top of page

M&A: Due Diligence Services


Mergers and acquisitions typically involve a substantial amount of due diligence by the buyer.  Before committing to the transaction, the buyer will want to ensure that it knows what it is buying and what obligations it is assuming, the nature and extent of the target company’s contingent liabilities, problematic contracts, litigation risks and intellectual property issues, and much more. This is particularly true in private company acquisitions, where the target company has not been subject to the scrutiny of the public markets, and where the buyer has little (if any) ability to obtain the information it requires from public sources.


Our experts use an industry-certified due diligence methodology and templates, combined with our extensive expertise in IT and Data Management.  Pre and post-acquisition due diligence for Information Technology, Data Assets, Data Management Maturity, Analytics and Data Architecture of the acquired entity.  AlyData specializes in and has conducted several such due diligence projects for foreign firms acquired by U.S. firms and vice versa.  


Buyers are interested in the extent and quality of the target company’s technology assets and capabilities. The due diligence will often focus on the following areas of inquiry.


Technology/Intellectual Property. Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names, and images used in commerce.


Data Management. It is critically important to the success of a due diligence investigation that the target company establish, maintain, and update as appropriate a well-organized online data room to enable the buyer to conduct due diligence in an orderly fashion. The following are the common attributes and characteristics of an effective data room:


People Skills/Capabilities/Culture. The buyer must ensure that the acquired company has the necessary human resources with the necessary skills and capabilities and a culture that is compatible.  


Cyber Security.  Cyber Security is a critical component of any due diligence activity.  It is very important that the buyer has no risk exposure from cyber threats and has a robust infrastructure.

Intellectual Property

Intellectual Property

Data Management

Data Management



Cyber Security

Cyber Security

  • What domestic and foreign patents (and patents pending) does the company have?

  • Has the company taken appropriate steps to protect its intellectual property (including confidentiality and invention assignment agreements with current and former employees and consultants)? Are there any material exceptions from such assignments (rights preserved by employees and consultants)?

  • What registered and common law trademarks and service marks does the company have?

  • What copyrighted products and materials are used, controlled, or owned by the company?

  • Does the company’s business depend on the maintenance of any trade secrets, and if so what steps has the company taken to preserve their secrecy?

  • Is the company infringing on (or has the company infringed on) the intellectual property rights of any third party, and are any third parties infringing on (or have third parties infringed on) the company’s intellectual property rights?

  • Is the company involved in any intellectual property litigation or other disputes (patent litigation can be very expensive), or received any offers to license or demand letters from third parties?

  • What technology in-licenses does the company have and how critical are they to the company’s business?

  • Has the company granted any exclusive technology licenses to third parties?

  • Has the company historically incorporated open source software into its products, and if so does the company have any open source software issues?

  • What software is critical to the company’s operations, and does the company have appropriate licenses for that software (and does the company’s usage of that software comply with use limitations or other restrictions)?

  • Is the company a party to any source or object code escrow arrangements?

  • What indemnities has the company provided to (or obtained from) third parties with respect to possible intellectual property disputes or problems?

  • Are there any other liens or encumbrances on the company’s intellectual property?

  • The target company makes it available to the buyer as early in the process as possible, at the latest immediately following the parties finalizing the letter of intent or term sheet

  • The data room has a logical table of contents or directory and full text search capabilities (which requires scanning of all documents with optical character recognition software)

  • The data room permits bookmarking within the application

  • Subject to confidentiality concerns, the buyer is permitted to print documents for offline review

  • The data room is keyed to any due diligence checklist provided by the buyer to facilitate cross-referencing and review

  • Ideally, access to the data room is accompanied by delivery by the company to the buyer of a draft disclosure schedule and all materials referred to in the disclosure schedule are in the data room

  • Updates to the data room are clearly marked or trigger email notifications to the buyer’s counsel, to help ensure that nothing is missed as supplemental materials are added during the process

  • Interview key resources

  • Review HR policies and files related to IT, Data and Cyber Security resources

  • Review doucmentation and knowledge management capability

  • Were the staff adequately trained and taken care of?

  • Are there any issues related to people management?

  • Are there any pending investigations against any of the staff?

  • What are the core skills and capabilities in the staff?

  • What concerns does the staff share, regarding the current setup and environment?

  • What's the state of the morale of the staff? 

  • How robust are the Cyber Security capabilities?

  • What capabilities and tooling is in place?

  • Have there been any hacking attempts or has the system ever been compromised?

  • What are the compliance mandates and where are the supporting documentations?

  • Who is responsible for Cyber Security and how often does the staff get trained?

bottom of page