Technology Due Diligence Checklist
The complete Quality of Technology (QoT) checklist for ETA searchers and SMB buyers. Evaluate every critical technology dimension before you close - 38 items across 5 pillars, with 19 flagged as critical.
Why Technology Due Diligence Matters
The 5 QoT Pillars
Each pillar represents a critical dimension of technology risk. Work through every item to build a complete picture of your target's IT posture.
Pillar 1: Asset Inventory
8 items - 5 critical
Document all servers, workstations, networking equipment
Record hardware age, warranty status, end-of-life dates
Map all SaaS subscriptions and cloud services
Inventory software licenses with keys and agreements
Identify shadow IT and unapproved tools
Document data storage locations and backup systems
Map network topology and connectivity
Catalog domain names, SSL certificates, DNS records
Deal Impact: $50K - $200K
Missing or outdated asset inventory often hides $50K-$200K in deferred hardware refresh costs that hit within the first 12-18 months post-close.
Pillar 2: Security Posture
10 items - 6 critical
Verify business-grade firewall is in place (not consumer router)
Check for EDR/MDR endpoint protection on all devices
Confirm MFA enabled on all accounts (especially admin)
Review email protection (DMARC, DKIM, SPF configured)
Assess identity management and access controls
Check for security awareness training program
Review incident response plan
Verify backup and disaster recovery procedures
Check cyber insurance coverage and requirements
Request most recent vulnerability scan results
Deal Impact: $100K - $500K+
A single ransomware event can cost $100K-$500K+ in recovery, downtime, and reputational damage. Gaps here are deal-breakers or major price adjustments.
Pillar 3: Technical Debt
8 items - 3 critical
Identify end-of-life operating systems and software
Assess custom code documentation and maintainability
Check for single points of failure in infrastructure
Review database performance and scalability
Evaluate application architecture (monolithic vs. modular)
Identify key person dependencies for IT knowledge
Review integration capabilities and API availability
Assess Windows Server and SQL Server version currency
Deal Impact: $75K - $300K
Technical debt compounds rapidly. End-of-life systems and key-person dependencies can require $75K-$300K in remediation within the first year.
Pillar 4: Licensing
6 items - 4 critical
Request complete software license inventory
Verify user counts vs. license quantities
Review transfer/assignment clauses in all software agreements
Check for "change of control" termination rights
Audit custom software for open-source (GPL) dependencies
Verify maintenance agreements are current
Deal Impact: $25K - $150K
License non-compliance discovered post-close can trigger audit penalties of $25K-$150K. Change-of-control clauses may require renegotiation or replacement.
Pillar 5: Scalability
6 items - 1 critical
Assess current capacity utilization
Identify what breaks at 2x current volume
Evaluate cloud vs. on-premises TCO for growth plan
Check network bandwidth headroom for additional locations
Review disaster recovery plan and RTO/RPO targets
Assess integration capabilities for bolt-on acquisitions
Deal Impact: $100K - $400K
Infrastructure that cannot scale with your growth plan may require $100K-$400K in upgrades to support a 2x revenue target.
Checklist Summary
38
Total Items
19
Critical Items
5
QoT Pillars
Priority Legend
Don't Close Blind on Technology
Let PDC's M&A advisory team conduct a professional QoT assessment. 37+ years of experience evaluating technology for North Carolina businesses.
Preferred Data Corporation - 1208 Eastchester Drive, Suite 131, High Point, NC 27265