Peace of mind that your investment is sound, safe and secure!

The iDatasec technical due diligence service for venture capital and private equity has been developed and designed to assist the growing private equity and venture capital market in South Africa to gain comfort in the veracity of their investment portfolios.

Be Better Prepared for Investment Due Diligence

The venture capital (VC) industry uses due diligence to describe what an investor does to evaluate a potential investment opportunity. By definition, investing in early-stage companies is risky. The due diligence process should identify the key risks associated with the investment and develop a risk mitigation plan with company management as part of a potential investment.

Technical Due diligence is a rigorous process that determines whether or not a venture capital, private equity fund or other investor will invest in a company. The process involves asking and answering a series of questions to evaluate the business and technical aspects of the opportunity.

Once the technical due diligence process is complete, the investor will use the outcomes of the process to finalize the internal approval process and complete the investment. If the VC acts as a lead investor in a syndicate, then they may also share the outcome of their due diligence with other investors.

Once the opportunity is determined to “fit” the fund’s investment criteria, the deal is progressed to a point where resources from the investor organisations team will investigate further to determine the viability of the deal. Each firm may have a specific process, but it tends to involve reviewing the management team, market potential, the product or service viability (and the need it meets) and the business model, with the technical due diligence findings contributing to the overall process at each milestone.

Why would an Investor want a  comprehensive Technical Due Diligence?

With the growth of private equity and venture capital investment expected to be exponential over the next few years, most notably in the IT and Tech sectors, it is imperative that this industry has access to a reliable, repeatable and reputable technical due diligence capability.

Understanding the risks of investing in new industry and innovative companies does not lie solely in getting to the truth relating to the management, growth opportunity and relevant stability of the company, but also and some might argue more importantly achieving a detailed understanding of the risks that are inherent in the capability of the service, product or technology that is being offered by the targeted investee organisation.

iDatasec have extensive experience in assisting leading South African Venture Capitalist and Private Equity funds gain a greater understanding and achieving relative comfort with the risks associated to investing in the digital economy.

Enter iDatasec – Changing the Threat Landscape.

To make sense of all the issues that a potential investor may face with the investment in an early stage organisation, Venture Capitalists and Private Equity funds should ensure that they gain a detailed understanding of the inherent technical and organisational risks they may face when deciding to invest in a company.

Ensuring that a solid foundational information risk management program is in place is the first step in unifying the measurement metrics that define a sound investment strategy. Ensuring that the potential investee organisation proceeding with a clear plan, and implementing controls in a logical and efficient manner.

Be Better Prepared for Technical Due Diligence

 The primary purpose of the service is to evaluate four facets of a business from a technical standpoint:

  • Vitality
  • Scalability
  • Maintainability
  • Continuity

vitality [vahy-tal-i-tee]noun,plural-ties.

So what are we looking for when we assess the technical vitality of an organisation? First and foremost is if the technical lead or founder is still excited about the business. Do they have a real vision of where to take the product, system or service next, are they still passionate about the original concept.


This one is pretty obvious though any assessment of scalability extends beyond the system itself to include the technical organisation, and the answers to the sample questions below will indicate how the company thinks about scalability, not just from a technical perspective, but an organisational one too.

maintain [meyn-teyn] verb (used with object) maintainability, noun 

Maintainability is a favorite assessment topic of investors and buyers alike. They usually are either concerned that existing staff will head for the hills post acquisition, or incoming staff will discover a plate of spaghetti code, or they want to turn a non-profitable company into a profitable one by eliminating “engineering” or they worry that a potential future investor might discover a huge plate of spaghetti code during their due diligence and not buy.

continuity [kon-tn-oo-i-tee,-tn-yoo]noun, plural -ties. 

This is typically the area where often the greatest weaknesses appear in the assessment, particularly with younger companies. There is an assumption that the Data Centre will always be there, and that nothing can go wrong, that the world will always stay the same. Even everyday occurrences like localised flooding can cause serious disruption that should be planned for.

 Engagement Process

iDatasec will begin the process by initiating the engagement and getting a clear and unequivocal understanding of the goals and objectives of the client in relation the requirements for the due diligence and structure a detailed Statement of Work to articulate the deliverables.

Phase 1 – Initiate

iDatasec will, in consultation with the client help to define the assessed environment. This is done by performing a due diligence on the nominated assets and ensuring that all systems are defined. Once a clear and unequivocal understanding of the environment, products and operating environment are achieved iDatasec will kick off the engagement and ensure the assessments are scheduled at a mutually agreed and convenient time to the client.

Phase 2 – Deliver

iDatasec  will, while the assessments and interviews are on-going, manage the engagement to ensure any critical issues discovered in the process of due diligence be highlighted to the client as a matter of urgency.

Phase 3 – Report

iDatasec will ensure that any clear risks to the products or services under review are clearly articulated in a detailed and meticulous report, with remediation recommendations and post engagement consultation to allow for a controlled risk mitigation strategy.

iDatasec may perform a follow up once the reports have been signed off to consult with the client to ensure any proposed remediation have been achieved and will make ourselves available for an agreed period for consultation on the reports and findings