will pre-clear an acquirer if asked early.

8. UL Listed Central Station documentation and monitoring contracts

Why PE asks: If you contract monitoring out to a UL Listed Central Station (Rapid Response, COPS, NMC, Affiliated, EmergencyOne) the contract terms, change-of-control clauses, and pricing are diligenced because they directly impact RMR margin. If you run your own central station, UL Listing status (UL 827 Standard for Central Stations) is a regulatory and insurance gate that must be in good standing.

How to prepare: Pull the wholesale monitoring contract and identify pricing per account, volume tiers, change-of-control language, and signal-handling SLA. If running your own central station, pull the most recent UL audit report and any open corrective actions.

9. Five-year business plan with RMR build assumptions

Why PE asks: PE underwrites a forward case (years 1 through 5 post-close). For security integration the model must show install pipeline conversion, RMR net adds per month, attrition assumptions, ARPU trends, and any commercial sales hire ramp.

How to prepare: A simple operating model: revenue by service line, RMR build waterfall (beginning RMR + gross adds – cancellations = ending RMR), gross margin assumptions, overhead growth, EBITDA. Include capacity build (techs and trucks), planned expansion territories or service lines, pricing actions, and any commercial pipeline.

10. Asset and fleet list plus test equipment inventory

Why PE asks: Three reasons. CapEx forecast. Trucks have a 7 to 10 year useful life; test equipment (cable testers, Megger insulation testers, RF analyzers, programming tools, IP and network test gear) has 5 to 8 year useful life. Capital lease vs owned vs financed. Wrap and brand condition for the eventual roll-up rebrand. Also for security integrators: any owned demo equipment (camera kits, access control demo panels, intercom demos) needs to be inventoried.

How to prepare: Spreadsheet with vehicle number, make and model and year, mileage, ownership status, monthly payment if any, condition. Separate test-equipment register with serial numbers and calibration date.

11. Org chart, regulatory history, and active project bond plus insurance binders

Why PE asks: Org chart speaks to owner dependence and succession. Regulatory history surfaces state alarm-license board complaints, FCC violations (if you do video transmission), and any active litigation. Project bond and insurance binders (general liability typically $2M to $5M per occurrence, professional liability typically $1M to $2M, cyber liability typically $1M to $5M) speak to insurability post-close.

How to prepare: Pull state alarm or security license history for every operating state (most state boards publish a complaint and disciplinary action search). Pull cyber liability declarations and any prior claims or notice-of-circumstance filings.

Confirmatory Diligence (After You Sign the LOI)

Once an LOI is signed and exclusivity starts (typically 45 to 90 days per Colonnade Advisors podcast 020), the buyer runs seven parallel workstreams. This is the depth of inspection your business will undergo. If anything was hiding, it surfaces here.

1. Quality of Earnings (QoE). Outside accounting firm runs revenue cut-off testing (critical for long-cycle install projects with percent-complete revenue recognition), deferred revenue analysis (huge for security integrators because of prepaid monitoring and prepaid annual service contracts), WIP analysis on install jobs, expense normalization, add-back validation, working capital trends, and RMR roll-forward. Cost paid by buyer for buy-side QoE: $75K to $300K typical for $1M to $10M EBITDA security integrator (higher than HVAC because of WIP and deferred revenue complexity per Eton Venture Services 2025 and CFGI 2025).
2. Customer concentration, contract review, and RMR attrition analysis. Customer-by-customer revenue analysis, calls with top accounts (with seller present), contract review (assignment clauses, change-of-control triggers, renewal dates), cohort RMR attrition analysis (do RMR accounts from 2018 still on the books vs 2022 vintage). For commercial integrators, master service agreement (MSA) review is the heaviest line item.
3. IT systems audit and cybersecurity DD. ServiceTrade, BuildOps, D-Tools, WeSuite, Mantis, Securitas Direct, or whatever ERP/FSM is in place. Data quality, integration capability with the platform’s stack, license counts, master data hygiene. Critical security-integrator-specific item: cybersecurity DD on the central station, video management platforms, access control servers, and remote programming tools. Any history of ransomware, data breach, unauthorized access to customer video, or central station signal compromise gets diligenced hard because buyers price the future cyber liability into the deal.
4. Legal. Entity good standing in every operating state. State alarm or security or low-voltage licenses (the critical security-integration item, see the deal-killer section). Contracts assignment. IP. Litigation history (active and threatened, especially false-alarm fee disputes and faulty-installation claims). Warranty and callback liability. Real estate leases. Manufacturer partner agreements and change-of-control consent requirements.
5. HR, payroll, and background-check compliance. W-2 vs 1099 classification audit (installer subcontractors are common in security and are a known classification risk). I-9 compliance. Wage-and-hour exposure (overtime classification for installers and helpers). Benefits, PTO accrual, any pending EEOC or DOL claims. Non-compete enforceability in operating states. Plus the security-integration-specific item: FBI and state background check records on every installer and monitoring operator. Many states (NY, NJ, FL, TX, CA, IL, MA) require fingerprint-based background checks for security industry personnel under specific state alarm-licensing rules.
6. Environmental and OSHA. Lead-acid battery handling and disposal (backup batteries for alarm panels and central station UPS). Fall protection records (OSHA 1926.501 for fall protection above 6 feet during outdoor camera install or rooftop antenna work). Electrical safety (NFPA 70E arc-flash if working in high-voltage panels). Phase I ESA on any owned property.
7. Tax. Federal income, payroll, sales and use, property. Sales tax on monitoring service revenue varies dramatically by state: Florida taxes monitoring as a service, Texas exempts monitoring but taxes install, New York taxes both, California taxes installation but not monthly monitoring. This is one of the most common confirmatory-stage tax exposures in security integration M&A.

Why You Should Pay for Your Own Quality of Earnings Before Going to Market

A sell-side QoE is your own outside accountant’s QoE, paid for by you, before you go to market. For security integrators it does four things: pre-empts the buyer’s QoE by getting to the adjusted EBITDA number first with documentation; surfaces issues you can fix before the buyer sees them (revenue recognition on install percent-complete, working capital, deferred monitoring revenue treatment, RMR cohort analysis); validates the RMR base so the separate-multiple piece stands up to buyer scrutiny; and tightens the EBITDA number you take to market, which directly drives the headline price.

Cost

• $35K to $50K for a basic QoE if revenue is below $10M and the business has minimal WIP (Eton Venture Services 2025; Morgan & Westfield QoE guide).
• $50K to $125K typical range for sell-side QoE on a healthy security integrator with material install WIP, RMR base, and multiple service lines (Kahn Litwin Renza buy-side vs sell-side QoE 2025; CFGI 2025).
• $125K to $250K for businesses with complex add-backs, multiple entities, multi-state sales tax exposure, or messy books (Eton 2025).

Cost is higher than HVAC because of the complexity around install WIP percent-complete revenue recognition and the RMR cohort analysis the QoE firm needs to perform.

ROI

Example commonly cited across QoE provider content: a $30M revenue, $5M EBITDA security integrator. Moving the multiple from 8x to 9x equals $5M of additional sale price. A $75K QoE investment that supports the 1x lift is roughly a 65x ROI (Eton, “Quality of Earnings Report Cost”, 2025). Security-integration-specific example: a regional commercial integrator had $1.2M of demand-only service work the seller booked at 18% gross margin and a $4.8M install business at 22% gross margin. Pre-QoE the seller pitched $1.4M EBITDA. The QoE firm reclassified $200K of install overhead from COGS to SG&A and removed $180K of non-recurring legal and litigation cost as add-backs, producing $1.62M adjusted EBITDA. At an 8x commercial-integrator multiple that re-stated EBITDA added $1.76M to the sale price for the cost of a $90K QoE.

Deal-Killers That Re-Trade Security Integration Transactions (Avoid These)

These are the recurring kill-shots cited across security integration M&A advisory content and confirmatory diligence checklists. Most of them are fixable in 12 to 24 months. None of them are fixable in 30 days.

1. Customer concentration above 20%

Top customer above 15% gets PE buyers nervous; above 20% they start pricing the discount; above 25% they walk or restructure (Beancount.io 2026; Strategex; Eagle Rock CFO; Morgan & Westfield). For security integrators with government contracts (federal GSA, state, K-12), concentration risk is compounded by the contract being terminable for convenience and not assignable without consent.

2. State alarm, security, or low-voltage license tied to the owner personally

This is the most security-specific deal-killer. Most states require a qualifying individual with a master license to hold the business license. If that person is the owner and they exit at close, the business loses the license. Examples: Florida ES (Electrical Specialty) Burglar or Fire Alarm license is in the qualifier’s name and transferring requires either the same qualifier or a new qualifier qualifying within a window (Florida DBPR; Florida Statutes 489). California C-7 (Low Voltage Systems) requires a Responsible Managing Officer or Responsible Managing Employee, plus the separate Alarm Company Operator license through California BSIS which requires its own Alarm Company Qualified Manager. Texas Electronic Access Control Devices and Locksmith and B-08 Alarm Systems run through TDLR plus the Department of Public Safety Private Security Bureau, both with qualifier requirements. New York Burglar or Fire Alarm License is issued by NYS Department of State with a named license holder. Illinois Private Security Contractor License through IDFPR requires a licensed Private Security Contractor as qualifier (225 ILCS 447). At least 38 states have specific security or alarm or low-voltage contractor licensing with qualifier requirements (SIA State Licensing Database 2025). The buyer either needs the owner to stay on (typically 12 to 24 months) to keep the license active while a new qualifier is named, or restructure the deal materially.

3. Manufacturer partner-tier change-of-control loss

Tier 1 or Platinum or Master partnerships with Avigilon (Motorola), Axis, Bosch, Brivo, Genetec, Honeywell, LenelS2 (Carrier), Verkada, and Eagle Eye Networks all have change-of-control language. Some require pre-approval of the acquirer. Some auto-terminate. Some require requalification at the acquirer level. If lost, the integrator loses 5% to 15% protected pricing on equipment, protected accounts (where competitors cannot be sold into the same account by the OEM), marketing development funds and co-op dollars, and engineering and technical pre-sales support. This can erase 200 to 500 bps of gross margin post-close, which the buyer prices into the deal as a multiple reduction.

4. UL Listed Central Station compliance gaps

UL 827 is the standard for central station alarm services. UL audits central stations on a recurring basis. Open corrective actions, signal-handling SLA failures, redundancy gaps (no backup central station per UL 827), or recent power-loss events are all diligenced. Buyers value RMR books on the assumption the central station is UL Listed and in good standing; lost listing equals lost contracts equals lost RMR (UL 827 Standard for Central-Station Alarm Services; CSAA / TMA Five Diamond Certification standards).

5. FBI and state background check gaps for installers and monitoring operators

Many states require fingerprint-based background checks for security industry personnel: NY, NJ, FL, TX, CA, IL, MA, GA, NC, VA, MD, OH, PA, AZ, NV, WA, and others (SIA State Licensing Database 2025; ASIS International compliance content). Gaps in background-check files, expired badges, or installers who were never properly registered are common confirmatory-stage findings. Per-violation penalties vary but can range $500 to $5,000 per installer per state per occurrence, plus license suspension risk.

6. RMR attrition above 12% commercial or 18% residential

High attrition is a red flag because the RMR multiple (28x to 40x monthly RMR) was sized for low-attrition books, and the cohort analysis will show whether attrition is accelerating or stable. Above 12% annual attrition on commercial, buyers either reduce the RMR multiple or require holdbacks tied to RMR retention 6 to 12 months post-close (Barnes Buchanan & Co. 2024 Alarm M&A report).

7. W-2 vs 1099 misclassification on installer subcontractors

Security integration shops that run install crews or helpers as 1099 to dodge payroll tax are sitting on a liability. IRS settlements range $10K to $100K+ per misclassified worker once back taxes, penalties, interest, and legal cost are aggregated (Tax1099 guide; ADP SPARK 2023; IRIS 2025). DOL and IRS renewed enforcement focus in 2025. Any single SS-8 filing by a former contractor opens a workforce-wide audit. This is particularly common in security because rough-in cabling work is often subbed out.

8. Sales and use tax exposure on monitoring and install in service-revenue states

Sales tax treatment varies dramatically by state for security services: Florida taxes both monitoring service and install (FL DOR Rule 12A-1.061); Texas exempts residential monitoring but taxes install of tangible personal property and may tax commercial monitoring as data processing depending on bundling (Texas Comptroller 96-259); New York taxes both monitoring and install (NY DTF TB-ST-485); California taxes install on the property component but generally exempts monthly monitoring (CA CDTFA Publication 9); Illinois install can be taxable depending on whether it constitutes tangible personal property sale (IL DOR ST 2010-0019-GIL). Multi-state integrators are frequently under-collecting. Buyer confirmatory tax DD will surface multi-year exposure that comes out of purchase price as a holdback or escrow.

9. Cyber-incident history on the monitoring platform or central station

A single ransomware event, signal-tampering compromise, or unauthorized access to customer video archives is a hard gate. Buyers will diligence past cyber-insurance claims (notice of circumstance counts even without claim), SOC 2 Type II report on the central station and remote-management platforms, and any customer-notification events under state breach notification laws. Even one prior event can drop the multiple by 1.0x to 2.0x; multiple events can kill the deal (SDM Magazine cybersecurity coverage 2024-2025; Allied Universal cyber positioning).

10. Install WIP and percent-complete revenue recognition errors

Long-cycle commercial install projects (4 to 12 months) booked under percent-complete accounting are a common confirmatory-stage adjustment. Common findings: revenue recognized before cost incurred, over-billing customers (which becomes a deferred revenue liability), under-billing customers (which becomes unbilled WIP). QoE firms recalculate WIP and frequently identify $100K to $500K of EBITDA misstatement on $5M to $20M revenue integrators (estimate based on CFGI and Eton QoE patterns).

11. Undocumented related-party transactions

Above-FMV rent paid to owner-owned LLC, owner-family members on payroll for unclear duties, related-party vendor contracts (especially for vehicle leasing or equipment supply). All of these become QoE adjustments, but unless they are clean, they erode buyer trust in the broader numbers (Morgan & Westfield QoE; Brentwood Growth M&A prep).

12. Pending litigation: false alarm liability, faulty install, and breach of contract

Security integrators are sued. Common claims: customer alleges faulty install led to break-in or property damage; false alarm fees passed through from municipalities (some states allow municipalities to fine the alarm company directly); breach of monitoring SLA (e.g., delayed dispatch resulted in injury or property loss); wrongful termination by former technicians. Active litigation requires a litigation summary in the data room. Threatened or unresolved high-dollar claims can kill or re-trade deals.

13. Deferred maintenance on fleet and test equipment

Trucks with 200K+ miles, no service log, expired DOT inspections. Test equipment (cable testers, RF meters, programming kits) past calibration or missing. The buyer models replacement capex against post-close cash flow. A fleet that needs $300K of immediate truck replacement plus $50K of test gear refresh reduces purchase price by roughly that amount.

14. Permit and licensing exposure on past commercial work

Commercial fire alarm install jobs occasionally completed without proper AHJ (Authority Having Jurisdiction) permits, or completed but never inspected. Surfaces in legal DD via lookup against state contractor boards and city permit records. Can trigger remediation obligation that the buyer prices into the deal.

The 36-Month Exit Prep Timeline

T-36 months: Cleanup phase

• Switch to accrual basis if still on cash basis; ensure install percent-complete is being properly recorded.
• Pick a security-integration-fit ERP or FSM (ServiceTrade, BuildOps, D-Tools for design, Mantis, Securitas Operations integration) and migrate.
• Start tagging every potential EBITDA add-back as it happens.
• Conduct W-2 and 1099 audit on installer crews; reclassify if needed (settle exposure now while it is small).
• Restruck related-party rent to FMV with appraisal.
• Build the org chart and identify the GM hire (internal promotion target or external recruit) and the second master or qualifier license-holder.
• Phase I ESA on any owned real estate.
• Sales and use tax compliance review by outside counsel in every operating state (especially FL, TX, NY, IL).
• Begin FBI and state background check digital recordkeeping.
• Begin RMR cohort analysis and attrition tracking.

T-24 months: Financial discipline and KPI infrastructure

• GM hire onboarded and starting to take operational load.
• Second master or qualifier license-holder in process for each operating state.
• Monthly close in 15 days; service-line P&L every month (install / service / RMR / parts).
• KPI dashboard covering booking rate, average install ticket, service hourly realization, jobs per tech per day, revenue per truck, RMR adds, RMR attrition, contract renewal rate.
• Launch RMR push if penetration is under 30%.
• Pricing review: 5% to 8% list increase on labor and parts, dispatch fee held.
• Begin diversification of customer base if any top customer is above 15%.
• Document SOPs for every operational role.
• Build the add-back bridge as a living document.
• Drive Tier 1 or Platinum partner certification for at least one cloud access AND one cloud video OEM.
• NICET cert push: send 4 to 6 techs through Level II or III prep.

T-12 months: QoE-ready close discipline, eliminate owner dependence

• Owner steps out of daily operations; GM runs the shop.
• Owner takes a 2-week unplugged vacation as the stress test.
• Run the sell-side QoE (budget $50K to $125K).
• Tighten balance sheet: clean A/R, kill dormant inventory, isolate deferred monitoring revenue and WIP, reconcile install percent-complete.
• Final org-chart review; backfill any gaps.
• Final compliance scrub (state alarm or low-voltage license transferability, central station UL audit, background check records, W-2 or 1099, sales and use tax, environmental).
• Pre-discuss OEM partner-tier transfer with channel managers (off the record).
• Lock in 12 months of clean service-line P&L for the CIM.

T-6 months: Pre-marketing prep

• Engage M&A advisor (sell-side investment bank or M&A advisory firm specializing in security and fire integration). Named security-integration M&A specialists include Mertz Taggart, Davis Mergers & Acquisitions Group, Barnes Buchanan & Co., Capstone Partners, Founders Advisors, and Auxo Capital Advisors. Typical fee structure: $25K to $100K monthly retainer credited against success fee of 3% to 8% of enterprise value, with modified Lehman scaling.
• CIM drafted from the QoE and operating model.
• Teaser drafted (anonymized 1-pager).
• Buyer list finalized: Convergint, Everon, Securitas Technology, Pavion, Pye-Barker, LVC Companies, Sciens Building Solutions, Performance Systems Integration, Summit Companies, Allied Universal, Surveillance Secure, Securecom, Fireline, LONG Building Technologies, Bear Down Holdings, plus the strategics including Honeywell Building Technologies, Johnson Controls Security Solutions, Allegion, ASSA ABLOY, Motorola Solutions (for video and access tech tuck-ins), Comfort Systems USA, EMCOR Group, and API Group.
• Virtual data room populated with everything from the pre-LOI and confirmatory sections above.
• Management presentation deck built and rehearsed.

T-3 months: Go to market

• Teaser distributed; NDAs collected; CIMs distributed.
• IOIs collected 2 to 3 weeks after CIM goes out.
• Narrow to 4 to 6 finalists for management meetings.
• Management meetings; LOIs solicited.
• Select LOI; sign with exclusivity (typically 45 to 90 days).
• Enter confirmatory diligence; close.

End-to-end from engagement to close: 9 to 14 months in a well-run security integration process (Auxo Capital Advisors sell-side process guide 2025; Mertz Taggart Security M&A process content 2025; Wall Street Prep sell-side primer). Security integrators run slightly longer than HVAC because of the RMR cohort analysis, the manufacturer-partner change-of-control workstream, and multi-state license diligence.

Frequently Asked Questions

How long should I plan for before selling my commercial security integration business to a private equity buyer?

The owners who get top-quartile pricing start preparing 24 to 36 months before going to market. The minimum useful prep window is 12 months, because most of the high-leverage levers (lifting RMR penetration from 15% to 40%, getting Tier 1 or Platinum on a cloud access or cloud video platform, installing a GM, naming a second qualifier license-holder in every operating state, running a sell-side QoE) need 12+ months of clean trailing-twelve-months data to be credible to a buyer. Owners who try to sell in under 6 months typically leave 20% to 35% of enterprise value on the table because the RMR base does not have time to compound and the qualifier-license issue cannot be solved in 90 days.

What is a realistic EBITDA multiple for a $2M EBITDA security integrator?

For a commercial security integrator at $2M EBITDA in 2026, the range is 6x to 8x on a project-and-service-heavy business, or 8x to 12x on an RMR-heavy business, with the RMR base getting an additional 28x to 40x monthly RMR added on top of enterprise value (Mertz Taggart Security Sector Report 2025; Capstone Partners November 2025; Davis M&A Group 2025; Barnes Buchanan & Co. 2024). The bottom of those ranges applies to install-only commercial shops with under 15% recurring revenue, owner-dependence, and concentrated customer base. The top applies to shops with 40%+ RMR, Tier 1 or Platinum partner status with at least one cloud access and one cloud video OEM, a GM in place, customer concentration under 10%, and a second qualifier license-holder named in every operating state. The 36-month prep playbook moves you from the bottom of the band to the top, plus brings the RMR base from $25K monthly to $75K monthly, which on its own adds another $1.4M to $2M to enterprise value.

What percentage of RMR (Recurring Monthly Revenue) do PE buyers want to see in a commercial security integrator?

30% to 50%+ of revenue from RMR is the band that moves your business from commodity pricing into premium pricing. Install-only commercial integrators with under 15% recurring revenue trade at 6x to 8x EBITDA. Integrators with 30% to 50% RMR mix trade at 8x to 12x. Integrators above 50% RMR with low attrition (under 8% commercial, under 12% residential) trade at 10x to 14x and the RMR base itself gets a separate enterprise-value multiple of 28x to 40x monthly RMR added on top (Barnes Buchanan & Co. 2024 Alarm M&A; Davis M&A Group 2025). On a $50K monthly RMR base, that separate multiple alone adds roughly $1.4M to $2M to enterprise value, independent of any EBITDA multiple on the rest of the business.

Should I get a quality of earnings report done before going to market?

For security integrators at $1M+ EBITDA, yes. A sell-side QoE costs $50K to $125K typical, up to $250K for complex add-back situations or multi-state sales tax exposure (Eton Venture Services 2025; CFGI 2025). The ROI is leverage. If your QoE supports a 1x multiple uplift on a $5M EBITDA business at an 8x baseline, that is $5M of additional sale price for a $75K investment, roughly a 65x return. More importantly for security integrators specifically, a pre-market QoE validates the RMR roll-forward and percent-complete revenue recognition on install jobs while you can still fix any issues, rather than during exclusivity when the buyer re-trades the deal on those exact items.

Do I need to put a general manager and a second license-qualifier in place before I sell?

If the goal is to maximize price, yes, ideally 12+ months pre-sale. Owner-dependence is one of the top three multiple haircuts in security integration M&A (Mertz Taggart 2025; Capstone Partners DD frameworks). On a $1M to $3M EBITDA business, eliminating key-person risk moves the multiple from the 5x to 6x band into the 7x to 9x band, worth $2M to $9M of price. A security-integration GM hire runs $175K to $275K plus bonus and needs 12 to 18 months to fully take operational load. The second qualifier license-holder issue is even more urgent: most state alarm or low-voltage licenses (FL ES, CA C-7 + ACO, TX TDLR + DPS PSB, NY DOS, IL IDFPR) are tied to a named qualifying individual, and if that person is the owner, the license does not auto-transfer at close. Without a second qualifier named 12+ months pre-sale, the buyer either needs the owner to stay on for 12 to 24 months to keep the license active, or restructures the deal materially.

How do my manufacturer partner-tier statuses (Avigilon, Axis, Brivo, Genetec, Verkada) affect my valuation?

Tier 1, Platinum, or Master partner status with the major OEMs is the single most security-specific multiple driver and the single most under-prepared diligence item. Tier 1 partner status carries a 5% to 15% pricing advantage on equipment plus protected accounts (where competitors cannot be sold into your accounts by the OEM) plus marketing development funds plus engineering pre-sales support. That translates into 200 to 400 bps of gross margin advantage and 2x to 4x customer LTV (Avigilon channel program; Axis Communications partner tiers; Brivo dealer program 2025). Estimate: Tier 1 or Platinum status on at least one cloud access platform and one cloud video platform lifts the EBITDA multiple by 0.25x to 0.75x. The bigger risk is loss of tier post-close: most OEM partner agreements have change-of-control language that can trigger a partner-tier review or termination at sale, which can erase the protected pricing advantage and drop the multiple 0.5x to 1.5x. Have offline conversations with OEM channel managers 6 to 12 months before going to market and get written pre-clearance where possible.

What to Do Next

The commercial security integrator owners who get the top-quartile multiple all do the same things. They start preparing 24 to 36 months before they want to be out. They grow the RMR base from under 15% of revenue to 40%+. They put a GM in place 12+ months pre-sale and name a second qualifier license-holder in every operating state. They drive Tier 1 or Platinum partner status on at least one cloud access and one cloud video OEM. And they invest in a sell-side QoE before any buyer sees a CIM.

If you are 12+ months from a potential exit and want a structured pre-sale optimization roadmap, CT Acquisitions has security integration operations specialists in our partner network who run multi-quarter prep engagements. If you are 6 to 12 months out and ready to start the sell-side process, our M&A advisory team runs the buyer outreach to the 18+ active PE platforms and the strategic acquirers listed above. Buyers pay our fee, not you. Either way, the first 30 minutes are free.