IT Due Diligence Checklist

4 min read

IT Due Diligence Checklist 

Conducting IT due diligence when taking over or merging with another company is key to a smooth transitional period. It may not be the most interesting or enjoyable task, but it’s important that the process isn’t rushed. Being as thorough as possible will not only save you time later on but will also highlight any potential issues that will need to be fixed before the sale goes ahead. 

The main aim of carrying out this type of due diligence is that it helps you to build a clear picture of what the target company’s IT infrastructure is like and find out whether it’s similar to your own to determine what changes may need to be made when the merger/acquisition takes place. 

As part of the IT due diligence process, you will need to make a visit to the acquired company’s workplace to see their technology stack first-hand. However, to ensure that the visit is as productive as possible, it’s best practice to send an outline of the onsite delivery process you hope to take. 

The key elements that need to be included in your IT due diligence are: 

  1. Hardware 

  2. Software 

  3. Internet and telecom systems 

  4. Cyber & Network Security 

  5. Customer support systems 

  6. IT Support Staff 

  7. Company products & services 

  1. Hardware

The most important aspects to consider when it comes to hardware is what hardware they have, who owns it, and how much is it worth. 

You will need to make a record of the following hardware: 

  • IoT Devices - desktops, laptops, tablets, mobile phones etc.   

  • Servers and storage devices 

  • Mainframe computers 

Once you’ve drawn up a comprehensive inventory, you must then find out details on the manufacturer and model number, how much they are currently worth, and whether they are leased or owned by the company. 

  1. Software

Once you’ve collected all the relevant information on hardware, you should do the same for software. Finding out which anti-virus software, data management systems, SLAs, and hosting systems the company uses is particularly important. 

  • Security systems 

  • Anti-virus systems 

  • Operating systems 

  • Email software 

  • CRM systems 

  • Payroll software 

  • Data management systems 

  • Software licensing agreements 

  • Databases 

  • Outsourced software development agreements 

  • All software for internal use 

  • Storage management (e.g., cloud systems) 

  • Operating systems (e.g., Windows, Chrome etc.) 

  • Open-source software 

  • Information on software development processes 

  1. Internet and telecoms system

Examining the company’s existing network and telecoms set-up will help you to understand which methods of communication are favoured by their employees and how their computer systems are organised. 

  • Internet provider and contracts 

  • Information on hosting environment (cloud, dedicated or hybrid) 

  • Log of planned (and unplanned) network downtime over a set period 

  • Storage backup systems (including information on cloud-based programmes) 

  • A diagram of the network set-up 

  • A description of the internal communication system 

  1. Cyber & Network Security

The security of the company needs to be thoroughly scrutinised; this is one area where you really cannot afford to cut corners. It’s especially important to gauge the vulnerability of the company to a cyber-attack in order to assess whether their IT security needs to be bolstered. 

  • Intruder detection programmes 

  • Security of online payment systems 

  • Data encryption program 

  • Tests results for system vulnerability checks 

  • Information on previous security breaches (and what measures were put in place to prevent another) 

  • Cyber security insurance and certificates 

  • Staff training programmes on security 

  • Network Firewall settings and maintenance 

  • Remote access software 

  • Background checks for all employees 

  • Policy on acceptable use for hardware and software 

  • Policy on remote working 

  • Information on which non-employees are granted access to important company data 

  • Log of any hardware without anti-virus software 

  • Policy on company passwords 

  • Plan for disaster recovery and security breaches 

  • Information on database record storage 

  • Vendor updates 

  1. Customer Support Systems

The main objective of gathering information on the company’s customer support systems is to determine how IT is utilised to interact with their customer base. The key areas to assess when it comes to customers are: 

  • How do customers access technical support? 

  • What technical support is offered to customers? 

  • What are the most common technical questions that customers ask? 

  • How new customers are integrated into the IT system 

  1. IT Support Staff

A key element in the smooth running of your IT infrastructure is the number of staff employed to provide technical support. Finding out about the roles and responsibilities of IT personnel will help you to determine whether you’re doubling up on roles or need to employ additional IT support staff. 

  • Full list of all IT personnel and their individual roles and responsibilities 

  • Confidentiality and intellectual property agreements for staff 

  • List of employees who have had access to source codes in the last 3 years 

  • Staff training programmes 

  • Chart showing how the IT department is organised 

  • List of vacancies that need to be filled over the next year 

  1. Company products & services

You will also need to identify all products that have been created for both internal and external use and find out who within the company has access to the products. This will help you to get a better understanding of who owns the software, and which staff are involved in its creation/development. 

  • Software that the company has sold 

  • Software that has the company is still responsible for 

  • Products that are currently being developed by the organisation 

  • Industry certification 

  • All software that the company has developed where the source code no longer exists 

  • A demonstration of all software 

How FullCircl can help? 

FullCircl is a customer lifecycle intelligence (CLI) platform that enables businesses to find the right customers, onboard them faster, and keep the for life.    

We deliver a multi-dimensional view that combines advanced data ingestion, validation and augmentation with real-time news, social signals and more. All neatly delivered via a web app or API. 
The end result for your business is that you can move fast. Really fast. Whether it’s automated data collection and critical checks, ensuring compliance, or conducting IT due diligence ahead of a merger or acquisition. We give you the speed to succeed. 

 We want to help you do Better Business Faster. Watch how we are tackling the biggest customer lifecycle challenges in your market. Or drop us a line to find out how we can support your needs.  

Join our newsletter