I.T. Due Diligence Assessment

An I.T. Due Diligence Assessment (DDA) consists of Scope & Timelines, interviews, and data collection. Before this begins, we must ensure that everyone is aligned on outcomes so we establish participants, interview schedule, and how materials will be collected. 

A typical I.T. DDA outlines several workstreams that are "In Scope" and "Out of Scope" at the beginning of the DDA. Overall, we have multiple workstreams:

1. IT REVIEW
1. Business Applications
2. IT Organization / Governance
3. IT Infrastructure 
4. Proprietary Applications Review
5. High-Level Integration Analysis
6. High-Level Carveout / TSA Assessment
7. HIPAA Compliance
8. Contact Center Review
9. Deep Dive Code Review
10. Data & Analytics Review
11. Comparative Analysis
12. Contract Review (Optional)
2. CYBER
1. Cybersecurity Assessment (NIST)
2. Contract Review (Optional)

When conducting the different workstreams we are targeting several key objectives:

1. Understanding internal systems in place and how well they support the current business environment
2. Assess IT's environment to scale and support companies expected future growth trajectory
3. Gather functional gaps, and risks or concerns presented by the gaps
4. Assess proprietary software with an emphasis on methodology, infrastructure, technical roadmap to determine its reliability, scalability, and functionality
5. Capture recommendations for future investment (short- and long-term including priorities, costs and timelines)
6. Security assessment to understand current posture & gaps with a focus on addressing compliance and staying secure (from threats/vulnerability)

Each workstream varies in length, who is conducting the interview, and the participants.

An I.T. DDA is a thorough process that has an immediate ROI. Conducting and investing in an annual I.T. DDA helps shape an IT organizations technical roadmap and vision.