resources

Download our white papers and guides to help you better understand intellectual property protection and software due diligence in the digital environment.

Download our white papers and reports to improve your knowledge of intellectual property protection and due diligence in the digital world.

Vaultinum - Resources

Regardless of the sector of activity, intellectual property (IP) more and more defines an organisation and determines its future. Successful organisations are those that not only understand the value of intellectual property, but also understand the extent of their intellectual property rights and which actions they need to take to protect them- all of which can be achieved through performing IP due diligence.

IP due diligence is often conducted via an IP audit that evaluates the quality of an organisation’s management of intellectual property (in terms of protection and promotion of IP rights) and assesses their ownership rights of anything they develop or acquire. Ideally, an IP audit should provide insight into an organisation’s strengths and ideally offer actionable recommendations for improvements.

Normally, IP due diligence is carried out by an investor in relation to the IP assets of a target company, however it can also be carried out by the company themselves, either as part of the preparation for a transaction or acquisition, or simply as a method of ensuring that an organisation’s intellectual property is managed in a manner that facilitates growth and meets compliance requirements.

Identify the value of your company with an IP audit

Today, intellectual property has taken on even greater importance with organisations amassing new technology in their quest to remain competitive in the digital economy. This is why it’s important to have an IP strategy which considers the rights granted to the different types of technology used within a business, as well as a solid understanding around the business’s ownership rights of the technology in question.  

Failure to adequately appreciate the full IP technology landscape comes at a great cost including potential legal costs (if the IP must be defended in court) and decreased value and revenue if the IP is found to be insufficient or invalid. 

All companies, regardless of sector or size, must be cautious around their technology IP management. Furthermore, when it comes to IP due diligence, they must ask themselves questions around ownership and protection, such as: 

Are IP transfer agreements in place with all consultants and employees that have worked or are working on developing the company’s software? 

Does the company’s technology integrate any open-source software?

Download Vaultinum’s IP Audit Checklist

Conducting IP due diligence with an IP audit doesn’t have to be an elaborate time-consuming task, but it does require expertise, experience, and insights that are best obtained from an independent expert.

This is exactly why Vaultinum developed its intellectual property audit.  

With 45 years of experience, Vaultinum has long been committed to helping businesses carry out IP due diligence in a way that ensures that: 

their intellectual property is managed in a manner that facilitates growth,

their IP rights are systematically protected and enforced, and

the IP ownership rights of the solutions they develop or acquire completely belong to them. 

An automated tool for IP lawyers:  Strengthen your offering with Vaultinum’s IP audits and provide clients with an online method of performing IP due diligence in a timely manner, while being able to analyse complex third-party licenses. 

Evaluation of IP for all organisations : Assess your internal IP management over time through conducting IP due diligence and ensure that your organisation’s intellectual property is managed in a manner that facilitates growth while reducing risks by uncovering potential IP liabilities linked to the use of open-source software.

Identify and mitigate your IP risks linked to software

Vaultinum’s IP audit centralises the IP due diligence process onto one easy-to-use online platform that offers clients the unique combination of an IP self-assessment questionnaire and an in-depth source code scan.

The base audit includes 3 self-assessments which help organisations highlight the effectiveness of the current management of their IP and analyses intellectual property management and ownership. Developed in alignment with international standards and best practices by a team of experts in IP risk management, the IP self-assessment delivers accurate scoring and relevant, up-to-date recommendations.

The IP self-assessment takes approximately 1 hour and 30 minutes to complete and in order to facilitate the process, we recommend having a resident subject matter expert perform the assessment to ensure the most accurate scoring and therefore recommendations. 

Clients can then choose to run a full IP audit by adding a full source code scan which analyses the components of the software source code to get further insights on overall code structure quality, open-source licence risks and more. Your uploaded source code is immediately encrypted using SHA256 encryption for maximum security. After the scan has finished, the source code is then erased from the system- giving you full peace of mind.

The results of both the self-assessment and source code scan are then reviewed by our IP audit experts, who identify areas of improvement and deliver a detailed action plan to remedy issues.

What you need to know about perfomring IP due diligence and how Vaultinum's IP audit can help.

With the growing dependency on software across nearly all sectors, software escrow agreements are increasingly becoming a service that businesses are asking for when it comes to choosing their software supplier. At Vaultinum, we see it every day- software suppliers coming to us to discuss their software escrow agreement options, due to a client insisiting that they would like one in place before continuing to work with them. 

After all, their valid concerns around the risks associated with commercial software applications, SaaS applications and software source codes are easily mitigated with the offering of a software escrow agreement from their supplier- so it's a simple solution.

Although the concept of software escrow agreements is widely recognised, often there can be confusion around the different types of software escrow agreements out there on the market, as a software escrow contract can take many forms, with each one depending on the needs of the parties.  At its most basic definition, a software escrow agreement is a contract between a software supplier and their client. It is made so that the client is guaranteed access to the software source code under some specific conditions, including bankruptcy or insolvency of the supplier and software maintenance issues.

Within a software escrow, the supplier is required to deposit their source code with a trusted third party software escrow provider. But with so many options out there, it can be hard to know which choice is the best for you and your client. 

Here at Vaultinum, we like to keep things simple. That’s why we’ve written a short overview on each of the different types of software escrow agreements that we offer, what level of control they give you and who exactly is included in the software escrow contract itself.

Make a software escrow agreement with Vaultinum

Type 1: Basic Software Escrow Agreement – Access Clause

Let’s start by looking at the most basic form of a software escrow agreement: the access clause. The access clause option is a clause which is integrated into an existing contract between the beneficiary and supplier such as an end-user licensing agreement, maintenance contract or a clause in the general conditions of use. It serves as a way to summarise the conditions in which the client can access the source code.

The chosen software escrow agreement provider is mentioned in the access clause as ‘the trusted entity’ with which a copy of the software source code will be placed for safe keeping. An access clause software escrow agreement can be used amongst multiple different clients as it is not specific to a particular client. 

The limitation to using an access clause as your software escrow agreement is that the software escrow supplier is not a party to the contract alongside the beneficiary. This can potentially create complications when the beneficiary wishes to access their source code, mainly because, from a legal standpoint, the software escrow supplier cannot be bound by said contract. It also means that the responsibility of managing the escrowed elements lies in the hands of the software supplier, with the client having no control over the software escrow management nor the updates of the escrowed source code.

I’m interested in an access clause with Vaultinum

Type 2: Bipartite Software Escrow Agreement

For clients who are looking for more control over the management of their software escrow agreement, we offer the option of a bipartite software escrow agreement.

Contrary to the access clause option, this is a two-party contact between the software supplier and the client and is independent from the commercial contract. In this type of software escrow agreement, both the software supplier and software beneficiary play a part in the management, which in effect enables the client to monitor the status of the deposit made by the software supplier and take action if the agreed terms are not respected.

The bipartite software escrow agreement does not include the software escrow agent as a party in the contract, as this is simply a relation between the supplier and the beneficiary. 

I’m interested in a bipartite software escrow agreement

Type 3: Tripartite Software Escrow Agreement

The tripartite software escrow agreement tends to be the most common type of software escrow agreement- often due to the extra level of security and peace of mind that it offers.

The tripartite source code escrow agreement takes all the principles of the bipartite software escrow agreement one step further by becoming a three-party agreement. This means that the software escrow contract involves the software supplier, software beneficiary and the software escrow agent. It is the software escrow agent who is in charge of the management of the contract and who ensures that the terms that have been outlined in the contract, are respected. If for whatever reason this is not the case, it is the job of the software escrow agent to hold the software supplier accountable- something that in our experience, software clients appreciate greatly. 

I want to make a tripartite software escrow agreement

Here at Vaultinum, we offer software escrow agreements that are best tailored to you and your needs, to meet all business requirements. Whether your software is hosted on-premise or on the cloud, our software escrow agreements ensure the highest level of security, simplicity and service throughout the entire software escrow processs. 

Learn more about Vaultinum's software escrow agreements

Learn more about the three main types of software escrow agreements that software suppliers can use.

What are the Different Types of Software Escrow Agreements?

White Paper

Learn why it is important to protect software source code, what is a software escrow agreement and how it works.

Click the button below to download your copy.

Escrow Agreement White Paper

Checklist

Key questions you don’t want to miss when performing tech due diligence.

a checklist to know what to look out for when investing in technology and software businesses

vaultinum tech due diligence checklist

Key questions you don’t want to miss when performing an IP audit.

A checklist to know what to look out for when running an IP audit

Vaultinum Intellectual Property Audit

Industry Reports

Download an example of our Know Your Software - Tech Due Diligence Report and learn how our technology due diligence solution works in practice.

Know Your Software Tech Due Diligence Report Sample

Download a real example of our full tech due diligence report

Know Your Software Full Audit Report Sample

Stay abreast of the latest trends in cyber risks and learn how to protect your digital creations. 

Full report on cyber security trends and threats and how to evaluate them

Cybertrends full report

Learn what timestamping is, why it is used and what are its use cases.

Learn what is timestamping, why it is used and what are its use cases.

Timestamping White Paper

It’s a cautionary tale for investors everywhere.  

The case of Theranos and its founder  Elizabeth Holmes— who at one point was named the world’s youngest billionaire- has been examined numerous times in books, podcasts and documentaries.

The Silicon Valley start-up raised $945 million during its lifespan from various investors, despite having a blood-testing technology that did not perform as promised. When Theranos eventually shut down in 2018, the investor money of course disappeared along with it.  

With the Biotech start-up now featuring as the subject of new Hulu series "The Dropout”, questions around the technological due diligence have started to circulate again. Did investors perform sufficient due diligence? Did they not know what to look for? Or was it normal for Theranos to keep their cards so close to their chest when it came to their technology and data? 

In recent years, the pace of technological innovation has unquestionably been transforming entire sectors of the economy at a rate never seen before. Indeed, in global M&A deals, technology continues to ‘eat the world’ as shown through a record breaking 133% increase in 2021. With the technology sector now making up 20% of M&A deals, with private equity backed M&A reaching $839.6 billion, 2021 was the biggest year for private equity since record keeping began. 

With deals getting bigger and heightened competition causing them to move faster, the time for thorough IT due diligence can often slip away from investors. In fact, it was during a boom time for VC back in 2014 that Theranos quickly raised $633 million from investors who were keen to get a piece of what US President Joe Biden claimed to be ‘the laboratory of the future’.  

Theranos was a consumer healthcare technology start-up that promised a revolution in blood testing by claiming that with one simple drop of blood, their technology could derive 100s of diagnostics and offer fast results at the fraction of regular lab costs. Naturally, this Silicon Valley “unicorn” started to get everyone talking and its founder Elizabeth Holmes was labelled as the next Steve Jobs and named by TIME magazine in 2015 as one of the “Most Influential People in the World”. 

During a time when technological innovation was beginning to unquestionably transform entire sectors of the economy at a rate never seen before, Theranos exemplified that dynamic. The company soon had investors falling at their feet and indeed raised $945 million from famous venture capitalists including Tim Draper, Donald Lucas and Dixon Doll as well as from powerful tech and media moguls such as Larry Ellison and Rupert Murdoch. 

Furthermore, US grocery store giants who had recently moved into prescription drugs and vaccine provisions saw Theranos’ offering as a golden ticket. What could be more convenient for their customers than to come into the store, do a finger-prick blood test, buy their groceries, and pick up their results on the way out? For Safeway and Walgreens, this was a sure-fire way to boost sales and profits. Safeway soon signed a contract with the blood-testing start-up and spent nearly $400 million on the deal. Around the same time, Walgreens also invested $140 million in Theranos, $100 million of which was an “innovation fee.” 

At the time, Walgreen’s chief financial officer Wade Miquelon spoke to the supermarket giant’s CEO about how he thought they “may have found the lead pony” among companies that offer diagnostic tests. However, both companies did little to vet the technology for reliability or accuracy and these kits, that promised to deliver results in 20 to 30 minutes, would in reality take three to five days. 

Despite the rush to get a piece of Theranos, it was revealed that many top venture capital firms actually turned down opportunities to invest because of the company’s insistence on secrecy. Claiming that it was due to intellectual property concerns, Theranos never shared proof with investors that its technology worked or indeed that the results that it produced were accurate.  

So here raises the question around investor due diligence: Could the investors have avoided disaster if they had simply done better due diligence into the technology being proposed by the blood-testing start-up?

Performing Effective Investor Due Diligence 

Actual falsehoods around the claims of a technology, like demonstrated in the case of Theranos, are rare. But underlying issues and weaknesses within the technology of a company are not. This is why behind every successful M&A tech deal, there needs to be in-depth evaluations of the technologies and frameworks in place.  

This kind of due diligence is imperative, because with the promise of innovative change, investors find themselves faced with new and emerging risks that come with the technology, such as software failure, software copyright infringement, data breaches, privacy disputes, widening regulation, open-source software Intellectual Property issues, cyber-threats, among a myriad others.  

Given many recent high-profile losses connected to seemingly careless start up investments, technology due diligence seems to be on everyone’s radar right now. However, it has been around for a while, just usually in the form of traditional audit firms sending in experts to interview IT departments to review the softwareThis may have been acceptable practice 10 years ago, but today, when one single smart car requires over 150 million lines of code compared to just 7 million lines for the 787 Dreamliner, it is simply impractical to review all the lines of code, time intensive and the risk of human error is too high. 

Performing Technology Due Diligence with Vaultinum 

As a trusted third party, specialised in the protection and audit of digital assets, Vaultinum’s tech audits have already saved investors time, money and potential reputational damages. In our experience, more often the issue is less about ‘technology that isn’t there’ but more about the quality of the technology itself. This is why we created the Know Your Software Tech Due Diligence solution. 

Vaultinum’s Know Your Software Tech Due Diligence is an online solution for software due diligence that helps businesses and tech investors mitigate risk, gain crucial knowledge of a firm’s technology and increase the value of the software asset.

More about Know Your Software Tech Due Diligence

Know Your Software Tech Due Diligence is a tool that reviews both the actual code and the internal operational and development processes to help investors reduce and avoid risks. This is done through the following combination: 

1. The Know Your Software Online Assessment 

An online self-audit which analyses Intellectual Property, Cyber Security and Resilience, Third-Party software management, Software development, Product operations & Environment.  

An in-depth software source code scan providing a thorough risk analysis of the software asset, which is then evaluated by our IT experts. 

With Vaultinum’s Tech Due Diligence solution, investors receive a report that includes actionable recommendations made by our IT and Legal experts, giving them the in-depth information needed to decide whether to invest, to walk away from an investment or to negotiate better terms. Furthermore, these recommendations for improvements can help increase the value of the software, thereby increasing the value of the newly acquired company in the long-term. 

What can we learn from the Theranos case? 

In conclusion, for companies seeking investments, it’s integral that they are open to validation in the form of a technology audit with a trusted third party, in order to provide data that proves that their technology has been checked and verified. 

But ultimately, technological due diligence remains the responsibility of investors, as without the correct approach, they’re relying solely on the credibility of the organisation and in turn, risk investing in products or technology that could ultimately be proven unsound. 

Speak to us today to find out how we can assist you in your technical due diligence. 

Theranos promised to revolutionise blood-testing with it's breakthrough technology and at one stage, the company was valued at $9 billion. However, this technology wasn't all it promised to be and investors collectively lost $700 million.  Could they have avoided these consequences if they had simply done better due diligence into the technology being proposed?

Discover the importance of an indepth technology due diligence as we delve into the case of Theranos.

Theranos: A Reminder of the Importance of Technical Due Diligence

Let’s start by considering the following scenario: you're a software company that's been in business for a while now. You've been working on a deal for quite some time and are about to close it. But suddenly, your prospective partner wants you to use a source code escrow service as a part of the deal. You don't want to lose out on closing the deal, so now you need to find a way to keep the contract while also protecting your valuable resources- but you’re not all that familiar with source code escrows.

For any business in the 21st century, understanding source code escrow services is essential. In fact, a recent study by Gartner claims that software spending is expected to grow by more than 11% to almost 755 billion in 2023, - this is from an estimated $675 billion in 2022. But as customer software spending increases, so does their need for reassurance and protection in case of software failure. That's exactly where a source code escrow (also called software escrow) comes in.

How does a source code escrow agreement work?

Every day, companies around the world license custom software applications that are critical to the operation of their business- the development of which can cost in the millions. Due to the critical nature of these applications, more and more companies are requiring software developers to store their software source code and documentation around its use, in a source code escrow.

The software source code has strategic value to a company and, like anything of value, it’s natural to want to protect it.  In this scenario, putting in place a source code escrow agreement is exactly the insurance that companies need. 

A source code escrow (or software escrow) works by the supplier (the software developer) depositing the source code (and documentation on how to use it) with a trusted third party (the source code escrow agent). This is then agreed to be released to the beneficiary (the client) upon the occurrence of a “release event” such as the software developer filing bankruptcy, closing up shop or failing certain obligations under the license. Following any of these release events, the insurance premise of a source code escrow is revealed.

In essence, the client can then obtain the software source code to continue to use it, and if agreed in the license, maintain the software without the supplier’s involvement. This enables the business to continue to operate without interruption or impact; whether this means being able to maintain the software by fixing bugs or ensuring compatibility with system upgrades or even just giving the client some breathing room until they can find a new supplier.

I'm interested in a source code agreement

Why should developers make a source code escrow?

While the most commonly talked-about benefits of a source code escrow (or software escrow) are those for the client, it also brings a multitude of advantages for the supplier (software developer, vendor or distributor).

It allows suppliers to stand out from the crowded field of competition and offer more value by:

Demonstrating that they’ve considered the deal from their client’s end and in effect, they are offering them a solution, or a Plan B, if Plan A fails

Responding to the specific needs of the client

It is also is a way to frame the access conditions for the source code:

Together with the client, the supplier decides under what conditions access will be granted 

By requiring the client to go through an independent third-party, they then secure a level of neutrality and objectivity if the conditions are met

 Another key benefit that developers should consider is that depositing your software source code is like taking out an extra security policy , as a backup is always in place. In parallel, they are also securing the copyright in their source code if ever an issue of authorship or unfair competition comes into play, as the deposit serves as legal proof in court that the source code was owned at a specific date and time. 

What type of source code escrow agreements are available?

There are three types of classic source code escrow contracts – An access clause, bipartite and tripartite.

The access clause option is a clause which is integrated into an existing contract between the beneficiary and supplier such as an end-user licensing agreement, maintenance contract or a clause in the general conditions of use.  This is frequently found in contracts that concern standard software that is not operation-critical and is often made available to multiple clients.  In other words, it is not specific to a particular client.  


The bipartite source code escrow agreement serves those who would like more control over the management of assets. This is a two party contact between the software supplier and the client and unlike the access clause, is independent from the commercial contract. In a bipartite source code escrow, both parties play a part in the management, allowing the client to monitor the status of the deposit made by the software supplier and take action if the agreed terms are not respected. It is uniquely a relation between the supplier and the beneficiary.  


The tripartite source code escrow agreement takes this one step further by becoming a three party agreement- meaning that a chosen source code escrow agent is signatory to the contract and plays the role of ensuring that the terms are met. It’s because of this that the tripartite agreement is considered as the most secure for the beneficiary, as the escrow agent has a more active role in monitoring the contract throughout its life and making sure that the parties honour the terms that they agreed to. 

Speak to the team about the best option for you

How can you check what has been placed in the source code escrow?

This is a valid point that many businesses want to know. How can they be sure that what is being escrowed is indeed what they will need to avoid an interruption to their business?  Due to this, it's recommended to check what has been place in the source code escrow by choosing a source code escrow agent that offers a verification check.

 At Vaultinum we offer three types of deposit verification levels with our source code escrow service. 

The first type of source code deposit  is the standard deposit.  This deposit does not undergo any verification procedure, meaning that as the source code escrow agent, Vaultinum does not verify that that the software source code being deposited is in fact the source code actually used by the user. In effect, with the standard deposit, the client cannot know for certain what is deposited.


The second form of source code deposit is the element-checked deposit.  This option provides more assurance to the beneficiary by the escrow agent certifying that the software source code provided in the deposit contains readable data, is presented in the form of a clear tree view and is exploitable by the beneficiary. With Vaultinum, this level of verification provides a Deposit Verification Report describing the elements deposited and attesting to their verification.


Lastly, we also provide the Content Checked Deposit which is the most in-depth software source code verification possible and depending on the level of assurance desired, from high to highest, is available at three different testing packages.

However, for each of the software source code options explained above , it involves a Vaultinum agent going on site to perform a functionality test to verify that the source code is operational and to guarantee that it corresponds to that used by the beneficiary.

I'm interested in software source code verification

When entering a source code escrow agreement with Vaultinum, you can be assured that you are doing so with a European trusted third party, with 45 years of experience in the protection of digital assets. Our source code escrow clients benefit from the highest level of security and protection, through our use of asymmetric encryption and ISO 27001 certification standards and implement strict access procedures in all of our escrow agreements.

What’s more, through our online dashboard, we make it easy for you to manage all of your source code escrow agreements in one place. If you’re a software developer looking to meet your client requests or increase your competitive edge, speak to us today to find out how Vaultinum can assist you with your source code escrow (or software escrow) needs. 

All you need to know on source code escrow ! Protect your intellectual property! Meet your client requests! Secure business deals! Increase competitive edge!

What Is a Source Code Escrow? All You Need to Know

If 2021 was a big year for European dealmaking, 2022 looks set to be even better. 

Currently the UK is western Europe’s M&A hotbed, accounting for more than 32% of deals in 2021 (1) and has seen a £1.1 billion increase in domestic M&As in quarter 1 alone, when compared with the same period in 2020 (2). This success looks set to continue well into 2022 with the Ansarada UK Dealmakers Survey showing that 90% of their respondents (senior executives from 50 UK-based firms across investment banking, private equity, and M&A) believe that the number of M&A deals in the UK will increase in the next 12 months, with 54% believing it will increase significantly. (3)

Taking this into consideration, M&As are clearly a focal point for accelerated organisational growth and development as we look to the year ahead. But how can investors take advantage of this promising landscape whilst ensuring that they don't fall victim to the ever-increasing threat to cyber security?

Traditionally, organisations and investors have conducted due diligence covering financial, legal, operations, and human resources. However, when it comes to conducting due diligence of software, this is not always met with the same systematic approach.  Often, this is due to the speed at which organisations are implementing new technology in their everyday operations and partly due to the rapid growth of tech-forward companies. With technology increasingly becoming a primary asset to businesses, new issues have arisen which are overlooked in traditional due diligence.

Recent statistics have highlighted that cyber-attacks are rising sharply in the UK. According to Sophos data, last year 51% of UK organisations were affected by ransomware attacks, with criminals successfully encrypting data in 73% of these attacks (4). Considering these figures, a comprehensive due diligence that assesses both software and source code during the pre-acquisition phase is integral to provide the acquirer with a full view of the potential data breach risks that could lead to serious financial and legal consequences. Furthermore, for those acquiring or merging with a pre-existing company, they run the risk of inheriting hidden data vulnerabilities which can significantly impact the primary company’s business operations, investor relations and reputation.

One of the most renowned cases of insufficient software due diligence resulting in catastrophic consequences is that of Marriott International after their merger with  Starwood Hotels & Resorts. Two years down the line, it was revealed that a huge data breach in Starwood’s reservation system had occurred pre-merger, in which 400 million guest records were exposed through a security flaw. This resulted in a $123 million GDPR fine by Britain’s Information Commissioner’s Office, as well as reputational damage for both Marriott and Starwood.

But if only the issues ended with hidden data vulnerabilities. For any M&A activity in which the target company’s software is a significant asset of the deal, investors must also consider the potential restrictions that open-source software (OSS) can bring. Today, software developers often rely on public code repositories available on websites like GitHub or Stack Exchange, as it appears to be free at the point of use. However, often these licences are offered subject to conditional restrictions. When using OSS to create derivative products or linking source code to OSS, the integrated product becomes subject to these conditional restrictions, which can include making all or part of the code public or paying a fee for its use. In other words, a company may not have full rights to their product or software.

If acquirers carry out a comprehensive due diligence during pre-acquistition, this can help to avoid liability for the target’s previous use of OSS, and any terms relating to its licencing. And bad news for the software supplier, if OSS is found embedded in their software, investors may walk away from the deal entirely, or at the very least adjust its value and/or terms.

But how to avoid these issues? The first step lies within ensuring that investors have carried out a comprehensive software due diligence during the pre-acquisition phase. Following the advances in AI technology, audits like these can be performed through automised tools which thoroughly analyse every line of code to identify any possible cyber vulnerabilities, intellectual property issues and maintainability risks. 

Vaultinum’s Know Your Software Tech Due Diligence

Vaultinum’s Know Your Software Tech Due Diligence offers an online solution for software due diligence that helps businesses and tech investors mitigate risk, gain crucial knowledge of a firm’s technology and increase the value of the software assets. 

Know Your Software Tech Due Diligence offers an online self-audit (Know Your Software Self-Assessment,) which analyses Intellectual Property, Cyber Security, Third-Party software management and Software development as well as an in-depth software source code scan (Know Your Software Code Audit) which provides a thorough risk analysis of the software asset, which is evaluated by IT experts. 

Automated tools such as the Know Your Software Code Audit enrich the traditional tech due diligence by making audits more objective and less susceptible to human error, ensuring that the acquirer’s reputation, business and liability remains protected and in the best possible position to make bold business decisions.

(2) www.ons.gov.uk/businessindustryandtrade

(3) www.ansarada.com/blog/UK-M-A-set-to-surge-in-2022

If 2021 was a big year for European dealmaking, 2022 looks set to be even better. Currently the UK is Europe’s M&A hotbed, accounting for more than 32% of deals in 2021 and seeing a £1.1 billion increase in domestic M&As in quarter 1 alone. Now as we look to the year ahead, M&As will clearly be a focal point for accelerated organisational growth and development making technology due diligence more important than ever.

Discover how investors can protect themselves by performing thorough technology due diligence

Vaultinum is proud to announce the arrival of our new managing director for Spain, Portugal and LATAM, Enrique O'Connor.

Enrique joins us with a strong background in sales and business development management, with specialisation in the software sector.

With previous roles including Head of Innovation and CEO, we’re confident that he’ll be a great addition to the Vaultinum team as we continue to expand into further markets. 

“It is a pleasure to be joining Vaultinum and to be able to further support and assist our clients from Spain, Portugal and LATAM”, said Enrique.

“I look forward to working in such an innovative, leading company in the protection of digital assets and showing law firms, investors, and software producers how Vaultinum can assist them in the protection of their innovations and investments.”

Vaultinum’s Tech Due Diligence Solutions

Read more about the latest addition to the Vaultinum team, Enrique O'Connor.

Vaultinum Announces New Managing Director for Spain, Portugal and LATAM 

Mergers and Acquisitions (M&A) have become regular parts of the modern business landscape. With major internet giants buying up unicorns and large conglomerates subsuming other companies to increase their market, M&A has become the watchword of the day.  Private equity, driven by the stock markets and high liquidity,  have also been active in adding companies to their portfolios.  

But just as you would always like to look before you leap, it’s essential that you perform the required due diligence before signing the dotted line for an M&A. In any M&A transaction, due diligence helps bring a sense of security to both the buyer and the seller.

Using the information gathered during the due diligence process, the buyer can get a better idea about the different facets of the business they are about to invest in. This allows them to go forward with the deal with greater confidence and certainty. 

Distilled down to the simplest terms, acquisition due diligence refers to an investigative audit of any business that another firm is thinking of taking over. It is done to confirm all facts and figures that may influence the buyer’s thought process while deciding whether to go forward with the deal.  Obviously, the principles laid down for acquisition due diligence are generally valid for investor due diligence, when an investor or venture capitalist wants to take a stake in a start-up or more mature company.  

During the course of due diligence, thorough research and investigations are carried out to reveal all the financial and legal aspects of the business being investigated. This is an essential step that must be carried out before entering into any M&A transaction with the other party.

In the case of an acquisition of a business, due diligence must fully assess the company’s assets and liabilities, legal and financial obligations, and market standing. In short, the entire process is aimed at determining the feasibility of an M&A deal before going through with it.

Why Is Acquisition Due Diligence Important?

It’s common knowledge that just like the humans running them, no two businesses are exactly the same, even if they have similar structures and follow the same business models. Every business has its own products and services, processes, risks, problems, obligations, and investment structure. So naturally, when buying a business, few assumptions should be made at the outset. 

Just think about it: when you’re buying that next car, house, computer or mobile phone, don’t you perform significant market and product research before settling on the right model? Everybody does this simply to ensure that their investment doesn’t go to waste.

Acquisition due diligence is simply a more complex version of this kind of research. It doesn’t really aim to evaluate the valuation of a company. Rather it’s intended to gain a clear understanding of whether the deal would be profitable for both parties concerned.

Here it is important to tackle one common misconception that exists regarding due diligence, and that’s the notion that it only helps the buyer. This is simply not true, as due diligence is equally important for both parties in an M&A transaction.  As much as a company’s balance sheet enables a company to have a snapshot of its financial situation, a full due diligence provides a picture of the whole workings of the company, highlighting strengths and weaknesses and allowing management to better plan for the future.

For the buyer, conducting proper due diligence gives them complete assurance that they are going forward with the correct deal. Also, it helps them obtain all the information required to learn more about the business’s customer-base, partnerships with existing associates, and to discover opportunities for greater synergies.

At the same time, due diligence also helps to confirm any assumptions that you may have made prior to moving forward with the deal. It can also reveal any financial or legal irregularities that may have an impact on the business in question further down the line.  With cybersecurity, money-laundering, data protection and environmental sustainability carrying important financial, legal and reputational risks, investing in, acquiring or merging with a company has direct implications for the investor/acquiror in terms of their own standing in the market.  No investor wants to be associated with a company that has or may be tainted with one of the above issues.

Due diligence has sufficient importance and benefits for the seller as well. It allows the business seller to glean interesting insights about how it operates. It is a little like undergoing a medical check-up.  It also prepares a business for seeking capital from investors or a potential acquiror. It helps the seller better understand the market value of the business and what would be a fair asking price to complete the deal.

The crux of the matter is that without proper due diligence, no business deal can hope to succeed. A merger or acquisition without due diligence is like handing your money over to a stranger you just met on the street. 

So, now we know what due diligence is and why it’s important for both buyers as well as sellers. However, it’s not as straightforward a process as one might be inclined to think at first glance. In fact, there are multiple perspectives from which acquisition due diligence can be carried out. Based on this, due diligence can be further subdivided into the following types.

This is the aspect of due diligence revolving around administrative aspects, such as occupancy rates, facilities management, and workstations required, to name a few. Here, the main purpose of carrying out the due diligence is to evaluate the facilities owned by the seller and also determining whether all aspects of the operational costs are reflected in the financial statements. It also provides a projection of the expected administrative cost the buyer must shoulder in case they decide to go forward with the merger.

This is perhaps the most important type of due diligence due to the fact that it helps decide whether the deal in question is going to be financially viable or not. It involves cross-checking whether financial details shared by the seller are accurate and above board.

Through financial due diligence, the buyer aims to understand all aspects of the seller’s business financials, such as audit statements, unaudited financial documents, projected growth trajectory, inventory and expenditure plans, and its list of assets and liabilities.

During the process of financial due diligence, the buyer may also choose to examine accounts of major customers. They should also undertake a detailed analysis of variable and fixed costs, profit margins, and internal control procedures. Another part of financial due diligence involves examining the seller’s order books along with the sales pipeline in order to create pinpointed projections.

Traditionally, this is a part of financial due diligence but can also be classified under as a separate category. Asset due diligence works to create a list of fixed or variable assets of the seller as well as their locations. This includes but is not limited to machinery lease agreements, sales and purchase schedules of capital equipment, and real estate documents.

For any business, the most important asset is the human resources associated with it. This is especially true of software and high tech companies.  This means that before the buyer can decide whether to actually buy the business, they need to take stock of the HR assets.

This includes analysis of employees and employment contracts, cost-to-company for salary and bonuses, and all HR policies such as sick leaves, annual leaves, and even dispute resolution in case of any arbitrary situation.

In light of today’s climate change scenario, environmental due diligence is an essential part of any M&A deal in the 21st century. This is because if the company that is being bought violated or violates any local or global environmental regulations, litigation risks are heightened. 

Traditionally, environmental due diligence included careful scrutiny of environmental licenses and permits. It should also check all notices and communiqués from the local authorities concerned with environmental regulation. 

Nowadays, environmental due diligence goes much further.  Indeed, with climate change, what is required of companies it to take positive steps to reduce their carbon footprint including requiring that their suppliers also adhere to sustainability goals.  Environmental due diligence is part of a broader set of goals around sustainability.  Companies must have policies and processes to ensure that their actions or omissions are sustainable by design.  Sustainability includes social and environmental impacts.

This one is rather self-explanatory and involves assessing all the IT assets of the seller’s business. This includes hardware as well as software systems, business-critical data, and the workforce interacting with it on a daily basis.

IT due diligence can also involve security risk assessments, vulnerability due diligence, and cybersecurity assessment. It helps create a software checklist that might come in handy in the future.

All businesses have intellectual properties that are vital to their operations and profitability. Most of the time, these assets are intangible in nature and include patents, software algorithms, and even brand names, trademarks, and copyrights; IP due diligence aims to take stock of these items. 

At the same time, this form of due diligence is also vital in determining whether the company is currently involved in any legal implications involving IP violations. So, this can also be thought of as a part of legal due diligence.

Nowadays many companies own technology and develop new products or services.  Software companies in particular have as their main asset, their software and their talented developers.  It is difficult to assess the value of a software program, especially with start-ups, because the source code for the program is kept secret to prevent others from copying it.  As a result, it is often impossible for investors to really assess the product that they are investing in from a technology perspective.  Vaultinum has developed a series of tools that enable a technology due diligence.  

The final type of acquisition due diligence that we’re going to take a look at involves the lifeline of any business: the customers. When you’re a buyer looking to take over a business, you invariably want to take a look at its existing and potential customer base. You’d also like to gain an understanding of the customer satisfaction levels of the business. This is exactly what customer due diligence can help achieve.

It must be mentioned here that the various types of due diligence discussed above aren’t the only ones available. Based on the business and how the buyer is looking at it, there can be many different types of acquisition due diligence. 

As any reader can understand from reading up until this point, acquisition due diligence is a complex and complicated process that involves multiple layers. As such, every M&A process has different requirements, and different steps and methods should be followed to conduct due diligence that fulfills the particular requirements of the deal.

Learn more about the importance of an investigative audit of a business before acquisition.

Vaultinum resources