Sample QoT Assessment Report
Preview of a Quality of Technology assessment deliverable
Quality of Technology
Assessment Report
Triad Manufacturing Co.
Prepared for: John Searcher, Prospective Acquirer
Assessment Date: March 2026
Report ID: QOT-SAMPLE-2026-001
CONFIDENTIAL - For authorized recipients only
Preferred Data Corporation | High Point, NC
Executive Summary
Quality of Technology Assessment
Page 2
Overall QoT Score
58
out of 100
Risk Grade
C
Moderate-High
Recommendation
Proceed
with Caution
Key Findings
No MFA deployed on any systems. EDR absent on 60% of endpoints.
3 servers running Windows Server 2012 R2 (end of support). ERP system is 12 years old.
Software license documentation incomplete. 15+ Microsoft 365 licenses unaccounted for.
Network infrastructure updated within last 2 years. Cloud migration partially underway.
Assessment by Pillar
Estimated Financial Impact
Hidden IT Costs
$127K
SDE Adjustment
-$127K
Impact at 4x Multiple
-$508K
© 2026 Preferred Data Corporation
Asset Inventory
Hardware, Software & Infrastructure Assessment
Page 3
Asset Inventory Score
Moderate - Documentation gaps identified
Hardware Age Distribution
| Category | Count | Avg Age | Status |
|---|---|---|---|
| Servers | 5 | 6.2 yrs | At Risk |
| Workstations | 45 | 3.8 yrs | Fair |
| Network Switches | 8 | 2.1 yrs | Good |
| Firewalls | 2 | 1.5 yrs | Good |
| UPS/Power | 3 | 5.0 yrs | Fair |
| Printers/MFP | 12 | 4.5 yrs | Fair |
Infrastructure Assessment
3 servers running Windows Server 2012 R2
End of extended support reached. Security patches no longer available. Immediate migration required.
No complete network diagram available
Partial documentation exists but has not been updated in 18+ months. Network topology unclear.
Cloud migration underway (Azure)
2 of 5 servers already migrated. Hybrid connectivity established. Good foundation for continued migration.
Cloud vs On-Premises Split
Industry benchmark for manufacturing: 45-55% cloud adoption. Target is below average.
© 2026 Preferred Data Corporation
Security Assessment
Cybersecurity Posture & Compliance
Page 4
Security Posture Score
Critical - Immediate action required
Security Controls Assessment
| Control | Status | Notes |
|---|---|---|
| Multi-Factor Authentication | Missing | Not deployed on any system |
| EDR/MDR | Partial | Deployed on 40% of endpoints only |
| Business Firewall | Pass | Fortinet FortiGate, updated firmware |
| Email Filtering | Partial | Basic spam filter only, no anti-phishing |
| Backup & DR | Partial | Backups exist but no offline copy |
| Patch Management | Missing | No formal process; 60+ day patch gap |
| Security Training | Missing | No documented training program |
| Incident Response Plan | Missing | No documented plan exists |
| Network Segmentation | Pass | IT/OT separation in place |
| PAM (Privileged Access) | Missing | Shared admin credentials observed |
Critical Risk Flags
- - Shared admin passwords across multiple systems (single point of compromise)
- - No MFA means a single compromised password gives full access
- - No incident response plan means no structured approach to a breach
- - Cyber insurance applications will likely be denied in current state
Cyber Insurance Readiness
NOT READY3 of 9 carrier requirements met. Must deploy MFA, EDR, patch management, security training, and incident response plan before applying.
© 2026 Preferred Data Corporation
Technical Debt & Licensing
Software Currency & Compliance Assessment
Page 5
Technical Debt Score
High debt identified
Licensing Score
Gaps in compliance
Key Software Systems
| System | Version | Age | Support |
|---|---|---|---|
| ERP (Epicor) | 9.05 | 12 yrs | EOL |
| Windows Server | 2012 R2 | 11 yrs | EOL |
| Microsoft 365 | E3 | Current | Active |
| QuickBooks | 2022 | 4 yrs | Limited |
| AutoCAD | 2023 | 3 yrs | Active |
| Custom MES | v2.1 | 8 yrs | None |
License Compliance Summary
15 Microsoft 365 licenses unaccounted for
Active licenses assigned to departed employees. Estimated annual waste: $2,700.
ERP license transfer requires vendor approval
Epicor licensing terms may require renegotiation upon change of ownership. Budget $15-25K for transfer fees.
No software asset management tool in use
Manual tracking via spreadsheet. Last updated 8 months ago. Audit risk is elevated.
Custom Code Evaluation
Custom Applications
2
Documentation
None
Version Control
None
Custom MES application written in VB.NET by former employee. No source code repository, no documentation. Single point of failure risk.
© 2026 Preferred Data Corporation
Financial Impact Analysis
SDE Adjustment & Valuation Impact
Page 6
IT Spend Analysis
Current IT Spend
$85,000
/year
Industry Benchmark
$212,500
25 employees x $8,500
Underspend Gap
$127,500
60% below benchmark
Hidden Cost Breakdown
| Category | Estimated Cost | Basis |
|---|---|---|
| Security Remediation | $38,250 | 30% of hidden costs |
| Deferred Maintenance | $27,563 | Server/OS upgrades |
| License True-up | $19,125 | Audit exposure + transfers |
| Infrastructure Upgrades | $31,875 | Server migration, hardware |
| Implementation/Migration | $10,688 | Labor and planning |
| Total Hidden IT Costs | $127,500 |
SDE Adjustment
Valuation Impact by Multiple
| Multiple | Stated Value | Adjusted Value | Impact |
|---|---|---|---|
| 3x | $2,550,000 | $2,167,500 | -$382,500 |
| 4x | $3,400,000 | $2,890,000 | -$510,000 |
| 5x | $4,250,000 | $3,612,500 | -$637,500 |
Note: These figures represent estimated first-year remediation costs that should be factored into the acquisition model. Actual costs may vary based on implementation approach and vendor pricing.
© 2026 Preferred Data Corporation
Remediation Roadmap
30/60/90 Day Action Plan
Page 7
| Action | Cost | Priority |
|---|---|---|
| Deploy MFA on all accounts | $150/mo | Critical |
| Deploy EDR on remaining 60% of endpoints | $375/mo | Critical |
| Revoke access for departed employees | $0 | Critical |
| Implement email anti-phishing | $200/mo | High |
| Begin server inventory documentation | $2,000 | High |
| Action | Cost | Priority |
|---|---|---|
| Implement backup with air-gapped copy | $500/mo | High |
| Begin Windows Server 2012 migration | $15,000 | High |
| Launch security awareness training | $125/mo | Medium |
| Conduct software license audit | $3,000 | Medium |
| Action | Cost | Priority |
|---|---|---|
| Complete server migration to Azure | $8,000 | Medium |
| Document incident response plan | $3,000 | Medium |
| Implement patch management process | $200/mo | Medium |
| Begin ERP upgrade evaluation | $5,000 | Low |
90-Day Cost Summary
One-Time Costs
$36,000
Monthly Recurring
$1,550/mo
Year 1 Total
$54,600
© 2026 Preferred Data Corporation
About Preferred Data
Your M&A Technology Partner
Page 8
Your Technology Due Diligence Partner
Trusted by acquirers and operators since 1987
37+
Years in Business
100+
Active Clients
20+
Yr Avg Client Tenure
A+
BBB Rating
M&A Technology Services
Quality of Technology (QoT)
Comprehensive technology due diligence with dollar-denominated risk quantification.
QoT Lite
Rapid pre-LOI technology assessment for searchers evaluating multiple targets.
100-Day IT Integration
Post-close technology stabilization and integration planning.
Managed IT Services
Ongoing technology management for portfolio companies.
Why Acquirers Choose PDC
Firsthand acquisition experience - our president completed an ETA search and acquired PDC
Dollar-denominated risk reports designed for deal models, not just IT audits
We work within your deal cadence - fast turnaround for time-sensitive LOIs
Not just assessors - we execute the remediation after close
Deep manufacturing and industrial technology expertise in NC
Ready to Assess Your Next Deal?
Get a QoT assessment tailored to your acquisition timeline.
1208 Eastchester Drive, Suite 131, High Point, NC 27265
© 2026 Preferred Data Corporation