Technical Due Diligence: Meaning, Process and Checklist
When developing a product, it seems like you start moving mountains. You feel like growth hackers, confident of getting the necessary investments and hit the jackpot in the market. But to do this, you have to scramble.
Software development gets started, and you need to do tasks within the defined period of time with limited human resources. It means that developers often make decisions on what solutions need more attention, and what can be done less meticulously. Then, finally, the product comes to the MVP stage — the decisive moment when all hope is for the investment, and that’s when the investor may opt to perform technical due diligence. Meaning, it’s time to review and evaluate the decisions passed. But what else?
What is this procedure, and why is it carried out? Why do the investments depend on it? And most importantly — how not screw up and successfully go through the technical due diligence?
So let’s explore together its stages and critical elements, based on our experience of passing tech due diligence at Django Stars with our clients and conducting such technical checks for other companies.
Listen to “Technical Due Diligence Meaning, Process and Checklist Part 1” on Spreaker.
What Is Technical Due Diligence?
Transparency, risks, and prospects. Tech due diligence (or Tech DD) is a comprehensive and independent check of the technical condition of the product, code quality, the logic of the decision-making process, the assessment of all possible risks before obtaining the necessary investments.
The technical due diligence process provides the development team in-depth analysis of the strengths and weaknesses of the product, while investors are making sure that they make the right choice investing in your product.
When is tech due diligence needed?
Before M&A (merger and acquisition) or getting an investment. For instance, in its practice, Superangel venture fund conducts due diligence in early-stage startups before the pre-seed funding.
Why carry out technical due diligence?
Reasons for conducting tech due diligence may vary. Investors want to ensure that they invest in a reliable and safe product (e.g., investment platform). To do this, they need to:
- understand the competence of entrepreneurs
- assess all the kept risks
- deeply study the technical side of the product and its prospects (your hacks come up here, remember them?)
- test workload
- forecast its payback
This makes sense: when investors want to join a startup or a software product, they are especially interested in recognizing technology risks and costs to reduce them. In turn, startup owners analyze and improve the weaknesses of their products.
In other words, a well-performed tech due diligence is your pass card to investors.
Who conducts tech due diligence?
The initiator of tech due diligence is usually an investor. As a rule, an expert of the investment fund with a tech background or a third party agreed upon by the investor and startup.
The Importance Of Technical Due Diligence
You should assess the prospects of your startup continuously. However, in rapidly growing projects, changes are so unpredictable that the founders sometimes forget about the concept with which they have started. At the same time, tech due diligence allows verifying whether the existing product follows the initial idea.
Besides excluding the financial risks, tech due diligence is also necessary because the investor can explore your product from the inside and realize its uniqueness.
There are also benefits of software due diligence for startups. Due diligence helps you analyze all the ups and downs of your product, strengths, and weaknesses. Though, development team should make such assessment on regular basis, as it helps to develop more elegant solutions and form a plan for further actions in product development.
Technical Due Diligence Process
The phases of the technical due diligence process may vary depending on the stakeholders involved in it. For instance, in our experience, in some cases, we were engaged as CTO on the client-side (the company has a product, and we are its developers). In other cases, we participated as independent technical experts for code check (identifying strong and weak points of a product) before passing due diligence.
Regardless of the kind of the check, there are six main stages of tech due diligence:
#1. Preparing
This is the initial step, where you (if you are a developer of your product) or your vendor (if you use outsourcing services) conduct a code review.
Code review is a full code check for errors, inaccuracies, and general programming style. It’s different from the one that is performed when the pull requests are checked. This one is of a more general nature.
What does it include?
- Documentation review (examination of how fully it is described, its accuracy, and transparency)
- Code verification, integrations, components, solutions
- Identifying strengths (this is where the unique product solutions that you are proud of play well)
- Coverage of weaknesses. Usually, these are the points that belong to the category ‘to be done later’
- Discovering how to work with these shortcomings in the future
- Prioritization
Don’t try to fix all your bloopers on the eve of tech due diligence. That will never work, and besides, you will only be in a hurry and may make even more mistakes.
Identify your weaknesses, investigate them and prioritize — this is all about the three last points.
#2. Kick-off call
Here we are talking about the business side of the product and discussing further due diligence stages.
The product vision, concept, market niche, and value proposition for users and prospects should be delivered to potential investors as straightforward as possible. This task falls on the CEO’s shoulders.
It’s not necessary to build a complicated plan for the first call. Still, your interest in sales, and not just in the code, will resonate with investors, representatives of the Superangel venture fund believe.
What concerns investors more is the uniqueness of the technology and its perspective in the market, meaning they’ll appreciate your awareness about the product value for consumers and its payback.
In our experience with tech due diligence, there was the second call second with the product owner (the person on the client’s side who has the product requirements and delivers them to the developers).
#3. Documentation screening
Few people have a passion for documentation, but it can play a decisive role here.
When you have put everything in order and have already made the kick-off call with investors, the party responsible for conducting due diligence examines all the company’s existing documentation. This includes not only the overview of the architecture, integrations and tech solutions, backup and recovery, servers, but also the process frameworks for development.
The more documented product information you provide, the more complete due diligence analysts will perform.
#4. Scheduling and having the live meeting
So, we got to the internal processes of the startup. To review and explore them, a personal meeting with the developers is scheduled.
The team or the person conducting tech due diligence expects positive and productive communication with the project leader. Though, a couple of slides can be helpful when it comes to architecture and integration schemes. The main goal of the tech diligence meeting is to convey to the person who checks all the benefits and business value of the product, explain the logic and awareness behind the passed decisions.
#5. Follow up
It’s time to get some feedback. If the person conducting tech due diligence has accumulated questions for you and is ready to share the intermediate results of the assessment, follow-up can be carried out orally, as it has been in our practice.
#6. Report
The result of tech due diligence is a detailed report, as objective as possible, compiled by the reviewer based on document screening, meetings with founders, product owner, and tech leader.
What’s inside?
Here, all the risks, pros and cons, and prospects are brought together and evaluated. Finally, the due diligence report is sent to the investors and the startup team.
Key Elements of Technical Due Diligence
First, tech due diligence carried out at different investment stages of your startup will be different.
- At the Seed /A stage, you need to present and release your product so that technology due diligence will focus more on your startup’s prospects.
- Stages А / B / C consider the rapid development of the product, its business model, and profit-making. The investors will also focus on these points.
- At the final stages of C /D and beyond, the startup is eager to expand, achieve maturity and cooperate with like-minded startups, so tech due diligence will have these aspects concentrated.
Listen to “Technical Due Diligence Meaning, Process and Checklist Part 2” on Spreaker.
Important! Don't bother writing good code, documentation, and processes exclusively for due diligence or only when your startup needs money. The development team must understand this at the start — to write high-quality code and correctly calculate the forces required at each stage of the development.
During the technical due diligence process, the validity of decisions plays an important role. And the critical goal for founders is to show how deeply they know their product, how carefully they make certain decisions, and how they can defend them.
So, different investors carrying out tech due diligence inspect different sides of the product. For example, Superangel pays special attention to team, market, traction, and MVP (find out what is MVP, MMP, MLP and other). Below is a detailed tip and the key elements that a startup should work through, based on our experience of conducting tech due diligence at Django Stars.
#1. Architecture & Infrastructure
At this stage of IT due diligence, your task is to describe the technology as much in detail as possible and provide prepared documentation, whether Architectural descriptions, Product design documents, or APIs documents.
Moreover, you must research competitors’ technologies in the market to prove to investors that your product is unique.
Distribute the power of your team wisely.
If you are just at the start of development, meaning, you’re limited with time and money, there is no point in spending a year on architecture development. Instead, developing a quickly-made prototype to test the idea will be more efficient. Moreover, such decisions should not be a point of embarrassment. An experienced vendor understands this and can suggest the right solution.
Important! Despite the choice of architecture, during the technical due diligence process, you should be able to explain the reason for that, whether it is in line with the goals of the product and its future vision. The choice of architecture concept must be justified. Monolithic and microservice architectures are two very different approaches, and there is no right answer. Your choice depends on the project stage and its future goals. The tech due diligence checks it all together.
Microservice as a goal?
In our practice, a client who had opted for a monolithic architecture surprised the reviewer pleasantly. It appears that many startups choose a microservice structure because of its high popularity among majors. But it’s complex. It requires decent communication between the teams, it’s hard to test and monitor. And in the end, startups drown in it, as at the early stage, they’re limited in resources and have no time to stipulate the limits of microservices and properly integrate microservice architecture.
Instead, with a monolithic architecture, additional services can be implemented through integrations. There are pros and cons everywhere.
The high costs associated with immature infrastructure are not what the investors want. Therefore, when choosing an infrastructure, you must consider all operational costs, opportunities, and risks throughout the entire product lifecycle.
Examples of questions to prepare for:
- What’s the type of architecture – monolith, microservices, serverless?
- Apps — native or not?
- How is the infrastructure built? — Who is a cloud provider? E.g., AWS, Google Cloud
- What are the code infrastructure features? E.g., Terraform, Docker, Kubernetes
#2. Code/Data Quality
As we said, during tech due diligence check, investors pay particular attention to the code quality and the logic of the decisions made, to avoid additional and unforeseen development costs in case the code is poorly written.
Important! Writing high-quality code should be done by an experienced team. You need to worry about this in advance to avoid problems such as crutches, large technical debt, or unnecessary costs in the future. Don't forget about error reporting and complex unit testing — on the back-end, front-end, and data repository too.
Examples of questions to prepare for:
- Is the stack hirable? Is it a niche technology or plenty of talent? Onboarding speed?
- Clean code? SOLID principles?
- Using common patterns and known technologies?
- Modularization. Are abstractions in the right places, e.g. around external integrations?
- Are APIs well-structured, e.g. RESTful API?
#3. Scalability
All companies want to grow and expand, but not all of them really foresee this opportunity. Sooner or later, this need will arise, so you need to have both the tech solution and the capacity to expand the team.
This doesn’t mean that you should build a microservice architecture at the initial stage of the project, in order to expand the product capacity later. There is no single right decision.
You can build a monolithic one, but you have to have a technical solution in your pocket when you need to reshape it for new product needs. There is no guarantee that the product will actually grow.
Important! Create long-term ideas, not short-term solutions. Ideally, your product will reach maturity and scale.
Examples of questions to prepare for:
- Is your system ready for unexpected growth?
- Have all safety aspects been considered?
#4. People
Each person in the team is endowed with a specific role, and the success of your product depends on how well and effectively they perform it.
It’s also about team engagement.
Your task is to convey the goal of the product to the entire team as clear and fully as possible, so that all members understand the logic of decisions and their rationale.
Important! Always try to keep your organizational chart up to date. Keep a database with the resumes of all employees and contractors in an organized manner, as well as with their contracts and associated costs.
It’s necessary to have an organization chart that lets you know team roles and key players.
Examples of questions to prepare for:
- Do you take competent people to the team and rely on them?
- Do the team-members micromanage themselves? Seeking for feedback?
- Are cross-functional teams productive? Do they have all the competences to execute their plan, e.g. analytics, product owner, engineers, design?
- Way of thinking? Can a software engineer in the team take feedback from the end user, test and measure the result?
#5. Workflow
The expert conducting the due diligence will pay attention to how your operational processes are taking place, including iterations, quality assurance, security testing processes, deployment, codependencies, and other operations.
You should be ready to describe clear workflows with roles and responsibilities for each developer.
Important! Document. As much as possible, as often as possible.
Examples of questions to prepare for:
- Do you have a meeting schedule? E.g. daily, weekly, monthly, quarterly sessions or reports.
- Does the team work proactively or reactively?
#6. Security
Maximum security is a must-have for the product. This is how you express your care about the user and respect their needs. It’s also at the top of the due diligence checklist.
Important! Security check should be a mandatory part of the development process. You should take care of the security check well in advance of the tech due diligence.
To carry out security checks, you may hire a company to test the product — it will be exposed to hacks, malware attacks, fake accounts etc. This way, your product is checked against the official software quality standards.
The security check gives an understanding of the tech strengths and weaknesses in development.
Examples of questions to prepare for:
- What measures are taken in the security system?
- Do you perform user testing? How regularly? (e.g., you have 3-5 users coming in twice a week).
#7. Intellectual Property
Investors want a confirmation that your technology is unique. In addition to the attribution report, when passing the due diligence, you will be required to provide patents confirming and protecting your intellectual property, as well as, proof that you didn’t infringe the intellectual property rights of others.
Important! Keep your finger on the pulse. Check the documentation of the patents of your development. During due diligence, be prepared to show that it meets all the requirements. Track the open source components used by your team, including licenses, and source.
Examples of questions to prepare for:
- Do they update the company’s patents regularly? Do they track all open source components used by their team? Are 3d-party components also documented?
Technical Due Diligence Checklist
Consolidate the results. Based on our experience, as part of a comprehensive technical due diligence, it is necessary to study the following risk areas:
- Customer service model (including security)
- Technological stack
- Innovation roadmap and capabilities (competitiveness)
We have collected questions that may interest the due diligence officer in a checklist. Feel free to download it below.
Get our Technical Due Diligence Checklist that includes technical questions, questions about the code, and product and culture questions.
Still any doubts about the upcoming tech due diligence? Feel free to invite Django Stars as a third-party expert to verify the code before reviewing, identify strengths and weaknesses and analyze operational processes.
One More Thing
Don’t panic. At first, it seems the technical due diligence process may turn into a true detective for the company. But in fact, identifying the risks helps your business to work out the weaknesses and all parts of your tech landscape and further improve the development of your product.
- What are the benefits of tech due diligence?
The technical due diligence process provides the development team with an in-depth analysis of the strengths and weaknesses of the product while investors are making sure that they make the right choice investing in your product.
Tech due diligence is carried out with the following major objectives:
- to understand the competence of entrepreneurs
- to assess all the kept risks
- to deeply study the technical side of the product and its prospects (your hacks come up here, remember them?)
- to test workload (consumers will prefer a bug-free product)
- to forecast its payback
The result of tech due diligence is a detailed report where all the risks, pros and cons, and prospects are brought together and evaluated. It is sent to the investors and the startup team.
- How long does technical due diligence take?
- The duration of technical due diligence can vary depending on the complexity of the project or company being evaluated, as well as the specific objectives of the due diligence process and the aspects of the product that investors wish to inspect. Generally, it can take a few weeks to several months to complete a thorough technical due diligence review. Factors such as the availability of information or key personnel can also impact the time to complete the due diligence process.
- Which framework Django Stars is used for tech due diligence?
Regardless of the kind of check, there are six main stages of tech due diligence:
- Preparing (conducting a code review.)
- Kick-off call
- Documentation screening
- Scheduling and having the live meeting
- Follow up
- Report
- Does Django Stars work according to technical due diligence templates?
- The phases of the technical due diligence process may vary depending on the stakeholders involved in it. For instance, in our experience, in some cases, we were engaged as CTO on the client side (the company has a product, and we are its developers). In other cases, we participated as independent technical experts for code check (identifying strong and weak points of a product) before passing due diligence. The choice of templates also depends on the specific objectives of the due diligence process.
- Can you provide a technical due diligence checklist in PDF or Word format?
- Yes, on this page, you can freely download the Technical Due Diligence Checklist prepared by our specialists -- just fill out the appropriate form above. The checklist contains questions that may interest the due diligence officer, including technical questions, questions about the code, and product and culture questions.