Technology Due Diligence
One of the common mistakes when buying companies is to underestimate the tech debt a company may have, as it may take years to overcome it.
Using our experience over the years of Product management, Technology, Commercials and business processes, we have created a Tech Due Diligence framework.
Our approach goes right to the details (where the devil is!) and combine a ground up and top-down approach
TECH DD
Approach & Methodology
At Shiker, our methodology for Tech Due diligence is based on 5+1 pillars.
1. Product Portfolio & Roadmap
This pillar focuses on company’s product portfolio, including the product roadmap and development plans, to ensure alignment with company’s goals and market needs.
2. Technology Infrastructure & Architecture
This pillar focuses on company’s technical infrastructure and architecture and evaluates the scalability, reliability, and performance to ensure it can meet the needs of company’s business.
3. Development and Engineering Practices
This pillar focuses on development and engineering practices, including the product design, basic code review, dev languages, testing and quality control, to ensure they can effectively deliver high-quality products and services.
4. Organisation & People
This pillar focuses on organisation and people, including the structure, leadership, culture, and talent. It evaluates the experience of the team and the ability to attract and retain top talent, to ensure a stable support of other areas.
5. Security & Compliance
This pillar focuses on company’s security and compliance practices, including cybersecurity measures, data privacy policies, and regulatory compliance.
6. Customer Success Practices
While not strictly technical, this pillar has been added due to strong dependencies and its key importance to success of every technology company – particularly the company providing cloud services.
TECH DD
Case Study
This is an example of tech due diligence being done, which took about 8-10 working days, and about 4 weeks of elapsed time.
Strengths
Pillar 1
- The Target has good cloud product, has strong cloud service lifecycle management, planned as a landing zone for the future
- The Target has little competition
- Changes are regularly implemented in the products based on market and regulatory requirements
Pillar 2
- The Target platform use a set of popular technologies, tools and frameworks
- The UX for the Target appears state of the art and user friendly
- The Target’s Architecture is constructed using two virtualisation layers. This follows best practices of cloud architecture and is a good foundation for moving towards scalable cloud services
Pillar 3
- Modern development and testing tools are used but not to their full potential
- Waterfall development process follows standard approach and seems to work well
- For public sector customers, the requirements are signed off up-front and delivered as preferred by the customer
Pillar 4
- Good co-operation between business and IT, proper split of responsibilities between Product team and tech team
- No challenges were observed in ability to recruit and maintain skilled people. They take benefit of having many loyal employees in technology departments
Pillar 5
- Security policies are defined, security awareness in promoted through regular trainings, security incident response team is established
- Penetration tests and service interruption monitoring are provided by independent external companies
Pillar 6
- All customer calls are registered in support system
- Apart from customer support there is also customer care which is a good foundation to build customer success in the future
Opportunities
Pillar 1
- Lack of clear product strategy especially the direction towards cloud for the current on-prem products
- Complex product portfolio, rationalisation and adapting to changing market demands is key
- Poor roadmap building processes, this is not formalised though approach is sufficient for current needs
- No dedicated Product Management function, but the Digital Tech team is driving a standard approach in this area
Pillar 2
- Tech debt – the code needs re-writing using a new technology stack but there are no plans nor even directions how it should be done
- Using own server rooms for delivering SaaS services is not in line with market best practice
- The number of technologies used by the Target is relatively large, some rationalisation is advised
Pillar 3
- Rather low maturity in cloud development area – no development standards, none of popular Agile methodologies is followed
- Very traditional approach to testing – no test automation, they are just starting with unit tests
- Lack of systematic approach to code quality assurance; code reviews only in case of junior developers; no automated code analysis
Pillar 4
- It has become more difficult to find skilled development resources
- The Target does not have centralised training, development and mentoring programs
- Moving to cloud technologies, they would need newer skillsets over a period of time
Pillar 5
- Security monitoring and threat detection on cloud platform not implemented
- Missing ISO 27001 security certification
- Cloud services delivered from own infrastructure which does not follow disaster recovery best practices
Pillar 6
- Customer satisfaction information is not collected
- Product adoption is not monitored
- Customer retention assurance is only reactive now