How to prepare for an IT due diligence, step by step?
An IT due diligence assesses, as part of an acquisition, merger or investment, a company's technology strength: architecture, technical debt, DevOps practices, security, governance. Unlike a financial audit, it covers risks that are often less visible at first glance, but which directly weigh on valuation and on the guarantees negotiated in the deal.
The key steps of an IT due diligence
- Scope the assessment: which systems, teams and subsidiaries are covered.
- Gather existing technical documentation: architecture diagrams, vendor contracts, past security audit results.
- Conduct structured interviews with technical teams (CTO, infrastructure and security leads).
- Assess architecture and technical debt: critical dependencies, legacy code, structuring technology choices.
- Assess security and compliance: access management, known vulnerabilities, regulatory compliance (GDPR, NIS2 where relevant).
- Summarize findings into risks prioritized by impact and likelihood, with their potential effect on valuation or deal terms.
Documents to prepare, on the seller's side
- Up-to-date technical architecture diagrams
- Contracts and service level agreements (SLAs) with critical vendors
- Results of the latest security audits or tests
- Documentation on code intellectual property (including open source licenses)
- Technical org chart and level of dependency on key people
The domains typically assessed
| Domain | What is assessed |
|---|---|
| Architecture | Consistency, scalability, critical dependencies |
| Technical debt | Legacy code, lack of automated tests, documentation |
| DevOps | Deployment automation, release frequency |
| Security | Access management, vulnerabilities, past incidents |
| Governance | IT steering, decision-making, risk management |
| Applications and infrastructure | Robustness, obsolescence, operating costs |
An IT due diligence prepared in advance, with an assessment framework shared by both parties, turns an exercise often seen as a hurdle into a negotiation tool grounded in sourced facts rather than impressions. It cuts both ways, though: well documented gaps also give the buyer concrete grounds to renegotiate price or warranties, something the seller is better off anticipating than discovering mid negotiation.
Technology Due Diligence·See a diagnostic preview
Related diagnostic
Ready to assess your organization?
Try for free