1. Constellation was ripe for change, with a new CEO who had replaced most of the senior management team.2. The company had a new focus on enterprise risk management, overseen by a chief risk officer who is concerned with operational as well as financial risks.3. As a heavily regulated company, Constellation felt an acute need to establish segregation of duties between the management and control of IT systems.4. Convergence didn't begin as a "project." It started happening naturally.5. The CIO didn't lose much staff or budget when she gave up control of IT security. The new information protection department operates like a consulting service to IT.6. Both the physical security and IT security staffs perceived their status in the organization as being elevated.