What are IT due diligence?
In the business world of today, investors are increasingly demanding and vary. In every scope, from invest in a startup to acquire a company. Thus, they want to know exactly where they are issuing their money. How? Conducting a due diligence. This is basically an investigation that takes different forms and it focuses in different areas. One of them is about the Information Technology area. That is the IT due diligence. The main topics covered are:
- Human resources: It’s related with the IT staff. It comprises questions like number of employees (present and past), their education and their exposure to company’s IT intellectual property assets.
- Systems and applications: This is an especially relevant topic. Questions here are like what systems and applications are installed? Any of them are open source? Any outsourced service? All of them are up-to-date regarding patches and security fixes?
- Infrastructure: Another important topic. Several questions here are: What are all the hardware installed? How many of them is company, leased or employee owned? What is their configuration? Where is located?
- Policies and processes: Questions that could be made here are like: What are the IT policies and processes currently in place? What is their level of compliance? What is their level of enforcement? Specially important are security – both virtual and physical, disaster recovery / business continuity and cost management topics.