Due Diligence Checklist & 85 Areas for Tech Due Diligence Questions (2021)

Updated: Aug 16

This article provides an in-depth view of the most common areas (85 in total) to prepare for before a tech due diligence. It includes checklists for due diligence also explores the top technical due diligence questions to explore.

It’s worth highlighting three pivotal elements (Strategy, Leadership, and Architecture) from the full checklist in this article. Collectively they ensure a solid base and a great start. We all know the consequences of companies that have a weak strategy or none at all. We also know the importance of solid leadership which can make or break a company. The software architecture suitability can significantly hinder an investment or delay the benefit causing missed opportunities or inability to compete.


Weakness in any of the top three areas can hinder most investment thesis or require significant investments to mitigate.


  1. Strategy and Roadmap: There has to be a healthy strategy in place. As a business, you bring the subject matter experience and the path ahead. The roadmap process and ensures the strategy has legs and can be achieved.

  2. Organization and Leadership: There has to be a solid, collaborative and cohesive leadership and aligned organization in place.

  3. Software Architecture: The architecture has to align and enable the business strategy. A broken or inadequate architecture or one riddled with technical debt can be severely handicapping to the organization and investment.


Tech Due Diligence Company Focused Checklist


Below, we have included the most common areas to prepare for in-depth with the goals and questions to expect, and how to prepare for them.


1. Roadmap & Strategy


Goal: Evaluate the existence of a clear and cohesive strategy and roadmap process across the organization with a healthy SWOT competitive awareness


The Top Areas to Prepare Checklist

  • Full SWOT awareness and inclusion in roadmap

  • Alignment and collaboration with the business roadmap and strategy

  • Existence, documentation, and propagation of a reasonable roadmap

  • Roadmap feasibility of execution by the team

  • Ability to address market needs with clarity on product/service gaps

  • Product strategy deep dive including how technology evolves

  • Product management planning mechanics and abilities

  • Execution discipline and maturity (e.g. backlog epics, backlog health, etc.)


2. Organization & Leadership


Goal: Explore the technology team setup and health. Understand whether the right skills in the team and leadership are in place to implement the roadmap with cost efficiencies


The Top Areas to Prepare Checklist

  • Understand the end-to-end organizational setup and reporting structure

  • Evaluate the inter-disciplinary and functions balance

  • Understand the ability to attract and retain talent (e.g. attrition trends)

  • Understand the level efficiencies in place


3. Software Architecture

Goal: At a high level, this explores the end-to-end architecture suitability for the current business, fit for the investment thesis, efficiency of design, stability, and ability to evolve and stay competitive.


The Top Areas to Prepare Checklist

  • Architecture design patterns, robustness, limitations, and roadblocks

  • Maintainability process for the architecture and codebase

  • Scalability strategy, limitations, and performance with KPIs

  • Exploration of the levels of technical debt and management approach

  • Security design, vulnerabilities, and secure programming principles

  • Integrations and extensibility of the architecture

  • Data architecture and management lifecycle (collection, cleansing, etc)

  • Database, data security including handling of sensitive data, encryption, etc.)

  • Open-source usage, licensing, and intellectual property ownership

  • Quality processes and ability to deploy and time to market

  • Cloud readiness best practices (great cloud technical due diligence list)


4. IT Infrastructure


Goal: Explores the understanding of the infrastructure deployment model (on-prem, type of cloud) and whether it is adequate for investment thesis and the current/future architecture needs with reasonable costs.


The Top Areas to Prepare

  • Cloud and data centers approach for deployment of physical infrastructure

  • Infrastructure scalability to accommodate the intended thesis

  • Infrastructure resilient, reliable with the ability to recover from failure

  • DevOps maturity, deployment processes/tools, and frequency

  • Business continuity and disaster recovery plans and testability

  • Internal line of business applications management and suitability

  • Compliance standards and audit frequency

  • Security practices and process (e.g. monitoring, intrusion detection, incident response, employee access, firewalling, intrusion detection, penetration testing, vulnerability scanning)


5. Product Quality

Goal: Explores the overall product quality in terms of feature offerings, design, UX, bug backlog, and production issues


The Top Areas to Prepare

  • Approach to testing and quality assurance

  • Level of automation, code coverage, and ability to catch bugs upstream

  • Test case management process and tools

  • Quality organization health and inclusion in the team

  • Bug backlog management and feedback into product

  • Metrics for product health across the software development lifecycle from definition to production


6. Ways of Working, SDLC, and Tools


Goal: Explores the understanding of the team and engineering practices (PM, Dev, QA) execution capabilities and maturity.


The Top Areas to Prepare

  • Agility mindset and ability to improve

  • Ability to stay the course with continuous improvement

  • Release planning and management process

  • Sprint planning and management process

  • Delivery trends across the release cycles

  • Tools ecosystem adequacy and rationalization for productivity

  • Ability to deliver quality on time to meet the roadmap and investment thesis

  • KPIs employes across the lifecycle


7. Customer Support Excellence


Goal: Explores the customer-focus mindset, efficiency of services, product quality hot issues, and competitiveness.


The Top Areas to Prepare

  • End-to-end customer support process

  • Defect rates and management process

  • Escalation rates and management process

  • Delineating between support and engineering responsibilities

  • Support tools ecosystem and rationalization

  • Feedback into the product

8. Security

Goal: Explores security and privacy as a complete layer end-to-end including design, controls, practices, policies, vulnerability detection, mitigation, and implementation.


The Top Areas to Prepare

  • Policies and procedures

  • Security controls

  • Security approach (e.g. Zero-tolerance)

  • Security education in the organization

  • Third-party assessments and mitigation approach

  • Inventory and ownership

  • Data privacy and security (e.g. PCI, PHI, PII, GDPR) policies

  • Data storage and access permissions

  • Infrastructure security

  • Monitoring and intrusion detection strategy

  • Physical security strategy

  • History of breaches and management

  • Compliance requirements and domain-specific compliance needs


9. Professional Services


Goal: Explores the approach and health of the professional services arm.


The Top Areas to Prepare

  • Configuration vs customizations mindset

  • Professional services structure and delivery approach

  • Utilization efficacy, delivery metrics, hot-product issues

  • Collaboration with engineering and IT

  • Feedback mechanism into the product


10. Corporate IT


Goal: Explores the internal line of business tools, infrastructure suitability, data architecture, and data strategy for suitability to the target


The Top Areas to Prepare

  • Line of business tools overview and rationale

  • Data flow, architecture, and integrations across tools and system

  • Buy vs Build mindset

  • Costs efficiency across the tools and systems

  • Roles and responsibilities for the internal IT team

  • Business continuity and disaster recovery approach and testability


11. Carve-Out Situations


Goal: In those situations, the goal is to explore the ability of the organization to function as a stand-alone entity and understanding end-to-end capabilities, intellectual property ownership, and dependencies.


The Top Areas to Prepare

  • Organizational chart after the split

  • Roles and responsibilities

  • Line of business tools dependencies

  • Security gaps

  • Hosting and deployment independence

  • Contractual agreements and IP concerns


12. Large Portfolios


Goal: Explores the portfolio investment balance across the lifecycle (planning to deployment). Understanding synergy, strategy, planning, and efficiency across the portfolio (e.g. resource sharing).


The Top Areas to Prepare


Ability to scale product planning across different products

  • Architectural uniformity across products

  • Level of efficiency for code leverage and reusable components strategy

  • Prioritized team structure and health across products


It would be also useful to understand the intention of the diligence as a component of the preparation: Understanding tech due diligence readiness.


Download the technical due diligence definitive guide all you need to know infographic

About Agu Aarna

Agu has been involved in the software development industry in every conceivable way, being a developer, architect, and CTO while also staying active in the M&A industry. He has seen software and IT inside and out.


He is a founding partner at RingStone working with private equity firms and portfolio companies in an advisory and operating capacity. Agu is responsible for building tech due diligence practice and strategy and coaching CTO consultants globally.


Agu is an engineer at heart, with a strong technical background and deep experience within modern technology, software development, and product management. He has facilitated and executed numerous organizational transformations, groomed organizations, architectures, and teams during high growth stages to sustain rapid expansion, successfully driven innovation, and migrations to the cloud unlocking high data load potential and economies at scale. Contact Agu at agu@ringstonetech.com