Information Technology Due Diligence Checklist
General IT Administration
ITEMS IN GENERAL IT ADMINISTRATION DUE DILIGENCE INCLUDE:
- Details of any current and planned IT initiatives/key projects.
- Summary of key IT resources (hardware/software/people).
- Diagram of technical architecture including servers, storage devices, operating systems and databases.
- Description of the networking systems and specific hardware configurations.
- Summary of any vendor support or other support services to which the target is entitled.
- Summary of annual costs associated with maintenance of IT hardware, including hardware upgrades and replacements.
- Material contracts related to software and IT services.
- Summary of services provided by all external IT contractors/consultants.
- Capacity for growth in the target's current IT environment.
- Summary of how the target acquired technology and the role of IT/technology in strategic planning.
ITEMS IN SOFTWARE DUE DILIGENCE INCLUDE:
- Identify current operating systems.
- Identify current databases.
- Identify current company intranet and external web servers.
- Identify current Email.
- Identify open source systems.
- Identify current antivirus and security applications.
- Identify systems utlized for different business functions (Customer Relationship Management (CRM)/ Human Resources Management (HRIS)/Accounting/Payroll/Project Management, etc.).
- Appraise software's scalability, stability, supportability, and cost.
- Review company's software development plan.
- Obtain and review copies of software licenses and contracts.
- Evaluate back-end software development.
- Describe the level of automation and web or internet facing applications.
ITEMS IN HARDWARE DUE DILIGENCE INCLUDE:
- Identify current laptops, computers, and desktops.
- Identify current desk phones, mobile phones, and tablets.
- Identify current storage devices.
- Detail the item's make, model, and manufacture number.
- Create a map of general physical location and configuration of hardware.
- Appraise hardware's scalability, stability, supportability, and cost.
- Identify which hardware may need replaced or updated within the next 12 months.
- Denote whether each item is owned by the company or leased.
- Obtain and review copies of all hardware leases and contracts
Privacy Data Managament
ITEMS IN PRIVACY DATA MANAGEMENT DUE DILIGENCE INCLUDE:
- Review company's Data Management Policy.
- Audit data management and privacy practices.
- Review plan for data breaches.
- Verify compliance with HIPAA.
ITEMS IN OPERATIONS PROCEDURES DUE DILIGENCE INCLUDE:
- Assess whether incidents logged with enough detail to safeguard potential problems.
- Measure timeliness of alerts (i.e. real time or lag).
- Identify systems and users that are designated as monitors.
- Identify remaining infrastructure headroom.
ITEMS IN IT SECURITY DUE DILIGENCE INCLUDE:
- Detailed summary of the key security protocols.
- Summary of all personal and/or sensitive information.
- Target's policies and procedures regarding data storage and data encryption.
- Summary of any issues, including loss of confidential information, inappropriate or malicious content, etc.
- Results of stress test analysis, including the resolution of any issues identified.
- Details about monitoring measures/tests to ensure technical safeguards are working as expected.
- Summary of any logged security issues.
- Summary of any anti-virus and anti-malware protections.
- Policies and procedures utilized by the target to manage mobile device security.
- Description of any cyber attacks/intrusions.
- Copy of policy and network for remote working.
ITEMS IN IT STAFF DUE DILIGENCE INCLUDE:
- Identify whether IT support staff is internal or outsourced.
- If outsourced, review applicable IT Staff contract, noting the value an expiration.
- Identify all members of the IT Support Team.
- Detail each member's name, position/title, tenure, and level of access they currently receive.
- Gather and audit signed confidentiality and intellectual property agreements.
- Create organizational chart to depeict how the department is organized
- Review past performance reviews and training programs for IT staff.
- Review and appraise IT Help Desk processes.
Can I change requests in this checklist or add new?
Every M&A and due diligence process is different. Downloaders are urged to make these checklists their own by changing the providing information to better fit their needs.
Does this questionnaire provide all the necessary due diligence information?
This IT due diligence questionnaire was created by and for M&A professionals and includes a comprehensive starting point for any diligence process. Every deal is different however and may require additional requests or diligence areas.
Easily Collect Data Using this Due Diligence Template in DealRoom
This IT due diligence template may be used as simply the downloadable Excel sheet. However, it operates most efficiently when utilized in conjunction with DealRoom’s dynamic due diligence tool. We offer a secure space to conveniently request, collect, and house data. Additionally, DealRoom offers numerous capabilities and security features to streamline the process.
How to use the template with DealRoom:
Download the due diligence template from DealRoom’s website
Open a room within DealRoom
Go to the Requests tab and select “import”
Import the downloaded template
The Requests tab is automatically populated with the requests from the due diligence template. Users can begin assigning, adding to, and completing due diligence requests.