Wiki source code of IT Due Diligence Checklist
Version 1.1 by Drunk Monkey on 2020-08-12 21:04
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | Original article from here: | ||
| 2 | [[https:~~/~~/www.duedil.com/blogs/it-due-diligence-checklist>>https://www.duedil.com/blogs/it-due-diligence-checklist]] | ||
| 3 | |||
| 4 | |||
| 5 | **Conducting IT due diligence when taking over or merging with another company is key to a smooth transitional period. It may not be the most interesting or enjoyable task, but it’s important that the process isn’t rushed. Being as thorough as possible will not only save you time later on, but will also highlight any potential issues that will need to be fixed before the sale goes ahead.** | ||
| 6 | |||
| 7 | The main aim of carrying out this type of due diligence is that it helps you to build a clear picture of what the target company’s IT infrastructure is like and find out whether it’s similar to your own to determine what changes may need to be made when the merger/acquisition takes place. | ||
| 8 | |||
| 9 | As part of the IT due diligence process you will need to make a visit to the acquired company’s workplace to see their technology setup first-hand. However, to ensure that the visit is as productive as possible, it is best practice to send an outline of the onsite delivery process you hope to take. | ||
| 10 | |||
| 11 | **The key elements that need to be included in your due diligence are:** | ||
| 12 | |||
| 13 | 1. Hardware | ||
| 14 | 1. Software | ||
| 15 | 1. Internet and telecom systems | ||
| 16 | 1. Cyber & Network Security | ||
| 17 | 1. Customer support systems | ||
| 18 | 1. IT Support Staff | ||
| 19 | 1. Company products & services | ||
| 20 | |||
| 21 | == 1. Hardware == | ||
| 22 | |||
| 23 | The most important aspects to consider when it comes to hardware is what hardware do they do they actually have, who owns it, and how much is it worth. | ||
| 24 | |||
| 25 | You will need to make a record of the following hardware: | ||
| 26 | |||
| 27 | * Desktops, laptops and tablets | ||
| 28 | * Mobile and desk phones | ||
| 29 | * Servers | ||
| 30 | * Storage devices | ||
| 31 | * Mainframe computers | ||
| 32 | |||
| 33 | Once you have drawn up a comprehensive inventory, you must then find out details on the manufacturer and model number, how much they are currently worth and whether they are leased or owned by the company. | ||
| 34 | |||
| 35 | == 2. Software == | ||
| 36 | |||
| 37 | Once you have collected all the relevant information on hardware, you should do the same for software. Finding out which anti-virus software, data management systems, SLAs and hosting systems the company uses is particularly important. | ||
| 38 | |||
| 39 | * Security systems | ||
| 40 | * Anti-virus systems | ||
| 41 | * Operating systems | ||
| 42 | * Email software | ||
| 43 | * CRM systems | ||
| 44 | * Payroll software | ||
| 45 | * Data management systems | ||
| 46 | * Software licensing agreements | ||
| 47 | * Databases | ||
| 48 | * Outsourced software development agreements | ||
| 49 | * All software for internal use | ||
| 50 | * Storage management (e.g. cloud systems) | ||
| 51 | * Operating systems (e.g. Windows, Chrome etc.) | ||
| 52 | * Open source software | ||
| 53 | * Information on software development processes | ||
| 54 | |||
| 55 | == 3. Internet and telecoms system == | ||
| 56 | |||
| 57 | Examining the company’s existing network and telecoms set-up will help you to understand which methods of communication are favoured by their employees and how their computer systems are organised. | ||
| 58 | |||
| 59 | * Internet provider and contracts | ||
| 60 | * Information on hosting environment | ||
| 61 | * Log of planned (and unplanned) network downtime over a set period | ||
| 62 | * Storage backup systems (including information on cloud-based programmes) | ||
| 63 | * A diagram of the network set-up | ||
| 64 | * A description of the internal communication system | ||
| 65 | |||
| 66 | == 4. Cyber & Network Security == | ||
| 67 | |||
| 68 | The security of the company needs to be thoroughly scrutinised; this is one area where you really cannot afford to cut corners. | ||
| 69 | |||
| 70 | It’s especially important to gauge the vulnerability of the company to a cyber attack in order to assess whether their cyber security needs to be bolstered. | ||
| 71 | |||
| 72 | * Intruder detection programmes | ||
| 73 | * Security of online payment systems | ||
| 74 | * Data encryption program | ||
| 75 | * Tests results for system vulnerability checks | ||
| 76 | * Information on previous security breaches (and what measures were put in place to prevent another) | ||
| 77 | * Cyber security insurance and certificates | ||
| 78 | * Staff training programmes on security | ||
| 79 | * Network Firewall settings and maintenance | ||
| 80 | * Remote access software | ||
| 81 | * Background checks for all employees | ||
| 82 | * Policy on acceptable use for hardware and software | ||
| 83 | * Policy on remote working | ||
| 84 | * Information on which non-employees are granted access to important company data | ||
| 85 | * Log of any hardware without anti-virus software | ||
| 86 | * Policy on company passwords | ||
| 87 | * Plan for disaster recovery and security breaches | ||
| 88 | * Information on database record storage | ||
| 89 | * Vendor updates | ||
| 90 | |||
| 91 | == 5. Customer Support Systems == | ||
| 92 | |||
| 93 | The main objective of gathering information on the company’s customer support systems is to determine how IT is utilised to interact with their customer base. The key areas to assess when it comes to customers are: | ||
| 94 | |||
| 95 | * How do customers access technical support? | ||
| 96 | * What technical support is offered to customers? | ||
| 97 | * What are the most common technical questions that customers ask? | ||
| 98 | * How new customers are integrated into the IT system | ||
| 99 | |||
| 100 | == 6. IT Support Staff == | ||
| 101 | |||
| 102 | A key element in the smooth running of your IT infrastructure is the number of staff employed to provide technical support. Finding out about the roles and responsibilities of IT personnel will help you to determine whether you’re doubling up on roles or need to employ additional IT support staff. | ||
| 103 | |||
| 104 | * Full list of all IT personnel and their individual roles and responsibilities | ||
| 105 | * Confidentiality and intellectual property agreements for staff | ||
| 106 | * List of employees who have had access to source codes in the last 3 years | ||
| 107 | * Staff training programmes | ||
| 108 | * Chart showing how the IT department is organised | ||
| 109 | * List of vacancies that need to be filled over the next year | ||
| 110 | |||
| 111 | == 7. Company products & services == | ||
| 112 | |||
| 113 | You will also need to identify all products that have been created for both internal and external use, and find out who within the company has access to the products. This will help you to get a better understanding of who owns the software, and which staff are involved in its creation/development. | ||
| 114 | |||
| 115 | * Software that the company has sold | ||
| 116 | * Software that has the company is still responsible for | ||
| 117 | * Products that are currently being developed by the organisation | ||
| 118 | * Industry certification | ||
| 119 | * All software that the company has developed where the source code no longer exists | ||
| 120 | * A demonstration of all software |