Tech Due Diligence at Vaultinum: how we do it

A comprehensive, company-driven self-audit

Our Tech Due Diligence process starts with an informed, company-driven self-audit via online questionnaires. These questionnaires, as well as the resulting report and recommendations, have been meticulously crafted by our team of experts in alignment with international standards and best practices. This approach enables us to deliver data-based scoring and relevant recommendations tailored to your unique situation. 

So how does it work? Organisations begin by creating an account on our platform. Once logged in, they can select from a range of questionnaires tailored to their specific needs, including Cyber Security, Software Development, Intellectual Property, Third-Party Software Distribution, Third-Party Software Used for Operations, GDPR, and ESG, among others. Once the questionnaires are complete, companies can instantly download the online survey results that includes risk categorization, recommendations, and estimated time for implementing fixes. This immediate access empowers companies to quickly understand their technology's strengths and weaknesses and take prompt action to address any identified issues. 

Tech Due Diligence with proprietary source code scanning for in-depth analysis

For next step of our Tech Due Diligence process, we utilize our proprietary source code scanning technology, which combines the power of 10 scanners to provide a thorough, line-by-line analysis of code quality and related threats. This in-depth scan covers key areas such as Intellectual Property, Open Source Software usage, Cyber security, Maintainability, Scalability, Human Capital, and Tooling Optimization for the R&D team. 

To begin the proprietary source code scanning process, simply access our online platform, where you can securely connect your GitHub account or manually upload your source code (up to 2 GB per upload). To upload manually, drag and drop a ZIP file containing your code directly into the designated area on the platform. Please ensure that the ZIP file does not contain another ZIP file within it and media files should be removed as they will not be scanned, plus it decreases the size of the file). There is no limit to the number of files you can upload, enabling a comprehensive and in-depth analysis of your entire codebase. Once your source code is uploaded, our proprietary scanning technology will perform an exhaustive examination, providing valuable insights into the quality and potential risks associated with your code, which is examined taking into consideration the completed questionnaires and then mitigated by our experts.

Tech Due Diligence expert interviews and information system audits

To ensure that the technology and tech team are aligned with your business strategy, our experts conduct interviews with your tech team and perform an Information System audit. This analysis covers the digital culture, operating model, methodology, maturity of the tech team, project roadmap, infrastructure, and end-user environment.

Comprehensive Tech Due Diligence report

Upon completing the self-assessment, code scan, and interviews, we compile our findings into a detailed Tech Due Diligence Report. This illustrated report not only includes a score compared to industry averages but also provides an Estimated Time of Effort to evaluate the cost of identified fixes. With this comprehensive report, investors gain a deep understanding of the strengths and weaknesses of the technology, technical debt, roadmap, and recommendations.

Debriefing for clarity and actionable recommendations

Finally, we conduct a debriefing session with the investor or assessed company to review the report and discuss our findings in detail. This feedback meeting allows investors and companies to gain critical insights, understand the potential technical debt (Opex and Capex), and receive guidance on how to bring added value to the digital asset, as well as mitigate risks and fix certain issues within a given timeframe.

Security is at the heart of our Tech Due Diligence

At Vaultinum, security is our top priority. With 40 years of experience in protecting source code, we are committed to maintaining the highest levels of security at all times. Our strict workflow ensures the utmost secrecy of your source code, and we utilize secure servers for uploading, eliminating the need for email or SFTP. Our platform supports direct uploads or connections via Git, and the code is only temporarily present on our servers, with immediate auto-deletion following the scan. No external parties or human resources can access your source code; only our proprietary scanner has the ability to read it. Additionally, we reinforce our commitment to security through non-disclosure agreements, letters of guarantee, and certificates of destruction, providing you with confidence in our secure, reliable tech due diligence process.

A 360-degree view of technology through automation and expertise

Vaultinum's Tech Due Diligence process, combining online assessments, code scans, and expert intervention, provides a comprehensive, 360-degree view of the technology under evaluation. By leveraging the power of automation and our proprietary tools, we can streamline the process, reducing the time it takes to complete a thorough due diligence assessment to under three weeks. In essence, we utilize cutting-edge technology to help you better understand and optimize your technology investments. This synergistic approach allows us to deliver accurate, actionable insights and recommendations while minimizing the time and resources required for the Tech Due Diligence process. In conclusion, Vaultinum's Tech Due Diligence solution is designed to provide investors and businesses with a comprehensive understanding of their digital assets' true value.

Disclaimer

The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.

The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.