Information Technology Due Diligence Checklist
General IT Administration
ITEMS IN GENERAL IT ADMINISTRATION DUE DILIGENCE INCLUDE:
- Details of any current and planned IT initiatives/key projects.
- Summary of key IT resources (hardware/software/people).
- Diagram of technical architecture including servers, storage devices, operating systems and databases.
- Description of the networking systems and specific hardware configurations.
- Summary of any vendor support or other support services to which the target is entitled.
- Summary of annual costs associated with maintenance of IT hardware, including hardware upgrades and replacements.
- Material contracts related to software and IT services.
- Summary of services provided by all external IT contractors/consultants.
- Capacity for growth in the target's current IT environment.
- Summary of how the target acquired technology and the role of IT/technology in strategic planning.
ITEMS IN SOFTWARE DUE DILIGENCE INCLUDE:
- Identify current operating systems.
- Identify current databases.
- Identify current company intranet and external web servers.
- Identify current Email.
- Identify open source systems.
- Identify current antivirus and security applications.
- Identify systems utlized for different business functions (Customer Relationship Management (CRM)/ Human Resources Management (HRIS)/Accounting/Payroll/Project Management, etc.).
- Appraise software's scalability, stability, supportability, and cost.
- Review company's software development plan.
- Obtain and review copies of software licenses and contracts.
- Evaluate back-end software development.
- Describe the level of automation and web or internet facing applications.
ITEMS IN HARDWARE DUE DILIGENCE INCLUDE:
- Identify current laptops, computers, and desktops.
- Identify current desk phones, mobile phones, and tablets.
- Identify current storage devices.
- Detail the item's make, model, and manufacture number.
- Create a map of general physical location and configuration of hardware.
- Appraise hardware's scalability, stability, supportability, and cost.
- Identify which hardware may need replaced or updated within the next 12 months.
- Denote whether each item is owned by the company or leased.
- Obtain and review copies of all hardware leases and contracts
Privacy Data Managament
ITEMS IN PRIVACY DATA MANAGEMENT DUE DILIGENCE INCLUDE:
- Review company's Data Management Policy.
- Audit data management and privacy practices.
- Review plan for data breaches.
- Verify compliance with HIPAA.
ITEMS IN OPERATIONS PROCEDURES DUE DILIGENCE INCLUDE:
- Assess whether incidents logged with enough detail to safeguard potential problems.
- Measure timeliness of alerts (i.e. real time or lag).
- Identify systems and users that are designated as monitors.
- Identify remaining infrastructure headroom.
ITEMS IN IT SECURITY DUE DILIGENCE INCLUDE:
- Detailed summary of the key security protocols.
- Summary of all personal and/or sensitive information.
- Target's policies and procedures regarding data storage and data encryption.
- Summary of any issues, including loss of confidential information, inappropriate or malicious content, etc.
- Results of stress test analysis, including the resolution of any issues identified.
- Details about monitoring measures/tests to ensure technical safeguards are working as expected.
- Summary of any logged security issues.
- Summary of any anti-virus and anti-malware protections.
- Policies and procedures utilized by the target to manage mobile device security.
- Description of any cyber attacks/intrusions.
- Copy of policy and network for remote working.
ITEMS IN IT STAFF DUE DILIGENCE INCLUDE:
- Identify whether IT support staff is internal or outsourced.
- If outsourced, review applicable IT Staff contract, noting the value an expiration.
- Identify all members of the IT Support Team.
- Detail each member's name, position/title, tenure, and level of access they currently receive.
- Gather and audit signed confidentiality and intellectual property agreements.
- Create organizational chart to depeict how the department is organized
- Review past performance reviews and training programs for IT staff.
- Review and appraise IT Help Desk processes.