Tech Due Diligence questions
Technical due diligence process is used to capture a snapshot to develop a thorough understanding of the technological state of a business to be able to make accurate and effective valuations for fundraising and investment rounds handled by De Breed & Partners and Investormatch.
To get the most out of this document, put your best effort into answering as honestly and openly as possible* *all the questions that apply to your business. In any case, you will gain a different perspective over the current state of your business.
For a professional follow-up evaluation report on your answers or for further technical auditing services please contact me.
Business
Briefly introduce your company.
Briefly introduce yourself. What's your role in the company?
Which industry is your business in?
Which phase of funding are you in right now?
Who are your direct competitors with similar products?
Do you have domestic/foreign patents/utility models/licenses of the technology / IP you have created?
How compliant is your business with regional laws such as GDPR / KVKK technology wise?
Product / Service
Briefly describe the product. What does it do and what problems does it solve?
What is your target market?
How far ahead do you have your product roadmap written down?
How do you do the planning? What do you take into consideration? Who else contributes to the process?
Have you or someone from your team built a similar product in the past? What was it?
Do you or your team use your product regularly?
How do you collect user/ customer feedback about the product? How do you utilize all the feedback?
Are there any customized versions of your product deployed to some clients that are billed separately from the standard payment methods?
Team / Hiring / Human resources
How many people are there in your team? How many have shares in the company?
Briefly explain existing roles and their responsibilities in your team.
Who are the team key players? Briefly explain.
How many of them worked for / with you (elsewhere) in the past?
Is the person who wrote the initial version still one of the main developers?
How often do you do one-on-ones with your team?
How does the team communicate and make decisions?
How do you do the onboarding of new team members? How long does it take for a new member to get into actual coding?
How do you make sure that the whole team is on the same page?
What are the values of your engineering organization? Do all your team share those values?
Do you have a list of missing roles / talent in your organization?
How do you find and attract new talents?
How does your interview process work? Who else contribute to the process? Who decides on the hiring?
What is your career development plan for your team members?
Last year, how many people have left and how many have joined? What was the main reason for them to leave?
How do you keep the talent from leaving? How do you keep your team motivated?
Do you have a list of possible contractors / service providers / former team members at hand if immediate need rises?
How would you improve the development team?
How would you improve the hiring process?
Technology / Code
How do you keep yourself and your team up to date with the latest technologies?
What technologies (frameworks/languages) do you use for the product? How do you decide on them?
What are the new technology transformations you are planning?
Has all the software been coded in the house? How do you choose build vs buy?
How well is your code documented?
How well is your product documented?
How much are you aware of your code's dependencies? What happens if for some reason a dependency is not accessible anymore?
Do you have anything hardcoded in the code? How do you show certain features to a limited number of users?
What development methodology do you use? Briefly explain.
How do you keep a consistent coding style? Briefly explain.
How do you keep a consistent development / release environment across all involved systems, including developers’?
How do you evaluate your code's quality?
How much of your code is reusable?
How do you use bug / issue trackers?
How many open issues/defects are there? How old is the oldest? How many of them did you close last month?
How do you use source / version control?
How do you do code reviews?
How do you test your code? How much of your code is covered?
How do you test your product?
How much technical debt do you have? What is your pay back strategy?
What do you optimize for?
How often do you ship new releases of your product? What is your releasing strategy?
How do you deliver new releases? Briefly explain your integration and delivery process.
How accurate is your release timelines? Briefly explain the reasons.
How often do you find yourself shipping products with known bugs?
How do you deploy new releases? Briefly explain your deployment process.
How often do you find yourself carrying out manual tasks on servers? Briefly explain.
What happens when a deployment task fails?
Does the software automatically notify you of errors?
How do you measure the effects / outcomes of each new release?
How would you improve the development processes?
How would you improve the deployment processes?
Architecture and Infrastructure
How much of your architecture and infrastructure is documented?
How many vendors (AWS, Azure, etc) is your service/ product scattered across? Briefly explain.
Which 3rd party systems (payment, invoicing, others) do you use? Briefly explain.
How dependent are you to a specific vendor? What happens if they go down / halt operations?
What are the possible bottlenecks of your architecture? What keeps you awake at night?
How do you measure the current max capacity of the system?
Do you know how much it can support? How close are you to the limits right now?
Are you able to easily scale up / down your infrastructure on a few clicks?
What metrics do you use to determine if you are not scaled appropriately?
What aspects of the system do you think might not scale well?
Are you able to easily shift your services to other locations / providers? Briefly explain.
What isn't automated that should be?
Are there any single points of failure? Briefly explain.
What would you have to change to accommodate x10, x100, x1000 more users?
How would you improve maintainability?
Security, Continuity, Monitoring
What are you monitoring? Briefly explain.
Which monitoring tools are you using?
How do you measure usage/user statistics?
How do you measure the value of users?
Are there any parts in the system that are understood by only one person?
What requires admin privileges? Who has it?
What kind of security measures are taken against standard stuff like SQL injection, XSS, etc?
In the case of a security breach, how much data/business would be at risk?
Have you ever had a data breach? What do you think the reason was?
How do you test your product security wise?
How would you know if any kind of security breach happens?
How would you make the system more secure?
What's your backup strategy? Briefly explain.
Would a DDoS attack put you out of business? Briefly explain.
Do you have an IT Disaster Recovery Plan? Briefly explain
Do you have a Business Continuity Plan? Briefly explain
Budgeting
What is the technology team budget (ie. %x of total annual) and how is it allocated?
Are the allocations always used as planned? Briefly explain.